The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security....The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security.As a result,there is an urgent need to conduct research on 5G-R network security.To comprehensively enhance the end-to-end security protection of the 5G-R network,this study summarized the security requirements of the GSM-R network,analyzed the security risks and requirements faced by the 5G-R network,and proposed an overall 5G-R network security architecture.The security technical schemes were detailed from various aspects:5G-R infrastructure security,terminal access security,networking security,operation and maintenance security,data security,and network boundary security.Additionally,the study proposed leveraging the 5G-R security situation awareness system to achieve a comprehensive upgrade from basic security technologies to endogenous security capabilities within the 5G-R system.展开更多
Given the grave local and international network security landscape,a national strategic level analysis indicates that the modernization and advancement within the Industry 4.0 era are closely correlated with overall c...Given the grave local and international network security landscape,a national strategic level analysis indicates that the modernization and advancement within the Industry 4.0 era are closely correlated with overall competitive strength.Consequently,China proposed a strategy for the integration of industrialization and informatization,optimizing and adjusting its industrial structure to swiftly achieve transformation and upgrading in the Industry 4.0 era,thereby enhancing the sophistication of intelligent industrial control systems.The distributed control system in a nuclear power plant functions as an industrial control system,overseeing the operational status of the physical process.Its ability to ensure safe and reliable operation is directly linked to nuclear safety and the cybersecurity of the facility.The management of network security in distributed control systems(DCS)is crucial for achieving this objective.Due to the varying network settings and parameters of the DCS implemented in each nuclear power plant,the network security status of the system sometimes diverges from expectations.During system operation,it will undoubtedly encounter network security issues.Consequently,nuclear power plants utilize the technical criteria outlined in GB/T 22239 to formulate a network security management program aimed at enhancing the operational security of DCS within these facilities.This study utilizes existing network security regulations and standards as a reference to analyze the network security control standards based on the nuclear power plant’s control system.It delineates the fundamental requirements for network security management,facilitating integration with the entire life cycle of the research,development,and application of the nuclear power plant’s distributed control system,thereby establishing a network security management methodology that satisfies the control requirements of the nuclear power plant.Initially,it presents DCS and network security management,outlines current domestic and international network security legislation and standards,and specifies the standards pertinent to the administration of DCS in nuclear power plants.Secondly,the design of network security management for DCS is executed in conjunction with the specific context of nuclear power plants.This encompasses the deployment of network security apparatus,validation of the network security management strategy,and optimization adjustments.Consequently,recommendations beneficial to the network security management of nuclear power plants are compiled,aimed at establishing a management system and incorporating the concept of full life cycle management,which is predicated on system requirements,system design,and both software and hardware considerations.Conversely,it presents the notion of comprehensive life cycle management and suggests network security management strategies encompassing system requirements,system architecture,detailed hardware and software design and implementation,procurement,internal system integration,system validation and acceptance testing,system installation,operational maintenance,system modifications,and decommissioning.We will consistently enhance the performance and functionality of DCS in nuclear power plants,establish a safe and secure operational environment,and thereby facilitate the implementation of DCS in nuclear facilities while ensuring robust network security in the future.展开更多
Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHS...Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHSAS is developed for national backbone network,large network operators,large enterprises and other large-scale network.This paper describes its architecture and key technologies:Network Security Oriented Total Factor Information Collection and High-Dimensional Vector Space Analysis,Knowledge Representation and Management of Super Large-Scale Network Security,Multi-Level,Multi-Granularity and Multi-Dimensional Network Security Index Construction Method,Multi-Mode and Multi-Granularity Network Security Situation Prediction Technology,and so on.The performance tests show that YHSAS has high real-time performance and accuracy in security situation analysis and trend prediction.The system meets the demands of analysis and prediction for large-scale network security situation.展开更多
