The methods of network attacks have become increasingly sophisticated,rendering traditional cybersecurity defense mechanisms insufficient to address novel and complex threats effectively.In recent years,artificial int...The methods of network attacks have become increasingly sophisticated,rendering traditional cybersecurity defense mechanisms insufficient to address novel and complex threats effectively.In recent years,artificial intelligence has achieved significant progress in the field of network security.However,many challenges and issues remain,particularly regarding the interpretability of deep learning and ensemble learning algorithms.To address the challenge of enhancing the interpretability of network attack prediction models,this paper proposes a method that combines Light Gradient Boosting Machine(LGBM)and SHapley Additive exPlanations(SHAP).LGBM is employed to model anomalous fluctuations in various network indicators,enabling the rapid and accurate identification and prediction of potential network attack types,thereby facilitating the implementation of timely defense measures,the model achieved an accuracy of 0.977,precision of 0.985,recall of 0.975,and an F1 score of 0.979,demonstrating better performance compared to other models in the domain of network attack prediction.SHAP is utilized to analyze the black-box decision-making process of the model,providing interpretability by quantifying the contribution of each feature to the prediction results and elucidating the relationships between features.The experimental results demonstrate that the network attack predictionmodel based on LGBM exhibits superior accuracy and outstanding predictive capabilities.Moreover,the SHAP-based interpretability analysis significantly improves the model’s transparency and interpretability.展开更多
Recently,machine learning algorithms have been used in the detection and classification of network attacks.The performance of the algorithms has been evaluated by using benchmark network intrusion datasets such as DAR...Recently,machine learning algorithms have been used in the detection and classification of network attacks.The performance of the algorithms has been evaluated by using benchmark network intrusion datasets such as DARPA98,KDD’99,NSL-KDD,UNSW-NB15,and Caida DDoS.However,these datasets have two major challenges:imbalanced data and highdimensional data.Obtaining high accuracy for all attack types in the dataset allows for high accuracy in imbalanced datasets.On the other hand,having a large number of features increases the runtime load on the algorithms.A novel model is proposed in this paper to overcome these two concerns.The number of features in the model,which has been tested at CICIDS2017,is initially optimized by using genetic algorithms.This optimum feature set has been used to classify network attacks with six well-known classifiers according to high f1-score and g-mean value in minimumtime.Afterwards,amulti-layer perceptron based ensemble learning approach has been applied to improve the models’overall performance.The experimental results showthat the suggested model is acceptable for feature selection as well as classifying network attacks in an imbalanced dataset,with a high f1-score(0.91)and g-mean(0.99)value.Furthermore,it has outperformed base classifier models and voting procedures.展开更多
Despite the large size of most communication and transportation systems, there are short paths between nodes in these networks which guarantee the efficient information, data and passenger delivery; furthermore these ...Despite the large size of most communication and transportation systems, there are short paths between nodes in these networks which guarantee the efficient information, data and passenger delivery; furthermore these networks have a surprising tolerance under random errors thanks to their inherent scale-free topology. However, their scale-free topology also makes them fragile under intentional attacks, leaving us a challenge on how to improve the network robustness against intentional attacks without losing their strong tolerance under random errors and high message and passenger delivering capacity. Here We propose two methods (SL method and SH method) to enhance scale-free network's tolerance under attack in different conditions.展开更多
Studies show that Graph Neural Networks(GNNs)are susceptible to minor perturbations.Therefore,analyzing adversarial attacks on GNNs is crucial in current research.Previous studies used Generative Adversarial Networks ...Studies show that Graph Neural Networks(GNNs)are susceptible to minor perturbations.Therefore,analyzing adversarial attacks on GNNs is crucial in current research.Previous studies used Generative Adversarial Networks to generate a set of fake nodes,injecting them into a clean GNNs to poison the graph structure and evaluate the robustness of GNNs.In the attack process,the computation of new node connections and the attack loss are independent,which affects the attack on the GNN.To improve this,a Fake Node Camouflage Attack based on Mutual Information(FNCAMI)algorithm is proposed.By incorporating Mutual Information(MI)loss,the distribution of nodes injected into the GNNs become more similar to the original nodes,achieving better attack results.Since the loss ratios of GNNs and MI affect performance,we also design an adaptive weighting method.By adjusting the loss weights in real-time through rate changes,larger loss values are obtained,eliminating local optima.The feasibility,effectiveness,and stealthiness of this algorithm are validated on four real datasets.Additionally,we use both global and targeted attacks to test the algorithm’s performance.Comparisons with baseline attack algorithms and ablation experiments demonstrate the efficiency of the FNCAMI algorithm.展开更多
