The advent of quantum computing poses a significant challenge to traditional cryptographic protocols,particularly those used in SecureMultiparty Computation(MPC),a fundamental cryptographic primitive for privacypreser...The advent of quantum computing poses a significant challenge to traditional cryptographic protocols,particularly those used in SecureMultiparty Computation(MPC),a fundamental cryptographic primitive for privacypreserving computation.Classical MPC relies on cryptographic techniques such as homomorphic encryption,secret sharing,and oblivious transfer,which may become vulnerable in the post-quantum era due to the computational power of quantum adversaries.This study presents a review of 140 peer-reviewed articles published between 2000 and 2025 that used different databases like MDPI,IEEE Explore,Springer,and Elsevier,examining the applications,types,and security issues with the solution of Quantum computing in different fields.This review explores the impact of quantum computing on MPC security,assesses emerging quantum-resistant MPC protocols,and examines hybrid classicalquantum approaches aimed at mitigating quantum threats.We analyze the role of Quantum Key Distribution(QKD),post-quantum cryptography(PQC),and quantum homomorphic encryption in securing multiparty computations.Additionally,we discuss the challenges of scalability,computational efficiency,and practical deployment of quantumsecure MPC frameworks in real-world applications such as privacy-preserving AI,secure blockchain transactions,and confidential data analysis.This review provides insights into the future research directions and open challenges in ensuring secure,scalable,and quantum-resistant multiparty computation.展开更多
Given the grave local and international network security landscape,a national strategic level analysis indicates that the modernization and advancement within the Industry 4.0 era are closely correlated with overall c...Given the grave local and international network security landscape,a national strategic level analysis indicates that the modernization and advancement within the Industry 4.0 era are closely correlated with overall competitive strength.Consequently,China proposed a strategy for the integration of industrialization and informatization,optimizing and adjusting its industrial structure to swiftly achieve transformation and upgrading in the Industry 4.0 era,thereby enhancing the sophistication of intelligent industrial control systems.The distributed control system in a nuclear power plant functions as an industrial control system,overseeing the operational status of the physical process.Its ability to ensure safe and reliable operation is directly linked to nuclear safety and the cybersecurity of the facility.The management of network security in distributed control systems(DCS)is crucial for achieving this objective.Due to the varying network settings and parameters of the DCS implemented in each nuclear power plant,the network security status of the system sometimes diverges from expectations.During system operation,it will undoubtedly encounter network security issues.Consequently,nuclear power plants utilize the technical criteria outlined in GB/T 22239 to formulate a network security management program aimed at enhancing the operational security of DCS within these facilities.This study utilizes existing network security regulations and standards as a reference to analyze the network security control standards based on the nuclear power plant’s control system.It delineates the fundamental requirements for network security management,facilitating integration with the entire life cycle of the research,development,and application of the nuclear power plant’s distributed control system,thereby establishing a network security management methodology that satisfies the control requirements of the nuclear power plant.Initially,it presents DCS and network security management,outlines current domestic and international network security legislation and standards,and specifies the standards pertinent to the administration of DCS in nuclear power plants.Secondly,the design of network security management for DCS is executed in conjunction with the specific context of nuclear power plants.This encompasses the deployment of network security apparatus,validation of the network security management strategy,and optimization adjustments.Consequently,recommendations beneficial to the network security management of nuclear power plants are compiled,aimed at establishing a management system and incorporating the concept of full life cycle management,which is predicated on system requirements,system design,and both software and hardware considerations.Conversely,it presents the notion of comprehensive life cycle management and suggests network security management strategies encompassing system requirements,system architecture,detailed hardware and software design and implementation,procurement,internal system integration,system validation and acceptance testing,system installation,operational maintenance,system modifications,and decommissioning.We will consistently enhance the performance and functionality of DCS in nuclear power plants,establish a safe and secure operational environment,and thereby facilitate the implementation of DCS in nuclear facilities while ensuring robust network security in the future.展开更多
The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security....The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security.As a result,there is an urgent need to conduct research on 5G-R network security.To comprehensively enhance the end-to-end security protection of the 5G-R network,this study summarized the security requirements of the GSM-R network,analyzed the security risks and requirements faced by the 5G-R network,and proposed an overall 5G-R network security architecture.The security technical schemes were detailed from various aspects:5G-R infrastructure security,terminal access security,networking security,operation and maintenance security,data security,and network boundary security.Additionally,the study proposed leveraging the 5G-R security situation awareness system to achieve a comprehensive upgrade from basic security technologies to endogenous security capabilities within the 5G-R system.展开更多
This study introduces an innovative hybrid approach that integrates deep learning with blockchain technology to improve cybersecurity,focusing on network intrusion detection systems(NIDS).The main goal is to overcome ...This study introduces an innovative hybrid approach that integrates deep learning with blockchain technology to improve cybersecurity,focusing on network intrusion detection systems(NIDS).The main goal is to overcome the shortcomings of conventional intrusion detection techniques by developing amore flexible and robust security architecture.We use seven unique machine learning models to improve detection skills,emphasizing data quality,traceability,and transparency,facilitated by a blockchain layer that safeguards against datamodification and ensures auditability.Our technique employs the Synthetic Minority Oversampling Technique(SMOTE)to equilibrate the dataset,therefore mitigating prevalent class imbalance difficulties in intrusion detection.The model selection procedure determined that Random Forest was the most successful model,with a notable detection accuracy of 97%.This substantially surpasses conventional methods and enhances the system’s capacity to identify both established and novel threats with exceptional accuracy.To optimize feature selection and maximize performance,we use Extreme Gradient Boosting(XGBoost),which improves the significance of chosen features while reducing the danger of overfitting.Our study indicates that the integrated use of machine learning for pattern identification,multi-factor authentication(MFA)for access security,and blockchain for data validation constitutes a thorough and sustainable cybersecurity solution.This architecture not only increases security but also lowers the need for regular human monitoring,significantly cutting energy consumption connected with cybersecurity infrastructure.The research finds that this integrated strategy provides a realistic road for increasing network security,addressing real-world cyber threats,and promoting eco-friendly practices in IT security.展开更多