This study proposes a method for analyzing the security distance of an Active Distribution Network(ADN)by incorporating the demand response of an Energy Hub(EH).Taking into account the impact of stochastic wind-solar ...This study proposes a method for analyzing the security distance of an Active Distribution Network(ADN)by incorporating the demand response of an Energy Hub(EH).Taking into account the impact of stochastic wind-solar power and flexible loads on the EH,an interactive power model was developed to represent the EH’s operation under these influences.Additionally,an ADN security distance model,integrating an EH with flexible loads,was constructed to evaluate the effect of flexible load variations on the ADN’s security distance.By considering scenarios such as air conditioning(AC)load reduction and base station(BS)load transfer,the security distances of phases A,B,and C increased by 17.1%,17.2%,and 17.7%,respectively.Furthermore,a multi-objective optimal power flow model was formulated and solved using the Forward-Backward Power Flow Algorithm,the NSGA-II multi-objective optimization algo-rithm,and the maximum satisfaction method.The simulation results of the IEEE33 node system example demonstrate that after opti-mization,the total energy cost for one day is reduced by 0.026%,and the total security distance limit of the ADN’s three phases is improved by 0.1 MVA.This method effectively enhances the security distance,facilitates BS load transfer and AC load reduction,and contributes to the energy-saving,economical,and safe operation of the power system.展开更多
The Fifth Generation of Mobile Communications for Railways(5G-R)brings significant opportunities for the rail industry.However,alongside the potential and benefits of the railway 5G network are complex security challe...The Fifth Generation of Mobile Communications for Railways(5G-R)brings significant opportunities for the rail industry.However,alongside the potential and benefits of the railway 5G network are complex security challenges.Ensuring the security and reliability of railway 5G networks is therefore essential.This paper presents a detailed examination of security assessment techniques for railway 5G networks,focusing on addressing the unique security challenges in this field.In this paper,various security requirements in railway 5G networks are analyzed,and specific processes and methods for conducting comprehensive security risk assessments are presented.This study provides a framework for securing railway 5G network development and ensuring its long-term sustainability.展开更多
Quantum key distribution(QKD)optical networks can provide more secure communications.However,with the increase of the QKD path requests and key updates,network blocking problems will become severe.The blocking problem...Quantum key distribution(QKD)optical networks can provide more secure communications.However,with the increase of the QKD path requests and key updates,network blocking problems will become severe.The blocking problems in the network can become more severe because each fiber link has limited resources(such as wavelengths and time slots).In addition,QKD optical networks are also affected by external disturbances such as data interception and eavesdropping,resulting in inefficient network communication.In this paper,we exploit the idea of protection path to enhance the anti-interference ability of QKD optical network.By introducing the concept of security metric,we propose a routing wavelength and time slot allocation algorithm(RWTA)based on protection path,which can lessen the blocking problem of QKD optical network.According to simulation analysis,the security-metric-based RWTA algorithm(SM-RWTA)proposed in this paper can substantially improve the success rate of security key(SK)update and significantly reduce the blocking rate of the network.It can also improve the utilization rate of resources such as wavelengths and time slots.Compared with the non-security-metric-based RWTA algorithm(NSM-RWTA),our algorithm is robust and can enhance the anti-interference ability and security of QKD optical networks.展开更多