Purpose:With the rapid development of Internet technology,cybersecurity threats such as security loopholes,data leaks,network fraud,and ransomware have become increasingly prominent,and organized and purposeful cybera...Purpose:With the rapid development of Internet technology,cybersecurity threats such as security loopholes,data leaks,network fraud,and ransomware have become increasingly prominent,and organized and purposeful cyberattacks have increased,posing more challenges to cybersecurity protection.Therefore,reliable network risk assessment methods and effective network security protection schemes are urgently needed.Design/methodology/approach:Based on the dynamic behavior patterns of attackers and defenders,a Bayesian network attack graph is constructed,and a multitarget risk dynamic assessment model is proposed based on network availability,network utilization impact and vulnerability attack possibility.Then,the selforganizing multiobjective evolutionary algorithm based on grey wolf optimization is proposed.And the authors use this algorithm to solve the multiobjective risk assessment model,and a variety of different attack strategies are obtained.Findings:The experimental results demonstrate that the method yields 29 distinct attack strategies,and then attacker’s preferences can be obtained according to these attack strategies.Furthermore,the method efficiently addresses the security assessment problem involving multiple decision variables,thereby providing constructive guidance for the construction of security network,security reinforcement and active defense.Originality/value:A method for network risk assessment methods is given.And this study proposed a multiobjective risk dynamic assessment model based on network availability,network utilization impact and the possibility of vulnerability attacks.The example demonstrates the effectiveness of the method in addressing network security risks.展开更多
Attacks such as APT usually hide communication data in massive legitimate network traffic, and mining structurally complex and latent relationships among flow-based network traffic to detect attacks has become the foc...Attacks such as APT usually hide communication data in massive legitimate network traffic, and mining structurally complex and latent relationships among flow-based network traffic to detect attacks has become the focus of many initiatives. Effectively analyzing massive network security data with high dimensions for suspicious flow diagnosis is a huge challenge. In addition, the uneven distribution of network traffic does not fully reflect the differences of class sample features, resulting in the low accuracy of attack detection. To solve these problems, a novel approach called the fuzzy entropy weighted natural nearest neighbor(FEW-NNN) method is proposed to enhance the accuracy and efficiency of flowbased network traffic attack detection. First, the FEW-NNN method uses the Fisher score and deep graph feature learning algorithm to remove unimportant features and reduce the data dimension. Then, according to the proposed natural nearest neighbor searching algorithm(NNN_Searching), the density of data points, each class center and the smallest enclosing sphere radius are determined correspondingly. Finally, a fuzzy entropy weighted KNN classification method based on affinity is proposed, which mainly includes the following three steps: 1、 the feature weights of samples are calculated based on fuzzy entropy values, 2、 the fuzzy memberships of samples are determined based on affinity among samples, and 3、 K-neighbors are selected according to the class-conditional weighted Euclidean distance, the fuzzy membership value of the testing sample is calculated based on the membership of k-neighbors, and then all testing samples are classified according to the fuzzy membership value of the samples belonging to each class;that is, the attack type is determined. The method has been applied to the problem of attack detection and validated based on the famous KDD99 and CICIDS-2017 datasets. From the experimental results shown in this paper, it is observed that the FEW-NNN method improves the accuracy and efficiency of flow-based network traffic attack detection.展开更多
The network attack profit graph(NAPG)model and the attack profit path predication algorithm are presented herein to cover the shortage of considerations in attacker’s subjective factors based on existing network atta...The network attack profit graph(NAPG)model and the attack profit path predication algorithm are presented herein to cover the shortage of considerations in attacker’s subjective factors based on existing network attack path prediction methods.Firstly,the attack profit is introduced,with the attack profit matrix designed and the attack profit matrix generation algorithm given accordingly.Secondly,a path profit feasibility analysis algorithm is proposed to analyze the network feasibility of realizing profit of attack path.Finally,an opportunity profit path and an optimal profit path are introduced with the selection algorithm and the prediction algorithm designed for accurate prediction of the path.According to the experimental test,the network attack profit path predication algorithm is applicable for accurate prediction of the opportunity profit path and the optimal profit path.展开更多
SDN (Software Defined Network) has many security problems, and DDoS attack is undoubtedly the most serious harm to SDN architecture network. How to accurately and effectively detect DDoS attacks has always been a diff...SDN (Software Defined Network) has many security problems, and DDoS attack is undoubtedly the most serious harm to SDN architecture network. How to accurately and effectively detect DDoS attacks has always been a difficult point and focus of SDN security research. Based on the characteristics of SDN, a DDoS attack detection method combining generalized entropy and PSOBP neural network is proposed. The traffic is pre-detected by the generalized entropy method deployed on the switch, and the detection result is divided into normal and abnormal. Locate the switch that issued the abnormal alarm. The controller uses the PSO-BP neural network to detect whether a DDoS attack occurs by further extracting the flow features of the abnormal switch. Experiments show that compared with other methods, the detection accurate rate is guaranteed while the CPU load of the controller is reduced, and the detection capability is better.展开更多
By allowing routers to combine the received packets before forwarding them,network coding-based applications are susceptible to possible malicious pollution attacks.Existing solutions for counteracting this issue eith...By allowing routers to combine the received packets before forwarding them,network coding-based applications are susceptible to possible malicious pollution attacks.Existing solutions for counteracting this issue either incur inter-generation pollution attacks(among multiple generations)or suffer high computation/bandwidth overhead.Using a dynamic public key technique,we propose a novel homomorphic signature scheme for network coding for each generation authentication without updating the initial secret key used.As per this idea,the secret key is scrambled for each generation by using the generation identifier,and each packet can be fast signed using the scrambled secret key for the generation to which the packet belongs.The scheme not only can resist intra-generation pollution attacks effectively but also can efficiently prevent inter-generation pollution attacks.Further,the communication overhead of the scheme is small and independent of the size of the transmitting files.展开更多