This study proposes a method for analyzing the security distance of an Active Distribution Network(ADN)by incorporating the demand response of an Energy Hub(EH).Taking into account the impact of stochastic wind-solar ...This study proposes a method for analyzing the security distance of an Active Distribution Network(ADN)by incorporating the demand response of an Energy Hub(EH).Taking into account the impact of stochastic wind-solar power and flexible loads on the EH,an interactive power model was developed to represent the EH’s operation under these influences.Additionally,an ADN security distance model,integrating an EH with flexible loads,was constructed to evaluate the effect of flexible load variations on the ADN’s security distance.By considering scenarios such as air conditioning(AC)load reduction and base station(BS)load transfer,the security distances of phases A,B,and C increased by 17.1%,17.2%,and 17.7%,respectively.Furthermore,a multi-objective optimal power flow model was formulated and solved using the Forward-Backward Power Flow Algorithm,the NSGA-II multi-objective optimization algo-rithm,and the maximum satisfaction method.The simulation results of the IEEE33 node system example demonstrate that after opti-mization,the total energy cost for one day is reduced by 0.026%,and the total security distance limit of the ADN’s three phases is improved by 0.1 MVA.This method effectively enhances the security distance,facilitates BS load transfer and AC load reduction,and contributes to the energy-saving,economical,and safe operation of the power system.展开更多
The Fifth Generation of Mobile Communications for Railways(5G-R)brings significant opportunities for the rail industry.However,alongside the potential and benefits of the railway 5G network are complex security challe...The Fifth Generation of Mobile Communications for Railways(5G-R)brings significant opportunities for the rail industry.However,alongside the potential and benefits of the railway 5G network are complex security challenges.Ensuring the security and reliability of railway 5G networks is therefore essential.This paper presents a detailed examination of security assessment techniques for railway 5G networks,focusing on addressing the unique security challenges in this field.In this paper,various security requirements in railway 5G networks are analyzed,and specific processes and methods for conducting comprehensive security risk assessments are presented.This study provides a framework for securing railway 5G network development and ensuring its long-term sustainability.展开更多
Quantum key distribution(QKD)optical networks can provide more secure communications.However,with the increase of the QKD path requests and key updates,network blocking problems will become severe.The blocking problem...Quantum key distribution(QKD)optical networks can provide more secure communications.However,with the increase of the QKD path requests and key updates,network blocking problems will become severe.The blocking problems in the network can become more severe because each fiber link has limited resources(such as wavelengths and time slots).In addition,QKD optical networks are also affected by external disturbances such as data interception and eavesdropping,resulting in inefficient network communication.In this paper,we exploit the idea of protection path to enhance the anti-interference ability of QKD optical network.By introducing the concept of security metric,we propose a routing wavelength and time slot allocation algorithm(RWTA)based on protection path,which can lessen the blocking problem of QKD optical network.According to simulation analysis,the security-metric-based RWTA algorithm(SM-RWTA)proposed in this paper can substantially improve the success rate of security key(SK)update and significantly reduce the blocking rate of the network.It can also improve the utilization rate of resources such as wavelengths and time slots.Compared with the non-security-metric-based RWTA algorithm(NSM-RWTA),our algorithm is robust and can enhance the anti-interference ability and security of QKD optical networks.展开更多
The rapid growth of Internet of things devices and the emergence of rapidly evolving network threats have made traditional security assessment methods inadequate.Federated learning offers a promising solution to exped...The rapid growth of Internet of things devices and the emergence of rapidly evolving network threats have made traditional security assessment methods inadequate.Federated learning offers a promising solution to expedite the training of security assessment models.However,ensuring the trustworthiness and robustness of federated learning under multi-party collaboration scenarios remains a challenge.To address these issues,this study proposes a shard aggregation network structure and a malicious node detection mechanism,along with improvements to the federated learning training process.First,we extract the data features of the participants by using spectral clustering methods combined with a Gaussian kernel function.Then,we introduce a multi-objective decision-making approach that combines data distribution consistency,consensus communication overhead,and consensus result reliability in order to determine the final network sharing scheme.Finally,by integrating the federated learning aggregation process with the malicious node detection mechanism,we improve the traditional decentralized learning process.Our proposed ShardFed algorithm outperforms conventional classification algorithms and state-of-the-art machine learning methods like FedProx and FedCurv in convergence speed,robustness against data interference,and adaptability across multiple scenarios.Experimental results demonstrate that the proposed approach improves model accuracy by up to 2.33%under non-independent and identically distributed data conditions,maintains higher performance with malicious nodes containing poisoned data ratios of 20%–50%,and significantly enhances model resistance to low-quality data.展开更多