Digital content such as games,extended reality(XR),and movies has been widely and easily distributed over wireless networks.As a result,unauthorized access,copyright infringement by third parties or eavesdroppers,and ...Digital content such as games,extended reality(XR),and movies has been widely and easily distributed over wireless networks.As a result,unauthorized access,copyright infringement by third parties or eavesdroppers,and cyberattacks over these networks have become pressing concerns.Therefore,protecting copyrighted content and preventing illegal distribution in wireless communications has garnered significant attention.The Intelligent Reflecting Surface(IRS)is regarded as a promising technology for future wireless and mobile networks due to its ability to reconfigure the radio propagation environment.This study investigates the security performance of an uplink Non-Orthogonal Multiple Access(NOMA)system integrated with an IRS and employing Fountain Codes(FCs).Specifically,two users send signals to the base station at separate distances.A relay receives the signal from the nearby user first and then relays it to the base station.The IRS receives the signal from the distant user and reflects it to the relay,which then sends the reflected signal to the base station.Furthermore,a malevolent eavesdropper intercepts both user and relay communications.We construct mathematical equations for Outage Probability(OP),throughput,diversity evaluation,and Interception Probability(IP),offering quantitative insights to assess system security and performance.Additionally,OP and IP are analyzed using a Deep Neural Network(DNN)model.A deeper comprehension of the security performance of the IRS-assisted NOMA systemin signal transmission is provided by Monte Carlo simulations,which are also carried out to confirm the theoretical conclusions.展开更多
A robust ecological security network(ESN)is essential for ensuring regional ecological security,improving fragile ecological conditions,and promoting sustainable development.Climate change and land use/cover change(LU...A robust ecological security network(ESN)is essential for ensuring regional ecological security,improving fragile ecological conditions,and promoting sustainable development.Climate change and land use/cover change(LUCC)influence the structure and connectivity of the ESN by impacting ecosystem services(ESs).Previous studies primarily focused on the overall effects of LUCC on ESN changes,but they largely overlooked the effects of detailed LUCC transitions.In this study,we evaluated changes in the structure and connectivity of the ESN in the Songnen Plain(SNP),Northeast China,over the past 30 yr(1990s-2020s)using circuit theory and graph theory.We further explored the effects of climate change,LUCC,and detailed LUCC transformations on ESN changes through factorial control experiments.Results revealed a 24.86%decrease in ecological sources and a 27.06%decrease in ecological corridors,accompanied by a decline in ESN connectivity from the 1990s to the 2010s.Conversely,from the 2010s to the 2020s,ecological sources increased by 14.71%and ecological corridors increased by 25.71%due to ecological projects such as returning farmland to wetlands,resulting in an overall increase in ESN connectivity.The changes in ESN structure were primarily attributed to LUCC effects,followed by climate change effects and their interactions.In contrast,the changes in connectivity were significantly affected by climate change,followed by interactive effects and LUCC.Through detailed examination of LUCC transformation effects,we further found that the changes in ESN structure were primarily attributed to wetland loss,followed by deforestation and urban expansion.Meanwhile,the changes in ESN connectivity were mainly due to the effects of wetland loss,urban expansion and deforestation.Notably,the adverse effects of wetland loss partly offset climate change benefits on ESN.Our study offers valuable insights for developing future land management policies and implementing ecological projects,aimed at maintaining a stable ESN and ensuring sustainable human development.展开更多
In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application o...In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application of 5G private industrial networks,a comparative analysis is used to plan and design a private network security construction scheme.The network security construction model,network organization,and key processes of 5G private industrial networks at the current stage are investigated.In addition,the key direction for the next stage of construction is discussed.展开更多
The 5G and satellite converged communication network(5G SCCN)is an impor⁃tant component of the integration of satellite-terrestrial networks,the national science,and technology major projects towards 2030.Security is ...The 5G and satellite converged communication network(5G SCCN)is an impor⁃tant component of the integration of satellite-terrestrial networks,the national science,and technology major projects towards 2030.Security is the key to ensuring its operation,but at present,the research in this area has just started in our country.Based on the network char⁃acteristics and security risks,we propose the security architecture of the 5G SCCN and sys⁃tematically sort out the key protection technologies and improvement directions.In particu⁃lar,unique thinking on the security of lightweight data communication and design reference for the 5G SCCN network architecture is presented.It is expected to provide a piece of refer⁃ence for the follow-up 5G SCCN security technology research,standard evolution,and indus⁃trialization.展开更多