Network attack graphs are originally used to evaluate what the worst security state is when a concerned net-work is under attack. Combined with intrusion evidence such like IDS alerts, attack graphs can be further use...Network attack graphs are originally used to evaluate what the worst security state is when a concerned net-work is under attack. Combined with intrusion evidence such like IDS alerts, attack graphs can be further used to perform security state posterior inference (i.e. inference based on observation experience). In this area, Bayesian network is an ideal mathematic tool, however it can not be directly applied for the following three reasons: 1) in a network attack graph, there may exist directed cycles which are never permitted in a Bayesian network, 2) there may exist temporal partial ordering relations among intrusion evidence that can-not be easily modeled in a Bayesian network, and 3) just one Bayesian network cannot be used to infer both the current and the future security state of a network. In this work, we improve an approximate Bayesian posterior inference algorithm–the likelihood-weighting algorithm to resolve the above obstacles. We give out all the pseudocodes of the algorithm and use several examples to demonstrate its benefit. Based on this, we further propose a network security assessment and enhancement method along with a small network scenario to exemplify its usage.展开更多
Localization is the basic requirement for network management in Wireless Sensor Networks as it helps nodes find their absolute position coordinates and in gathering information relevant to their locations. A localizat...Localization is the basic requirement for network management in Wireless Sensor Networks as it helps nodes find their absolute position coordinates and in gathering information relevant to their locations. A localization algorithm has to be dynamic, scalable and should not impose high computation or communication overhead. The localization systems are also prone to attacks. We target a localization scheme for mobile sensor networks called Monte-Carlo Localization, which study its behavior under the most dangerous attack on localization called Wormhole Attack, also known as Collusion Attack and propose a modified algorithm that can help the localization system retain its accuracy level even in the presence of attacks. Our algorithm has communication cost almost equal to that of original localization algorithm (in this case MCL) in the absence of attacks.展开更多
Network coding can improve network throughput in large, but it is vulnerable to the data pollution attacks. In this paper, we propose an efficient homomorphic message authentication code (MAC) scheme with discrete l...Network coding can improve network throughput in large, but it is vulnerable to the data pollution attacks. In this paper, we propose an efficient homomorphic message authentication code (MAC) scheme with discrete logarithm to detect and locate the malicious nodes. We also prove the security property of the scheme theoretically. Its effectiveness is demonstrated, and overhead is analyzed through extensive experiments.展开更多
Due to their characteristics of dynamic topology, wireless channels and limited resources, mobile ad hoc networks are particularly vulnerable to a denial of service (DoS) attacks launched by intruders. The effects o...Due to their characteristics of dynamic topology, wireless channels and limited resources, mobile ad hoc networks are particularly vulnerable to a denial of service (DoS) attacks launched by intruders. The effects of flooding attacks in network simulation 2 (NS2) and measured performance parameters are investigated, including packet loss ratio, average delay, throughput and average number of hops under different numbers of attack nodes, flooding frequency, network bandwidth and network size. Simulation results show that with the increase of the flooding frequency and the number of attack nodes, network performance sharply drops. But when the frequency of flooding attacks or the number of attack nodes is greater than a certain value, performance degradation tends to a stable value.展开更多
The approach of traffic abnormality detection of network resource allocation attack did not have reliable signatures to depict abnormality and identify them. However, it is crucial for us to detect attacks accurately....The approach of traffic abnormality detection of network resource allocation attack did not have reliable signatures to depict abnormality and identify them. However, it is crucial for us to detect attacks accurately. The technique that we adopted is inspired by long range dependence ideas. We use the number of packet arrivals of a flow in fixed-length time intervals as the signal and attempt to extend traffic invariant “self-similarity”. We validate the effectiveness of the approach with simulation and trace analysis.展开更多
With the increasing deployment of wireless sensordevices and networks,security becomes a criticalchallenge for sensor networks.In this paper,a schemeusing data mining is proposed for routing anomalydetection in wirele...With the increasing deployment of wireless sensordevices and networks,security becomes a criticalchallenge for sensor networks.In this paper,a schemeusing data mining is proposed for routing anomalydetection in wireless sensor networks.The schemeuses the Apriori algorithm to extract traffic patternsfrom both routing table and network traffic packetsand subsequently the K-means cluster algorithmadaptively generates a detection model.Through thecombination of these two algorithms,routing attackscan be detected effectively and automatically.Themain advantage of the proposed approach is that it isable to detect new attacks that have not previouslybeen seen.Moreover,the proposed detection schemeis based on no priori knowledge and then can beapplied to a wide range of different sensor networksfor a variety of routing attacks.展开更多