Digital content such as games,extended reality(XR),and movies has been widely and easily distributed over wireless networks.As a result,unauthorized access,copyright infringement by third parties or eavesdroppers,and ...Digital content such as games,extended reality(XR),and movies has been widely and easily distributed over wireless networks.As a result,unauthorized access,copyright infringement by third parties or eavesdroppers,and cyberattacks over these networks have become pressing concerns.Therefore,protecting copyrighted content and preventing illegal distribution in wireless communications has garnered significant attention.The Intelligent Reflecting Surface(IRS)is regarded as a promising technology for future wireless and mobile networks due to its ability to reconfigure the radio propagation environment.This study investigates the security performance of an uplink Non-Orthogonal Multiple Access(NOMA)system integrated with an IRS and employing Fountain Codes(FCs).Specifically,two users send signals to the base station at separate distances.A relay receives the signal from the nearby user first and then relays it to the base station.The IRS receives the signal from the distant user and reflects it to the relay,which then sends the reflected signal to the base station.Furthermore,a malevolent eavesdropper intercepts both user and relay communications.We construct mathematical equations for Outage Probability(OP),throughput,diversity evaluation,and Interception Probability(IP),offering quantitative insights to assess system security and performance.Additionally,OP and IP are analyzed using a Deep Neural Network(DNN)model.A deeper comprehension of the security performance of the IRS-assisted NOMA systemin signal transmission is provided by Monte Carlo simulations,which are also carried out to confirm the theoretical conclusions.展开更多
A robust ecological security network(ESN)is essential for ensuring regional ecological security,improving fragile ecological conditions,and promoting sustainable development.Climate change and land use/cover change(LU...A robust ecological security network(ESN)is essential for ensuring regional ecological security,improving fragile ecological conditions,and promoting sustainable development.Climate change and land use/cover change(LUCC)influence the structure and connectivity of the ESN by impacting ecosystem services(ESs).Previous studies primarily focused on the overall effects of LUCC on ESN changes,but they largely overlooked the effects of detailed LUCC transitions.In this study,we evaluated changes in the structure and connectivity of the ESN in the Songnen Plain(SNP),Northeast China,over the past 30 yr(1990s-2020s)using circuit theory and graph theory.We further explored the effects of climate change,LUCC,and detailed LUCC transformations on ESN changes through factorial control experiments.Results revealed a 24.86%decrease in ecological sources and a 27.06%decrease in ecological corridors,accompanied by a decline in ESN connectivity from the 1990s to the 2010s.Conversely,from the 2010s to the 2020s,ecological sources increased by 14.71%and ecological corridors increased by 25.71%due to ecological projects such as returning farmland to wetlands,resulting in an overall increase in ESN connectivity.The changes in ESN structure were primarily attributed to LUCC effects,followed by climate change effects and their interactions.In contrast,the changes in connectivity were significantly affected by climate change,followed by interactive effects and LUCC.Through detailed examination of LUCC transformation effects,we further found that the changes in ESN structure were primarily attributed to wetland loss,followed by deforestation and urban expansion.Meanwhile,the changes in ESN connectivity were mainly due to the effects of wetland loss,urban expansion and deforestation.Notably,the adverse effects of wetland loss partly offset climate change benefits on ESN.Our study offers valuable insights for developing future land management policies and implementing ecological projects,aimed at maintaining a stable ESN and ensuring sustainable human development.展开更多
In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasib...In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasibility and key implementing technology of the model are expatiated. A prototype system is implemented to validate it.展开更多
Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmab...Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the “three-layer two-interface” architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.展开更多
This study proposes a tractable approach to analyze the physical-layer security in the downlink of a multi-tier heterogeneous cellular network. This method is based on stochastic geometry, has low computational comple...This study proposes a tractable approach to analyze the physical-layer security in the downlink of a multi-tier heterogeneous cellular network. This method is based on stochastic geometry, has low computational complexity, and uses the two-dimensional Poisson point process to model the locations of K-tier base stations and receivers, including those of legitimate users and eavesdroppers. Then, the achievable secrecy rates for an arbitrary user are determined and the upper and lower bounds of secrecy coverage probability derived on the condition that cross-tier interference is the main contributor to aggregate interference. Finally, our analysis results reveal the innate connections between information-theoretic security and the spatial densities of legitimate and malicious nodes.展开更多
Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHS...Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHSAS is developed for national backbone network,large network operators,large enterprises and other large-scale network.This paper describes its architecture and key technologies:Network Security Oriented Total Factor Information Collection and High-Dimensional Vector Space Analysis,Knowledge Representation and Management of Super Large-Scale Network Security,Multi-Level,Multi-Granularity and Multi-Dimensional Network Security Index Construction Method,Multi-Mode and Multi-Granularity Network Security Situation Prediction Technology,and so on.The performance tests show that YHSAS has high real-time performance and accuracy in security situation analysis and trend prediction.The system meets the demands of analysis and prediction for large-scale network security situation.展开更多
With the rapid development of global information and the increasing dependence on network for people, network security problems are becoming more and more serious. By analyzing the existing security assessment methods...With the rapid development of global information and the increasing dependence on network for people, network security problems are becoming more and more serious. By analyzing the existing security assessment methods, we propose a network security situation evaluation system based on modified D-S evidence theory is proposed. Firstly, we give a modified D-S evidence theory to improve the reliability and rationality of the fusion result and apply the theory to correlation analysis. Secondly, the attack successful support is accurately calculated by matching internal factors with external threats. Multi-module evaluation is established to comprehensively evaluate the situation of network security. Finally we use an example of actual network datasets to validate the network security situation evaluation system. The simulation result shows that the system can not only reduce the rate of false positives and false alarms, but also effectively help analysts comprehensively to understand the situation of network security.展开更多