In order to improve the security of high school campus networks,this paper introduces the goal,system composition,and function of the network security of high school campus networks,and puts forward a series of strate...In order to improve the security of high school campus networks,this paper introduces the goal,system composition,and function of the network security of high school campus networks,and puts forward a series of strategies,including the establishment of network security protection system,data backup and recovery mechanism,and strengthening network security management and training.Through these strategies,the safety and stable operation of the campus network can be ensured,the quality of education can be improved,and school’s development can be promoted.展开更多
The Vertical Handover(VHO)is one of the most vital features provided for the heterogeneous mobile networks.It allows Mobile Users(MUs)to keep ongoing sessions without disruption while they continuously move between di...The Vertical Handover(VHO)is one of the most vital features provided for the heterogeneous mobile networks.It allows Mobile Users(MUs)to keep ongoing sessions without disruption while they continuously move between different Radio Access Technologies(RATs)such as Wireless Fidelity(Wi-Fi),Global System for Mobile Communication(GSM),Universal Mobile Telecommunications System(UMTS),Long Term Evolution(LTE)and Fifth Generation(5G).In order to fulfill this goal,the VHO must comply to three main phases:starting of collecting the required information and then passing it for decision phase to obtain the best available RAT for performing VHO by execution phase eventually.However,the execution phase still encounters some security issues which are exploited by hackers in launching malicious attacks such as ransomware,fragmentation,header manipulation,smurf,host initialization,reconnaissance,eavesdropping,Denial of Service(DoS),spoofing,Man in the Middle(MITM)and falsification.This paper thoroughly studies the recent security issues for hundreds VHO approaches found in the literature and comes up with a secure procedure to enhance VHO security during execution phase.A numerical analysis results of the proposed procedure are effectively evaluated in terms of security and signaling cost.Compared with the recent related work found in literature,the analysis demonstrates that the security is successfully improved by 20%whereas signaling cost is maintained as in non-proposed procedure.展开更多
Active networks is primarily a Defense Advanced Research Projects Agency(DARPA)-funded project focusing on the research of mechanisms, applications, and operating systems to develop a reconfigurable network infrastruc...Active networks is primarily a Defense Advanced Research Projects Agency(DARPA)-funded project focusing on the research of mechanisms, applications, and operating systems to develop a reconfigurable network infrastructure. This letter proposes an Secure Active Tracing System (SATS) to implementing security for active networking in Internet. Unlike currently existing schemes, SATS reduces the computational overloads by executing the filtering operation on selected packet streams only when needed.展开更多
Studied in this article is whether the Bayesian Network Model (BNM) can be effectively applied to the prioritization of defense in-depth security tools and procedures and to the combining of those measures to reduce c...Studied in this article is whether the Bayesian Network Model (BNM) can be effectively applied to the prioritization of defense in-depth security tools and procedures and to the combining of those measures to reduce cyber threats. The methods used in this study consisted of scanning 24 peer reviewed Cybersecurity Articles from prominent Cybersecurity Journals using the Likert Scale Model for the article’s list of defense in depth measures (tools and procedures) and the threats that those measures were designed to reduce. The defense in depth tools and procedures are then compared to see whether the Likert scale and the Bayesian Network Model could be effectively applied to prioritize and combine the measures to reduce cyber threats attacks against organizational and private computing systems. The findings of the research reject the H0 null hypothesis that BNM does not affect the relationship between the prioritization and combining of 24 Cybersecurity Article’s defense in depth tools and procedures (independent variables) and cyber threats (dependent variables).展开更多
In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasib...In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasibility and key implementing technology of the model are expatiated. A prototype system is implemented to validate it.展开更多