While all-optical networks become more and more popular as the basis of the next generation Internet(NGI)infrastructure,such networks raise many critical security issues.High power inter-channel crosstalk attack is on...While all-optical networks become more and more popular as the basis of the next generation Internet(NGI)infrastructure,such networks raise many critical security issues.High power inter-channel crosstalk attack is one of the security issues which have negative effect on information security in optical networks.Optical fiber in optical networks has some nonlinear characteristics,such as self phase modulation(SPM),cross phase modulation(XPM),four-wave mixing(FWM)and stimulated Raman scattering(SRS).They can be used to implement high power inter-channel crosstalk attack by malicious attackers.The mechanism of high power inter-channel crosstalk attack is analyzed.When an attack occurs,attack signal power and fiber nonlinear refractive index are the main factors which affect quality of legitimate signals.The effect of high power inter-channel crosstalk attack on quality of legitimate signals is investigated by building simulation system in VPI software.The results show that interchannel crosstalk caused by high power attack signal leads to quality deterioration of legitimate signals propagated in the same fiber.The higher the power of attack signal is,the greater the fiber nonlinear refractive index is.The closer the channel spacing away from the attack signal is,the more seriously the legitimate signals are affected by attack.We also find that when attack position and power of attack signal are constant,attack signal cannot infinitely spread,while its attack ability shows a fading trend with the extension of propagation distance.展开更多
With the increasing prevalence of social networks, more and more social network data are published for many applications, such as social network analysis and data mining. However, this brings privacy problems. For exa...With the increasing prevalence of social networks, more and more social network data are published for many applications, such as social network analysis and data mining. However, this brings privacy problems. For example, adversaries can get sensitive information of some individuals easily with little background knowledge. How to publish social network data for analysis purpose while preserving the privacy of individuals has raised many concerns. Many algorithms have been proposed to address this issue. In this paper, we discuss this privacy problem from two aspects: attack models and countermeasures. We analyse privacy conceres, model the background knowledge that adversary may utilize and review the recently developed attack models. We then survey the state-of-the-art privacy preserving methods in two categories: anonymization methods and differential privacy methods. We also provide research directions in this area.展开更多
In this paper, we investigate a resilient control strategy for networked control systems(NCSs) subject to zero dynamic attacks which are stealthy false-data injection attacks that are designed so that they cannot be...In this paper, we investigate a resilient control strategy for networked control systems(NCSs) subject to zero dynamic attacks which are stealthy false-data injection attacks that are designed so that they cannot be detected based on control input and measurement data. Cyber resilience represents the ability of systems or network architectures to continue providing their intended behavior during attack and recovery. When a cyber attack on the control signal of a networked control system is computed to remain undetectable from passive model-based fault detection and isolation schemes, we show that the consequence of a zero dynamic attack on the state variable of the plant is undetectable during attack but it becomes apparent after the end of the attack. A resilient linear quadratic Gaussian controller, having the ability to quickly recover the nominal behavior of the closed-loop system after the attack end, is designed by updating online the Kalman filter from information given by an active version of the generalized likelihood ratio detector.展开更多
Focusing on dropping packets attacks in sensor networks, we propose a model of dropping packets attack-resistance as a repeated game based on such an assumption that sensor nodes are rational. The model prevents malic...Focusing on dropping packets attacks in sensor networks, we propose a model of dropping packets attack-resistance as a repeated game based on such an assumption that sensor nodes are rational. The model prevents malicious nodes from attacking by establishing punishment mechanism, and impels sensor networks to reach a collaborative Nash equilibrium. Simulation results show that the devised model can effectively resist the dropping packets attacks(DPA) by choosing reasonable configuration parameters.展开更多
Wireless sensor networks (WSNs) have many potential applications [1,2] and unique challenges. They usually consist of hundreds or thousands of small sensor nodes such as MICA2, which operate autonomously;conditions su...Wireless sensor networks (WSNs) have many potential applications [1,2] and unique challenges. They usually consist of hundreds or thousands of small sensor nodes such as MICA2, which operate autonomously;conditions such as cost, invisible deployment and many application domains, lead to small size and resource limited sensors [3]. WSNs are susceptible to many types of link layer attacks [1] and most of traditional network security techniques are unusable on WSNs [3];This is due to wireless and shared nature of communication channel, untrusted transmissions, deployment in open environments, unattended nature and limited resources [1]. Therefore security is a vital requirement for these networks;but we have to design a proper security mechanism that attends to WSN’s constraints and requirements. In this paper, we focus on security of WSNs, divide it (the WSNs security) into four categories and will consider them, include: an overview of WSNs, security in WSNs, the threat model on WSNs, a wide variety of WSNs’ link layer attacks and a comparison of them. This work enables us to identify the purpose and capabilities of the attackers;furthermore, the goal and effects of the link layer attacks on WSNs are introduced. Also, this paper discusses known approaches of security detection and defensive mechanisms against the link layer attacks;this would enable IT security managers to manage the link layer attacks of WSNs more effectively.展开更多
基金supported by the National Natural Science Foundation of China Project(No.62302540)please visit their website at https://www.nsfc.gov.cn/(accessed on 18 June 2024).