To integrate the satellite communications with the LTE/5G services, the concept of Hybrid Satellite Terrestrial Relay Networks(HSTRNs) has been proposed. In this paper, we investigate the secure transmission in a HSTR...To integrate the satellite communications with the LTE/5G services, the concept of Hybrid Satellite Terrestrial Relay Networks(HSTRNs) has been proposed. In this paper, we investigate the secure transmission in a HSTRN where the eavesdropper can wiretap the transmitted messages from both the satellite and the intermediate relays. To effectively protect the message from wiretapping in these two phases, we consider cooperative jamming by the relays, where the jamming signals are optimized to maximize the secrecy rate under the total power constraint of relays. In the first phase, the Maximal Ratio Transmission(MRT) scheme is used to maximize the secrecy rate, while in the second phase, by interpolating between the sub-optimal MRT scheme and the null-space projection scheme, the optimal scheme can be obtained via an efficient one-dimensional searching method. Simulation results show that when the number of cooperative relays is small, the performance of the optimal scheme significantly outperforms that of MRT and null-space projection scheme. When the number of relays increases, the performance of the null-space projection approaches that of the optimal one.展开更多
Network security situation is a hot research topic in the field of network security. Whole situation awareness includes the current situation evaluation and the future situation prediction. However, the now-existing r...Network security situation is a hot research topic in the field of network security. Whole situation awareness includes the current situation evaluation and the future situation prediction. However, the now-existing research focuses on the current situation evaluation, and seldom discusses the future prediction. Based on the historical research, an improved grey Verhulst model is put forward to predict the future situation. Aiming at the shortages in the prediction based on traditional Verhulst model, the adaptive grey parameters and equal- dimensions grey filling methods are proposed to improve the precision. The simulation results prove that the scheme is efficient and applicable.展开更多
Impressive advances in space technology are enabling complex missions, with potentially significant and long term impacts on human life and activities. In the vision of future space exploration, communication links am...Impressive advances in space technology are enabling complex missions, with potentially significant and long term impacts on human life and activities. In the vision of future space exploration, communication links among planets, satel ites, spacecrafts and crewed vehicles wil be designed according to a new paradigm, known as the disruption tolerant networking. In this scenario, space channel peculiarities impose a massive reengineering of many of the protocols usually adopted in terrestrial networks; among them, security solutions are to be deeply reviewed, and tailored to the specific space requirements. Security is to be provided not only to the payload data exchanged on the network, but also to the telecommands sent to a spacecraft, along possibly differentiated paths. Starting from the secure space telecommand design developed by the Consultative Committee for Space Data Systems as a response to agency-based requirements, an adaptive link layer security architecture is proposed to address some of the chal enges for future space networks. Based on the analysis of the communication environment and the error diffusion properties of the authentication algorithms, a suitable mechanism is proposed to classify frame retransmission requests on the basis of the originating event (error or security attack) and reduce the impact of security operations. An adaptive algorithm to optimize the space control protocol, based on estimates of the time varying space channel, is also presented. The simulation results clearly demonstrate that the proposed architecture is feasible and efficient, especially when facing malicious attacks against frame transmission.展开更多
Real-time multimedia sharing in Consumer-centric Multimedia Network(CMN) requires usability anywhere, anytime and from any device. However, CMNs are usually located or implemented on application layer, which makes CMN...Real-time multimedia sharing in Consumer-centric Multimedia Network(CMN) requires usability anywhere, anytime and from any device. However, CMNs are usually located or implemented on application layer, which makes CMNs subjected to their fixed substrate security framework. A fundamental diversifying attribute for the customized security experiences of CMNs is pressing. This paper proposes a programmable network structure which is named Service Processing Chain(SPC) based on network function combination. The SPC is established by the ordinal combination of network functions in substrate switches dynamically, and therefore constructs a special channel for each CMN with required security. The construction and reconfiguration algorithms of SPC are also discussed in this paper. Evaluations and implementation show that above approaches are effective in providing multilevel security with flexibility and expansibility. It is believed that the SPC could provide customized security service and drive participative real-time multimedia sharing for CMNs.展开更多
As the number of Virtual Machines(VMs) consolidated on single physical server increases with the rapid advance of server hardware,virtual network turns complex and frangible.Modern Network Security Engines(NSE) are in...As the number of Virtual Machines(VMs) consolidated on single physical server increases with the rapid advance of server hardware,virtual network turns complex and frangible.Modern Network Security Engines(NSE) are introduced to eradicate the intrusions occurring in the virtual network.In this paper,we point out the inadequacy of the present live migration implementation,which hinders itself from providing transparent VM relocation between hypervisors equipped with Network Security Engines(NSE-H).This occurs because the current implementation ignores VM-related Security Context(SC) required by NSEs embedded in NSE-H.We present the CoM,a comprehensive live migration framework,for NSE-H-based virtualization computing environment.We built a prototype system on Xen hypervisors to evaluate our framework,and conduct experiments under various realistic application environments.The results demonstrate that our solution successfully fixes the inadequacy of the present live migration implementation,and the performance overhead is negligible.展开更多
文摘The advent of quantum computing poses a significant challenge to traditional cryptographic protocols,particularly those used in SecureMultiparty Computation(MPC),a fundamental cryptographic primitive for privacypreserving computation.Classical MPC relies on cryptographic techniques such as homomorphic encryption,secret sharing,and oblivious transfer,which may become vulnerable in the post-quantum era due to the computational power of quantum adversaries.This study presents a review of 140 peer-reviewed articles published between 2000 and 2025 that used different databases like MDPI,IEEE Explore,Springer,and Elsevier,examining the applications,types,and security issues with the solution of Quantum computing in different fields.This review explores the impact of quantum computing on MPC security,assesses emerging quantum-resistant MPC protocols,and examines hybrid classicalquantum approaches aimed at mitigating quantum threats.We analyze the role of Quantum Key Distribution(QKD),post-quantum cryptography(PQC),and quantum homomorphic encryption in securing multiparty computations.Additionally,we discuss the challenges of scalability,computational efficiency,and practical deployment of quantumsecure MPC frameworks in real-world applications such as privacy-preserving AI,secure blockchain transactions,and confidential data analysis.This review provides insights into the future research directions and open challenges in ensuring secure,scalable,and quantum-resistant multiparty computation.