With the development of information networks, the problem of power security has increasingly caused many attention of people, but the simple power security defense system has been difficult to meet the current complex...With the development of information networks, the problem of power security has increasingly caused many attention of people, but the simple power security defense system has been difficult to meet the current complex network environment. Aiming at this situation, by using the method of T-S fuzzy neural network model to analyze the characteristics of the data transmission in network, it has obtained corresponding threat information. By processing these threat information, it completes the construction of three-dimensional power security defense system. The paper carries on the corresponding data training methods by using T-shirt model fuzzy neural network, which has certain reference significance for the data analysis of other similar fields. At the same time, the study of building on the three-dimensional power security defense system aims to provide a theoretical reference for solving the security defense of the current complex network environment.展开更多
Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmab...Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the “three-layer two-interface” architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.展开更多
In recent years, with the increase of the speed of social development, the network level of its computer has also been continuously improved, in its computer network application and popularization stage, has achieved ...In recent years, with the increase of the speed of social development, the network level of its computer has also been continuously improved, in its computer network application and popularization stage, has achieved good results. But there are also more and more problems, such as data theft and system damage, which need to be analyzed and applied in security technologies to maintain network security.展开更多
With the rapid development of global information and the increasing dependence on network for people, network security problems are becoming more and more serious. By analyzing the existing security assessment methods...With the rapid development of global information and the increasing dependence on network for people, network security problems are becoming more and more serious. By analyzing the existing security assessment methods, we propose a network security situation evaluation system based on modified D-S evidence theory is proposed. Firstly, we give a modified D-S evidence theory to improve the reliability and rationality of the fusion result and apply the theory to correlation analysis. Secondly, the attack successful support is accurately calculated by matching internal factors with external threats. Multi-module evaluation is established to comprehensively evaluate the situation of network security. Finally we use an example of actual network datasets to validate the network security situation evaluation system. The simulation result shows that the system can not only reduce the rate of false positives and false alarms, but also effectively help analysts comprehensively to understand the situation of network security.展开更多
As the number of Virtual Machines(VMs) consolidated on single physical server increases with the rapid advance of server hardware,virtual network turns complex and frangible.Modern Network Security Engines(NSE) are in...As the number of Virtual Machines(VMs) consolidated on single physical server increases with the rapid advance of server hardware,virtual network turns complex and frangible.Modern Network Security Engines(NSE) are introduced to eradicate the intrusions occurring in the virtual network.In this paper,we point out the inadequacy of the present live migration implementation,which hinders itself from providing transparent VM relocation between hypervisors equipped with Network Security Engines(NSE-H).This occurs because the current implementation ignores VM-related Security Context(SC) required by NSEs embedded in NSE-H.We present the CoM,a comprehensive live migration framework,for NSE-H-based virtualization computing environment.We built a prototype system on Xen hypervisors to evaluate our framework,and conduct experiments under various realistic application environments.The results demonstrate that our solution successfully fixes the inadequacy of the present live migration implementation,and the performance overhead is negligible.展开更多
文摘The 5G-R network is on the verge of entering the construction stage.Given that the dedicated network for railways is closely linked to train operation safety,there are extremely high requirements for network security.As a result,there is an urgent need to conduct research on 5G-R network security.To comprehensively enhance the end-to-end security protection of the 5G-R network,this study summarized the security requirements of the GSM-R network,analyzed the security risks and requirements faced by the 5G-R network,and proposed an overall 5G-R network security architecture.The security technical schemes were detailed from various aspects:5G-R infrastructure security,terminal access security,networking security,operation and maintenance security,data security,and network boundary security.Additionally,the study proposed leveraging the 5G-R security situation awareness system to achieve a comprehensive upgrade from basic security technologies to endogenous security capabilities within the 5G-R system.