文摘The methods of network attacks have become increasingly sophisticated,rendering traditional cybersecurity defense mechanisms insufficient to address novel and complex threats effectively.In recent years,artificial intelligence has achieved significant progress in the field of network security.However,many challenges and issues remain,particularly regarding the interpretability of deep learning and ensemble learning algorithms.To address the challenge of enhancing the interpretability of network attack prediction models,this paper proposes a method that combines Light Gradient Boosting Machine(LGBM)and SHapley Additive exPlanations(SHAP).LGBM is employed to model anomalous fluctuations in various network indicators,enabling the rapid and accurate identification and prediction of potential network attack types,thereby facilitating the implementation of timely defense measures,the model achieved an accuracy of 0.977,precision of 0.985,recall of 0.975,and an F1 score of 0.979,demonstrating better performance compared to other models in the domain of network attack prediction.SHAP is utilized to analyze the black-box decision-making process of the model,providing interpretability by quantifying the contribution of each feature to the prediction results and elucidating the relationships between features.The experimental results demonstrate that the network attack predictionmodel based on LGBM exhibits superior accuracy and outstanding predictive capabilities.Moreover,the SHAP-based interpretability analysis significantly improves the model’s transparency and interpretability.
文摘Recently,machine learning algorithms have been used in the detection and classification of network attacks.The performance of the algorithms has been evaluated by using benchmark network intrusion datasets such as DARPA98,KDD’99,NSL-KDD,UNSW-NB15,and Caida DDoS.However,these datasets have two major challenges:imbalanced data and highdimensional data.Obtaining high accuracy for all attack types in the dataset allows for high accuracy in imbalanced datasets.On the other hand,having a large number of features increases the runtime load on the algorithms.A novel model is proposed in this paper to overcome these two concerns.The number of features in the model,which has been tested at CICIDS2017,is initially optimized by using genetic algorithms.This optimum feature set has been used to classify network attacks with six well-known classifiers according to high f1-score and g-mean value in minimumtime.Afterwards,amulti-layer perceptron based ensemble learning approach has been applied to improve the models’overall performance.The experimental results showthat the suggested model is acceptable for feature selection as well as classifying network attacks in an imbalanced dataset,with a high f1-score(0.91)and g-mean(0.99)value.Furthermore,it has outperformed base classifier models and voting procedures.
基金Project supported in part by the China Scholarships Council (Grant No. 2007103794)the Defence Threat Reduction Agency Award HDTRA1-08-1-0027+5 种基金the James S. McDonnell Foundation 21st Century Initiative in Studying Complex Systems,the National Science Foundation within the DDDAS (CNS-0540348)ITR (DMR-0426737)IIS-0513650 programsthe US Office of Naval Research Award N00014-07-Cthe National Natural Science Foundation of China (Grant Nos. 80678605 and 60903157)the National High Technology Research and Development Program of China (Grant No. 2009AA01Z422)
文摘Despite the large size of most communication and transportation systems, there are short paths between nodes in these networks which guarantee the efficient information, data and passenger delivery; furthermore these networks have a surprising tolerance under random errors thanks to their inherent scale-free topology. However, their scale-free topology also makes them fragile under intentional attacks, leaving us a challenge on how to improve the network robustness against intentional attacks without losing their strong tolerance under random errors and high message and passenger delivering capacity. Here We propose two methods (SL method and SH method) to enhance scale-free network's tolerance under attack in different conditions.
基金supported by the Natural Science Basic Research Plan in Shaanxi Province of China(Program No.2022JM-381,2017JQ6070)National Natural Science Foundation of China(Grant No.61703256),Foundation of State Key Laboratory of Public Big Data(No.PBD2022-08)the Fundamental Research Funds for the Central Universities,China(Program No.GK202201014,GK202202003,GK201803020).
文摘Studies show that Graph Neural Networks(GNNs)are susceptible to minor perturbations.Therefore,analyzing adversarial attacks on GNNs is crucial in current research.Previous studies used Generative Adversarial Networks to generate a set of fake nodes,injecting them into a clean GNNs to poison the graph structure and evaluate the robustness of GNNs.In the attack process,the computation of new node connections and the attack loss are independent,which affects the attack on the GNN.To improve this,a Fake Node Camouflage Attack based on Mutual Information(FNCAMI)algorithm is proposed.By incorporating Mutual Information(MI)loss,the distribution of nodes injected into the GNNs become more similar to the original nodes,achieving better attack results.Since the loss ratios of GNNs and MI affect performance,we also design an adaptive weighting method.By adjusting the loss weights in real-time through rate changes,larger loss values are obtained,eliminating local optima.The feasibility,effectiveness,and stealthiness of this algorithm are validated on four real datasets.Additionally,we use both global and targeted attacks to test the algorithm’s performance.Comparisons with baseline attack algorithms and ablation experiments demonstrate the efficiency of the FNCAMI algorithm.