文摘Given the grave local and international network security landscape,a national strategic level analysis indicates that the modernization and advancement within the Industry 4.0 era are closely correlated with overall competitive strength.Consequently,China proposed a strategy for the integration of industrialization and informatization,optimizing and adjusting its industrial structure to swiftly achieve transformation and upgrading in the Industry 4.0 era,thereby enhancing the sophistication of intelligent industrial control systems.The distributed control system in a nuclear power plant functions as an industrial control system,overseeing the operational status of the physical process.Its ability to ensure safe and reliable operation is directly linked to nuclear safety and the cybersecurity of the facility.The management of network security in distributed control systems(DCS)is crucial for achieving this objective.Due to the varying network settings and parameters of the DCS implemented in each nuclear power plant,the network security status of the system sometimes diverges from expectations.During system operation,it will undoubtedly encounter network security issues.Consequently,nuclear power plants utilize the technical criteria outlined in GB/T 22239 to formulate a network security management program aimed at enhancing the operational security of DCS within these facilities.This study utilizes existing network security regulations and standards as a reference to analyze the network security control standards based on the nuclear power plant’s control system.It delineates the fundamental requirements for network security management,facilitating integration with the entire life cycle of the research,development,and application of the nuclear power plant’s distributed control system,thereby establishing a network security management methodology that satisfies the control requirements of the nuclear power plant.Initially,it presents DCS and network security management,outlines current domestic and international network security legislation and standards,and specifies the standards pertinent to the administration of DCS in nuclear power plants.Secondly,the design of network security management for DCS is executed in conjunction with the specific context of nuclear power plants.This encompasses the deployment of network security apparatus,validation of the network security management strategy,and optimization adjustments.Consequently,recommendations beneficial to the network security management of nuclear power plants are compiled,aimed at establishing a management system and incorporating the concept of full life cycle management,which is predicated on system requirements,system design,and both software and hardware considerations.Conversely,it presents the notion of comprehensive life cycle management and suggests network security management strategies encompassing system requirements,system architecture,detailed hardware and software design and implementation,procurement,internal system integration,system validation and acceptance testing,system installation,operational maintenance,system modifications,and decommissioning.We will consistently enhance the performance and functionality of DCS in nuclear power plants,establish a safe and secure operational environment,and thereby facilitate the implementation of DCS in nuclear facilities while ensuring robust network security in the future.
文摘The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security.As a result,there is an urgent need to conduct research on 5G-R network security.To comprehensively enhance the end-to-end security protection of the 5G-R network,this study summarized the security requirements of the GSM-R network,analyzed the security risks and requirements faced by the 5G-R network,and proposed an overall 5G-R network security architecture.The security technical schemes were detailed from various aspects:5G-R infrastructure security,terminal access security,networking security,operation and maintenance security,data security,and network boundary security.Additionally,the study proposed leveraging the 5G-R security situation awareness system to achieve a comprehensive upgrade from basic security technologies to endogenous security capabilities within the 5G-R system.
文摘This study introduces an innovative hybrid approach that integrates deep learning with blockchain technology to improve cybersecurity,focusing on network intrusion detection systems(NIDS).The main goal is to overcome the shortcomings of conventional intrusion detection techniques by developing amore flexible and robust security architecture.We use seven unique machine learning models to improve detection skills,emphasizing data quality,traceability,and transparency,facilitated by a blockchain layer that safeguards against datamodification and ensures auditability.Our technique employs the Synthetic Minority Oversampling Technique(SMOTE)to equilibrate the dataset,therefore mitigating prevalent class imbalance difficulties in intrusion detection.The model selection procedure determined that Random Forest was the most successful model,with a notable detection accuracy of 97%.This substantially surpasses conventional methods and enhances the system’s capacity to identify both established and novel threats with exceptional accuracy.To optimize feature selection and maximize performance,we use Extreme Gradient Boosting(XGBoost),which improves the significance of chosen features while reducing the danger of overfitting.Our study indicates that the integrated use of machine learning for pattern identification,multi-factor authentication(MFA)for access security,and blockchain for data validation constitutes a thorough and sustainable cybersecurity solution.This architecture not only increases security but also lowers the need for regular human monitoring,significantly cutting energy consumption connected with cybersecurity infrastructure.The research finds that this integrated strategy provides a realistic road for increasing network security,addressing real-world cyber threats,and promoting eco-friendly practices in IT security.
基金supported in part by the National Nat-ural Science Foundation of China(No.51977012,No.52307080).
文摘This study proposes a method for analyzing the security distance of an Active Distribution Network(ADN)by incorporating the demand response of an Energy Hub(EH).Taking into account the impact of stochastic wind-solar power and flexible loads on the EH,an interactive power model was developed to represent the EH’s operation under these influences.Additionally,an ADN security distance model,integrating an EH with flexible loads,was constructed to evaluate the effect of flexible load variations on the ADN’s security distance.By considering scenarios such as air conditioning(AC)load reduction and base station(BS)load transfer,the security distances of phases A,B,and C increased by 17.1%,17.2%,and 17.7%,respectively.Furthermore,a multi-objective optimal power flow model was formulated and solved using the Forward-Backward Power Flow Algorithm,the NSGA-II multi-objective optimization algo-rithm,and the maximum satisfaction method.The simulation results of the IEEE33 node system example demonstrate that after opti-mization,the total energy cost for one day is reduced by 0.026%,and the total security distance limit of the ADN’s three phases is improved by 0.1 MVA.This method effectively enhances the security distance,facilitates BS load transfer and AC load reduction,and contributes to the energy-saving,economical,and safe operation of the power system.
基金supported in part by the Fundamental Research Funds for the Central Universities under Grant No.2025JBXT010in part by NSFC under Grant No.62171021,in part by the Project of China State Railway Group under Grant No.N2024B004in part by ZTE IndustryUniversityInstitute Cooperation Funds under Grant No.l23L00010.
文摘The Fifth Generation of Mobile Communications for Railways(5G-R)brings significant opportunities for the rail industry.However,alongside the potential and benefits of the railway 5G network are complex security challenges.Ensuring the security and reliability of railway 5G networks is therefore essential.This paper presents a detailed examination of security assessment techniques for railway 5G networks,focusing on addressing the unique security challenges in this field.In this paper,various security requirements in railway 5G networks are analyzed,and specific processes and methods for conducting comprehensive security risk assessments are presented.This study provides a framework for securing railway 5G network development and ensuring its long-term sustainability.
基金funded by Youth Program of Shaanxi Provincial Department of Science and Technology(Grant No.2024JC-YBQN-0630)。
文摘Quantum key distribution(QKD)optical networks can provide more secure communications.However,with the increase of the QKD path requests and key updates,network blocking problems will become severe.The blocking problems in the network can become more severe because each fiber link has limited resources(such as wavelengths and time slots).In addition,QKD optical networks are also affected by external disturbances such as data interception and eavesdropping,resulting in inefficient network communication.In this paper,we exploit the idea of protection path to enhance the anti-interference ability of QKD optical network.By introducing the concept of security metric,we propose a routing wavelength and time slot allocation algorithm(RWTA)based on protection path,which can lessen the blocking problem of QKD optical network.According to simulation analysis,the security-metric-based RWTA algorithm(SM-RWTA)proposed in this paper can substantially improve the success rate of security key(SK)update and significantly reduce the blocking rate of the network.It can also improve the utilization rate of resources such as wavelengths and time slots.Compared with the non-security-metric-based RWTA algorithm(NSM-RWTA),our algorithm is robust and can enhance the anti-interference ability and security of QKD optical networks.
基金supported by State Grid Hebei Electric Power Co.,Ltd.Science and Technology Project,Research on Security Protection of Power Services Carried by 4G/5G Networks(Grant No.KJ2024-127).
文摘The rapid growth of Internet of things devices and the emergence of rapidly evolving network threats have made traditional security assessment methods inadequate.Federated learning offers a promising solution to expedite the training of security assessment models.However,ensuring the trustworthiness and robustness of federated learning under multi-party collaboration scenarios remains a challenge.To address these issues,this study proposes a shard aggregation network structure and a malicious node detection mechanism,along with improvements to the federated learning training process.First,we extract the data features of the participants by using spectral clustering methods combined with a Gaussian kernel function.Then,we introduce a multi-objective decision-making approach that combines data distribution consistency,consensus communication overhead,and consensus result reliability in order to determine the final network sharing scheme.Finally,by integrating the federated learning aggregation process with the malicious node detection mechanism,we improve the traditional decentralized learning process.Our proposed ShardFed algorithm outperforms conventional classification algorithms and state-of-the-art machine learning methods like FedProx and FedCurv in convergence speed,robustness against data interference,and adaptability across multiple scenarios.Experimental results demonstrate that the proposed approach improves model accuracy by up to 2.33%under non-independent and identically distributed data conditions,maintains higher performance with malicious nodes containing poisoned data ratios of 20%–50%,and significantly enhances model resistance to low-quality data.
基金supported in part by Vietnam National Foundation for Science and Technology Development(NAFOSTED)under Grant 102.04-2021.57in part by Culture,Sports and Tourism R&D Program through the Korea Creative Content Agency grant funded by the Ministry of Culture,Sports and Tourism in 2024(Project Name:Global Talent Training Program for Copyright Management Technology in Game Contents,Project Number:RS-2024-00396709,Contribution Rate:100%).