基金supported in part by the National Natural Science Foundation of China(Nos.12271211,12071179)the National Natural Science Foundation of Fujian Province(Nos.2021J01861)+2 种基金the Project of Education Department of Fujian Province(No.JT180263)the Youth Innovation Fund of Xiamen City(3502Z20206020)the Open Fund of Digital Fujian Big Data Modeling and Intelligent Computing Institute,Pre-Research Fund of Jimei University.
文摘Purpose:With the rapid development of Internet technology,cybersecurity threats such as security loopholes,data leaks,network fraud,and ransomware have become increasingly prominent,and organized and purposeful cyberattacks have increased,posing more challenges to cybersecurity protection.Therefore,reliable network risk assessment methods and effective network security protection schemes are urgently needed.Design/methodology/approach:Based on the dynamic behavior patterns of attackers and defenders,a Bayesian network attack graph is constructed,and a multitarget risk dynamic assessment model is proposed based on network availability,network utilization impact and vulnerability attack possibility.Then,the selforganizing multiobjective evolutionary algorithm based on grey wolf optimization is proposed.And the authors use this algorithm to solve the multiobjective risk assessment model,and a variety of different attack strategies are obtained.Findings:The experimental results demonstrate that the method yields 29 distinct attack strategies,and then attacker’s preferences can be obtained according to these attack strategies.Furthermore,the method efficiently addresses the security assessment problem involving multiple decision variables,thereby providing constructive guidance for the construction of security network,security reinforcement and active defense.Originality/value:A method for network risk assessment methods is given.And this study proposed a multiobjective risk dynamic assessment model based on network availability,network utilization impact and the possibility of vulnerability attacks.The example demonstrates the effectiveness of the method in addressing network security risks.
基金the Natural Science Foundation of China (No. 61802404, 61602470)the Strategic Priority Research Program (C) of the Chinese Academy of Sciences (No. XDC02040100)+3 种基金the Fundamental Research Funds for the Central Universities of the China University of Labor Relations (No. 20ZYJS017, 20XYJS003)the Key Research Program of the Beijing Municipal Science & Technology Commission (No. D181100000618003)partially the Key Laboratory of Network Assessment Technology,the Chinese Academy of Sciencesthe Beijing Key Laboratory of Network Security and Protection Technology
文摘Attacks such as APT usually hide communication data in massive legitimate network traffic, and mining structurally complex and latent relationships among flow-based network traffic to detect attacks has become the focus of many initiatives. Effectively analyzing massive network security data with high dimensions for suspicious flow diagnosis is a huge challenge. In addition, the uneven distribution of network traffic does not fully reflect the differences of class sample features, resulting in the low accuracy of attack detection. To solve these problems, a novel approach called the fuzzy entropy weighted natural nearest neighbor(FEW-NNN) method is proposed to enhance the accuracy and efficiency of flowbased network traffic attack detection. First, the FEW-NNN method uses the Fisher score and deep graph feature learning algorithm to remove unimportant features and reduce the data dimension. Then, according to the proposed natural nearest neighbor searching algorithm(NNN_Searching), the density of data points, each class center and the smallest enclosing sphere radius are determined correspondingly. Finally, a fuzzy entropy weighted KNN classification method based on affinity is proposed, which mainly includes the following three steps: 1、 the feature weights of samples are calculated based on fuzzy entropy values, 2、 the fuzzy memberships of samples are determined based on affinity among samples, and 3、 K-neighbors are selected according to the class-conditional weighted Euclidean distance, the fuzzy membership value of the testing sample is calculated based on the membership of k-neighbors, and then all testing samples are classified according to the fuzzy membership value of the samples belonging to each class;that is, the attack type is determined. The method has been applied to the problem of attack detection and validated based on the famous KDD99 and CICIDS-2017 datasets. From the experimental results shown in this paper, it is observed that the FEW-NNN method improves the accuracy and efficiency of flow-based network traffic attack detection.
基金the National Natural Science Foundation of China(61802117)。
文摘The network attack profit graph(NAPG)model and the attack profit path predication algorithm are presented herein to cover the shortage of considerations in attacker’s subjective factors based on existing network attack path prediction methods.Firstly,the attack profit is introduced,with the attack profit matrix designed and the attack profit matrix generation algorithm given accordingly.Secondly,a path profit feasibility analysis algorithm is proposed to analyze the network feasibility of realizing profit of attack path.Finally,an opportunity profit path and an optimal profit path are introduced with the selection algorithm and the prediction algorithm designed for accurate prediction of the path.According to the experimental test,the network attack profit path predication algorithm is applicable for accurate prediction of the opportunity profit path and the optimal profit path.