文摘Digital content such as games,extended reality(XR),and movies has been widely and easily distributed over wireless networks.As a result,unauthorized access,copyright infringement by third parties or eavesdroppers,and cyberattacks over these networks have become pressing concerns.Therefore,protecting copyrighted content and preventing illegal distribution in wireless communications has garnered significant attention.The Intelligent Reflecting Surface(IRS)is regarded as a promising technology for future wireless and mobile networks due to its ability to reconfigure the radio propagation environment.This study investigates the security performance of an uplink Non-Orthogonal Multiple Access(NOMA)system integrated with an IRS and employing Fountain Codes(FCs).Specifically,two users send signals to the base station at separate distances.A relay receives the signal from the nearby user first and then relays it to the base station.The IRS receives the signal from the distant user and reflects it to the relay,which then sends the reflected signal to the base station.Furthermore,a malevolent eavesdropper intercepts both user and relay communications.We construct mathematical equations for Outage Probability(OP),throughput,diversity evaluation,and Interception Probability(IP),offering quantitative insights to assess system security and performance.Additionally,OP and IP are analyzed using a Deep Neural Network(DNN)model.A deeper comprehension of the security performance of the IRS-assisted NOMA systemin signal transmission is provided by Monte Carlo simulations,which are also carried out to confirm the theoretical conclusions.
基金Under the auspices of National Key Research and Development Program of China(No.2022YFF1300904)the National Natural Science Foundation of China(No.42271119,42371075,42471127)+1 种基金Youth Innovation Promotion Association,Chinese Academy of Sciences(No.2023238)Jilin Province Science and Technology Development Plan Project(No.20230203001SF)。
文摘A robust ecological security network(ESN)is essential for ensuring regional ecological security,improving fragile ecological conditions,and promoting sustainable development.Climate change and land use/cover change(LUCC)influence the structure and connectivity of the ESN by impacting ecosystem services(ESs).Previous studies primarily focused on the overall effects of LUCC on ESN changes,but they largely overlooked the effects of detailed LUCC transitions.In this study,we evaluated changes in the structure and connectivity of the ESN in the Songnen Plain(SNP),Northeast China,over the past 30 yr(1990s-2020s)using circuit theory and graph theory.We further explored the effects of climate change,LUCC,and detailed LUCC transformations on ESN changes through factorial control experiments.Results revealed a 24.86%decrease in ecological sources and a 27.06%decrease in ecological corridors,accompanied by a decline in ESN connectivity from the 1990s to the 2010s.Conversely,from the 2010s to the 2020s,ecological sources increased by 14.71%and ecological corridors increased by 25.71%due to ecological projects such as returning farmland to wetlands,resulting in an overall increase in ESN connectivity.The changes in ESN structure were primarily attributed to LUCC effects,followed by climate change effects and their interactions.In contrast,the changes in connectivity were significantly affected by climate change,followed by interactive effects and LUCC.Through detailed examination of LUCC transformation effects,we further found that the changes in ESN structure were primarily attributed to wetland loss,followed by deforestation and urban expansion.Meanwhile,the changes in ESN connectivity were mainly due to the effects of wetland loss,urban expansion and deforestation.Notably,the adverse effects of wetland loss partly offset climate change benefits on ESN.Our study offers valuable insights for developing future land management policies and implementing ecological projects,aimed at maintaining a stable ESN and ensuring sustainable human development.
文摘In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasibility and key implementing technology of the model are expatiated. A prototype system is implemented to validate it.
基金supported by the Wuhan Frontier Program of Application Foundation (No.2018010401011295)National High Technology Research and Development Program of China (“863” Program) (Grant No. 2015AA016002)
文摘Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the “three-layer two-interface” architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.
基金supported in part by National Natural Science Foundation of China under Grant No.61401510,61521003National High-tech R&D Program(863 Program)under Grant No.2015AA01A708
文摘This study proposes a tractable approach to analyze the physical-layer security in the downlink of a multi-tier heterogeneous cellular network. This method is based on stochastic geometry, has low computational complexity, and uses the two-dimensional Poisson point process to model the locations of K-tier base stations and receivers, including those of legitimate users and eavesdroppers. Then, the achievable secrecy rates for an arbitrary user are determined and the upper and lower bounds of secrecy coverage probability derived on the condition that cross-tier interference is the main contributor to aggregate interference. Finally, our analysis results reveal the innate connections between information-theoretic security and the spatial densities of legitimate and malicious nodes.
基金This work is funded by the National Natural Science Foundation of China under Grant U1636215the National key research and development plan under Grant Nos.2018YFB0803504,2016YFB0800303.
文摘Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHSAS is developed for national backbone network,large network operators,large enterprises and other large-scale network.This paper describes its architecture and key technologies:Network Security Oriented Total Factor Information Collection and High-Dimensional Vector Space Analysis,Knowledge Representation and Management of Super Large-Scale Network Security,Multi-Level,Multi-Granularity and Multi-Dimensional Network Security Index Construction Method,Multi-Mode and Multi-Granularity Network Security Situation Prediction Technology,and so on.The performance tests show that YHSAS has high real-time performance and accuracy in security situation analysis and trend prediction.The system meets the demands of analysis and prediction for large-scale network security situation.
基金Supported by the Foundation of Tianjin for Science and Technology Innovation(10FDZDGX00400,11ZCKFGX00900)Key Project of Educational Reform Foundation of Tianjin Municipal Education Commission(C03-0809)
文摘With the rapid development of global information and the increasing dependence on network for people, network security problems are becoming more and more serious. By analyzing the existing security assessment methods, we propose a network security situation evaluation system based on modified D-S evidence theory is proposed. Firstly, we give a modified D-S evidence theory to improve the reliability and rationality of the fusion result and apply the theory to correlation analysis. Secondly, the attack successful support is accurately calculated by matching internal factors with external threats. Multi-module evaluation is established to comprehensively evaluate the situation of network security. Finally we use an example of actual network datasets to validate the network security situation evaluation system. The simulation result shows that the system can not only reduce the rate of false positives and false alarms, but also effectively help analysts comprehensively to understand the situation of network security.