基金supported by the Hebei Province Innovation Capacity Improvement Program of China under Grant No.179676278Dthe Ministry of Education Fund Project of China under Grant No.2017A20004
文摘SDN (Software Defined Network) has many security problems, and DDoS attack is undoubtedly the most serious harm to SDN architecture network. How to accurately and effectively detect DDoS attacks has always been a difficult point and focus of SDN security research. Based on the characteristics of SDN, a DDoS attack detection method combining generalized entropy and PSOBP neural network is proposed. The traffic is pre-detected by the generalized entropy method deployed on the switch, and the detection result is divided into normal and abnormal. Locate the switch that issued the abnormal alarm. The controller uses the PSO-BP neural network to detect whether a DDoS attack occurs by further extracting the flow features of the abnormal switch. Experiments show that compared with other methods, the detection accurate rate is guaranteed while the CPU load of the controller is reduced, and the detection capability is better.
基金supported by the National Natural Science Foundation of China under Grant No. 61271174
文摘By allowing routers to combine the received packets before forwarding them,network coding-based applications are susceptible to possible malicious pollution attacks.Existing solutions for counteracting this issue either incur inter-generation pollution attacks(among multiple generations)or suffer high computation/bandwidth overhead.Using a dynamic public key technique,we propose a novel homomorphic signature scheme for network coding for each generation authentication without updating the initial secret key used.As per this idea,the secret key is scrambled for each generation by using the generation identifier,and each packet can be fast signed using the scrambled secret key for the generation to which the packet belongs.The scheme not only can resist intra-generation pollution attacks effectively but also can efficiently prevent inter-generation pollution attacks.Further,the communication overhead of the scheme is small and independent of the size of the transmitting files.
文摘Network attack graphs are originally used to evaluate what the worst security state is when a concerned net-work is under attack. Combined with intrusion evidence such like IDS alerts, attack graphs can be further used to perform security state posterior inference (i.e. inference based on observation experience). In this area, Bayesian network is an ideal mathematic tool, however it can not be directly applied for the following three reasons: 1) in a network attack graph, there may exist directed cycles which are never permitted in a Bayesian network, 2) there may exist temporal partial ordering relations among intrusion evidence that can-not be easily modeled in a Bayesian network, and 3) just one Bayesian network cannot be used to infer both the current and the future security state of a network. In this work, we improve an approximate Bayesian posterior inference algorithm–the likelihood-weighting algorithm to resolve the above obstacles. We give out all the pseudocodes of the algorithm and use several examples to demonstrate its benefit. Based on this, we further propose a network security assessment and enhancement method along with a small network scenario to exemplify its usage.
文摘Localization is the basic requirement for network management in Wireless Sensor Networks as it helps nodes find their absolute position coordinates and in gathering information relevant to their locations. A localization algorithm has to be dynamic, scalable and should not impose high computation or communication overhead. The localization systems are also prone to attacks. We target a localization scheme for mobile sensor networks called Monte-Carlo Localization, which study its behavior under the most dangerous attack on localization called Wormhole Attack, also known as Collusion Attack and propose a modified algorithm that can help the localization system retain its accuracy level even in the presence of attacks. Our algorithm has communication cost almost equal to that of original localization algorithm (in this case MCL) in the absence of attacks.
基金Supported by the General Program of Science and Technology Development Project of Beijing Municipal Education Commission(KM201311232014)the Opening Project of Beijing Key Laboratory of Internet Culture and Digital Dissemination Research (ICDD201206, ICDD201207)
文摘Network coding can improve network throughput in large, but it is vulnerable to the data pollution attacks. In this paper, we propose an efficient homomorphic message authentication code (MAC) scheme with discrete logarithm to detect and locate the malicious nodes. We also prove the security property of the scheme theoretically. Its effectiveness is demonstrated, and overhead is analyzed through extensive experiments.
基金supported by the National Natural Science Foundation of China (60932003)the National High Technology Research and Development Program of China (863 Program)(2007AA01Z452+2 种基金 2009AA01Z118)Shanghai Municipal Natural Science Foundation (09ZR1414900)The National Undergraduate Innovative Test Program(091024812)
文摘Due to their characteristics of dynamic topology, wireless channels and limited resources, mobile ad hoc networks are particularly vulnerable to a denial of service (DoS) attacks launched by intruders. The effects of flooding attacks in network simulation 2 (NS2) and measured performance parameters are investigated, including packet loss ratio, average delay, throughput and average number of hops under different numbers of attack nodes, flooding frequency, network bandwidth and network size. Simulation results show that with the increase of the flooding frequency and the number of attack nodes, network performance sharply drops. But when the frequency of flooding attacks or the number of attack nodes is greater than a certain value, performance degradation tends to a stable value.
文摘The approach of traffic abnormality detection of network resource allocation attack did not have reliable signatures to depict abnormality and identify them. However, it is crucial for us to detect attacks accurately. The technique that we adopted is inspired by long range dependence ideas. We use the number of packet arrivals of a flow in fixed-length time intervals as the signal and attempt to extend traffic invariant “self-similarity”. We validate the effectiveness of the approach with simulation and trace analysis.
基金the supports of the National Natural Science Foundation of China (60403027) the projects of science and research plan of Hubei provincial department of education (2003A011)the Natural Science Foundation Of Hubei Province of China (2005ABA243).
文摘With the increasing deployment of wireless sensordevices and networks,security becomes a criticalchallenge for sensor networks.In this paper,a schemeusing data mining is proposed for routing anomalydetection in wireless sensor networks.The schemeuses the Apriori algorithm to extract traffic patternsfrom both routing table and network traffic packetsand subsequently the K-means cluster algorithmadaptively generates a detection model.Through thecombination of these two algorithms,routing attackscan be detected effectively and automatically.Themain advantage of the proposed approach is that it isable to detect new attacks that have not previouslybeen seen.Moreover,the proposed detection schemeis based on no priori knowledge and then can beapplied to a wide range of different sensor networksfor a variety of routing attacks.
基金the National Natural Science Foundation of China(No.61179002)the National Defence Foundation of China(No.2012JY002-260)
文摘While all-optical networks become more and more popular as the basis of the next generation Internet(NGI)infrastructure,such networks raise many critical security issues.High power inter-channel crosstalk attack is one of the security issues which have negative effect on information security in optical networks.Optical fiber in optical networks has some nonlinear characteristics,such as self phase modulation(SPM),cross phase modulation(XPM),four-wave mixing(FWM)and stimulated Raman scattering(SRS).They can be used to implement high power inter-channel crosstalk attack by malicious attackers.The mechanism of high power inter-channel crosstalk attack is analyzed.When an attack occurs,attack signal power and fiber nonlinear refractive index are the main factors which affect quality of legitimate signals.The effect of high power inter-channel crosstalk attack on quality of legitimate signals is investigated by building simulation system in VPI software.The results show that interchannel crosstalk caused by high power attack signal leads to quality deterioration of legitimate signals propagated in the same fiber.The higher the power of attack signal is,the greater the fiber nonlinear refractive index is.The closer the channel spacing away from the attack signal is,the more seriously the legitimate signals are affected by attack.We also find that when attack position and power of attack signal are constant,attack signal cannot infinitely spread,while its attack ability shows a fading trend with the extension of propagation distance.
文摘With the increasing prevalence of social networks, more and more social network data are published for many applications, such as social network analysis and data mining. However, this brings privacy problems. For example, adversaries can get sensitive information of some individuals easily with little background knowledge. How to publish social network data for analysis purpose while preserving the privacy of individuals has raised many concerns. Many algorithms have been proposed to address this issue. In this paper, we discuss this privacy problem from two aspects: attack models and countermeasures. We analyse privacy conceres, model the background knowledge that adversary may utilize and review the recently developed attack models. We then survey the state-of-the-art privacy preserving methods in two categories: anonymization methods and differential privacy methods. We also provide research directions in this area.
基金supported by the Ministry of the Higher Education and Scientific Research in Tunisia
文摘In this paper, we investigate a resilient control strategy for networked control systems(NCSs) subject to zero dynamic attacks which are stealthy false-data injection attacks that are designed so that they cannot be detected based on control input and measurement data. Cyber resilience represents the ability of systems or network architectures to continue providing their intended behavior during attack and recovery. When a cyber attack on the control signal of a networked control system is computed to remain undetectable from passive model-based fault detection and isolation schemes, we show that the consequence of a zero dynamic attack on the state variable of the plant is undetectable during attack but it becomes apparent after the end of the attack. A resilient linear quadratic Gaussian controller, having the ability to quickly recover the nominal behavior of the closed-loop system after the attack end, is designed by updating online the Kalman filter from information given by an active version of the generalized likelihood ratio detector.
基金the National Defense Basic Research Foun-dation of China (C2720061361)
文摘Focusing on dropping packets attacks in sensor networks, we propose a model of dropping packets attack-resistance as a repeated game based on such an assumption that sensor nodes are rational. The model prevents malicious nodes from attacking by establishing punishment mechanism, and impels sensor networks to reach a collaborative Nash equilibrium. Simulation results show that the devised model can effectively resist the dropping packets attacks(DPA) by choosing reasonable configuration parameters.
文摘Wireless sensor networks (WSNs) have many potential applications [1,2] and unique challenges. They usually consist of hundreds or thousands of small sensor nodes such as MICA2, which operate autonomously;conditions such as cost, invisible deployment and many application domains, lead to small size and resource limited sensors [3]. WSNs are susceptible to many types of link layer attacks [1] and most of traditional network security techniques are unusable on WSNs [3];This is due to wireless and shared nature of communication channel, untrusted transmissions, deployment in open environments, unattended nature and limited resources [1]. Therefore security is a vital requirement for these networks;but we have to design a proper security mechanism that attends to WSN’s constraints and requirements. In this paper, we focus on security of WSNs, divide it (the WSNs security) into four categories and will consider them, include: an overview of WSNs, security in WSNs, the threat model on WSNs, a wide variety of WSNs’ link layer attacks and a comparison of them. This work enables us to identify the purpose and capabilities of the attackers;furthermore, the goal and effects of the link layer attacks on WSNs are introduced. Also, this paper discusses known approaches of security detection and defensive mechanisms against the link layer attacks;this would enable IT security managers to manage the link layer attacks of WSNs more effectively.