基金supported in part by the National Natural Science Foundation of China under Grant No.61871032in part by Chinese Ministry of Education-China Mobile Communication Corporation Research Fund under Grant MCM20170101in part by the Open Research Fund of Key Laboratory of Cognitive Radio and Information Processing,Ministry of Education (Guilin University of Electronic Technology) under Grant CRKL190204
文摘To integrate the satellite communications with the LTE/5G services, the concept of Hybrid Satellite Terrestrial Relay Networks(HSTRNs) has been proposed. In this paper, we investigate the secure transmission in a HSTRN where the eavesdropper can wiretap the transmitted messages from both the satellite and the intermediate relays. To effectively protect the message from wiretapping in these two phases, we consider cooperative jamming by the relays, where the jamming signals are optimized to maximize the secrecy rate under the total power constraint of relays. In the first phase, the Maximal Ratio Transmission(MRT) scheme is used to maximize the secrecy rate, while in the second phase, by interpolating between the sub-optimal MRT scheme and the null-space projection scheme, the optimal scheme can be obtained via an efficient one-dimensional searching method. Simulation results show that when the number of cooperative relays is small, the performance of the optimal scheme significantly outperforms that of MRT and null-space projection scheme. When the number of relays increases, the performance of the null-space projection approaches that of the optimal one.
基金the National Natural Science Foundation of China(No.60605019)
文摘Network security situation is a hot research topic in the field of network security. Whole situation awareness includes the current situation evaluation and the future situation prediction. However, the now-existing research focuses on the current situation evaluation, and seldom discusses the future prediction. Based on the historical research, an improved grey Verhulst model is put forward to predict the future situation. Aiming at the shortages in the prediction based on traditional Verhulst model, the adaptive grey parameters and equal- dimensions grey filling methods are proposed to improve the precision. The simulation results prove that the scheme is efficient and applicable.
基金supported by the National Natural Science Fundation of China(61101073)
文摘Impressive advances in space technology are enabling complex missions, with potentially significant and long term impacts on human life and activities. In the vision of future space exploration, communication links among planets, satel ites, spacecrafts and crewed vehicles wil be designed according to a new paradigm, known as the disruption tolerant networking. In this scenario, space channel peculiarities impose a massive reengineering of many of the protocols usually adopted in terrestrial networks; among them, security solutions are to be deeply reviewed, and tailored to the specific space requirements. Security is to be provided not only to the payload data exchanged on the network, but also to the telecommands sent to a spacecraft, along possibly differentiated paths. Starting from the secure space telecommand design developed by the Consultative Committee for Space Data Systems as a response to agency-based requirements, an adaptive link layer security architecture is proposed to address some of the chal enges for future space networks. Based on the analysis of the communication environment and the error diffusion properties of the authentication algorithms, a suitable mechanism is proposed to classify frame retransmission requests on the basis of the originating event (error or security attack) and reduce the impact of security operations. An adaptive algorithm to optimize the space control protocol, based on estimates of the time varying space channel, is also presented. The simulation results clearly demonstrate that the proposed architecture is feasible and efficient, especially when facing malicious attacks against frame transmission.
基金supported by The National Basic Research Program of China (973) (Grant No. 2012CB315901, 2013CB329104)The National Natural Science Foundation of China (Grant No. 61521003, 61372121, 61309019, 61572519, 61502530)The National High Technology Research and Development Program of China (863) (Grant No. 2015AA016102)
文摘Real-time multimedia sharing in Consumer-centric Multimedia Network(CMN) requires usability anywhere, anytime and from any device. However, CMNs are usually located or implemented on application layer, which makes CMNs subjected to their fixed substrate security framework. A fundamental diversifying attribute for the customized security experiences of CMNs is pressing. This paper proposes a programmable network structure which is named Service Processing Chain(SPC) based on network function combination. The SPC is established by the ordinal combination of network functions in substrate switches dynamically, and therefore constructs a special channel for each CMN with required security. The construction and reconfiguration algorithms of SPC are also discussed in this paper. Evaluations and implementation show that above approaches are effective in providing multilevel security with flexibility and expansibility. It is believed that the SPC could provide customized security service and drive participative real-time multimedia sharing for CMNs.
基金supported by State Key Laboratory of Software Development Environment under Grant No. SKLSDE-2009ZX-02China Aviation Science Fund under Grant No.20081951National High Technical Research and Development Program of China (863 Program) under Grant No.2007AA01Z183
文摘As the number of Virtual Machines(VMs) consolidated on single physical server increases with the rapid advance of server hardware,virtual network turns complex and frangible.Modern Network Security Engines(NSE) are introduced to eradicate the intrusions occurring in the virtual network.In this paper,we point out the inadequacy of the present live migration implementation,which hinders itself from providing transparent VM relocation between hypervisors equipped with Network Security Engines(NSE-H).This occurs because the current implementation ignores VM-related Security Context(SC) required by NSEs embedded in NSE-H.We present the CoM,a comprehensive live migration framework,for NSE-H-based virtualization computing environment.We built a prototype system on Xen hypervisors to evaluate our framework,and conduct experiments under various realistic application environments.The results demonstrate that our solution successfully fixes the inadequacy of the present live migration implementation,and the performance overhead is negligible.