文摘Given the grave local and international network security landscape,a national strategic level analysis indicates that the modernization and advancement within the Industry 4.0 era are closely correlated with overall competitive strength.Consequently,China proposed a strategy for the integration of industrialization and informatization,optimizing and adjusting its industrial structure to swiftly achieve transformation and upgrading in the Industry 4.0 era,thereby enhancing the sophistication of intelligent industrial control systems.The distributed control system in a nuclear power plant functions as an industrial control system,overseeing the operational status of the physical process.Its ability to ensure safe and reliable operation is directly linked to nuclear safety and the cybersecurity of the facility.The management of network security in distributed control systems(DCS)is crucial for achieving this objective.Due to the varying network settings and parameters of the DCS implemented in each nuclear power plant,the network security status of the system sometimes diverges from expectations.During system operation,it will undoubtedly encounter network security issues.Consequently,nuclear power plants utilize the technical criteria outlined in GB/T 22239 to formulate a network security management program aimed at enhancing the operational security of DCS within these facilities.This study utilizes existing network security regulations and standards as a reference to analyze the network security control standards based on the nuclear power plant’s control system.It delineates the fundamental requirements for network security management,facilitating integration with the entire life cycle of the research,development,and application of the nuclear power plant’s distributed control system,thereby establishing a network security management methodology that satisfies the control requirements of the nuclear power plant.Initially,it presents DCS and network security management,outlines current domestic and international network security legislation and standards,and specifies the standards pertinent to the administration of DCS in nuclear power plants.Secondly,the design of network security management for DCS is executed in conjunction with the specific context of nuclear power plants.This encompasses the deployment of network security apparatus,validation of the network security management strategy,and optimization adjustments.Consequently,recommendations beneficial to the network security management of nuclear power plants are compiled,aimed at establishing a management system and incorporating the concept of full life cycle management,which is predicated on system requirements,system design,and both software and hardware considerations.Conversely,it presents the notion of comprehensive life cycle management and suggests network security management strategies encompassing system requirements,system architecture,detailed hardware and software design and implementation,procurement,internal system integration,system validation and acceptance testing,system installation,operational maintenance,system modifications,and decommissioning.We will consistently enhance the performance and functionality of DCS in nuclear power plants,establish a safe and secure operational environment,and thereby facilitate the implementation of DCS in nuclear facilities while ensuring robust network security in the future.
基金This work is funded by the National Natural Science Foundation of China under Grant U1636215the National key research and development plan under Grant Nos.2018YFB0803504,2016YFB0800303.
文摘Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHSAS is developed for national backbone network,large network operators,large enterprises and other large-scale network.This paper describes its architecture and key technologies:Network Security Oriented Total Factor Information Collection and High-Dimensional Vector Space Analysis,Knowledge Representation and Management of Super Large-Scale Network Security,Multi-Level,Multi-Granularity and Multi-Dimensional Network Security Index Construction Method,Multi-Mode and Multi-Granularity Network Security Situation Prediction Technology,and so on.The performance tests show that YHSAS has high real-time performance and accuracy in security situation analysis and trend prediction.The system meets the demands of analysis and prediction for large-scale network security situation.
基金supported in part by the National Nat-ural Science Foundation of China(No.51977012,No.52307080).
文摘This study proposes a method for analyzing the security distance of an Active Distribution Network(ADN)by incorporating the demand response of an Energy Hub(EH).Taking into account the impact of stochastic wind-solar power and flexible loads on the EH,an interactive power model was developed to represent the EH’s operation under these influences.Additionally,an ADN security distance model,integrating an EH with flexible loads,was constructed to evaluate the effect of flexible load variations on the ADN’s security distance.By considering scenarios such as air conditioning(AC)load reduction and base station(BS)load transfer,the security distances of phases A,B,and C increased by 17.1%,17.2%,and 17.7%,respectively.Furthermore,a multi-objective optimal power flow model was formulated and solved using the Forward-Backward Power Flow Algorithm,the NSGA-II multi-objective optimization algo-rithm,and the maximum satisfaction method.The simulation results of the IEEE33 node system example demonstrate that after opti-mization,the total energy cost for one day is reduced by 0.026%,and the total security distance limit of the ADN’s three phases is improved by 0.1 MVA.This method effectively enhances the security distance,facilitates BS load transfer and AC load reduction,and contributes to the energy-saving,economical,and safe operation of the power system.
基金supported in part by the Fundamental Research Funds for the Central Universities under Grant No.2025JBXT010in part by NSFC under Grant No.62171021,in part by the Project of China State Railway Group under Grant No.N2024B004in part by ZTE IndustryUniversityInstitute Cooperation Funds under Grant No.l23L00010.
文摘The Fifth Generation of Mobile Communications for Railways(5G-R)brings significant opportunities for the rail industry.However,alongside the potential and benefits of the railway 5G network are complex security challenges.Ensuring the security and reliability of railway 5G networks is therefore essential.This paper presents a detailed examination of security assessment techniques for railway 5G networks,focusing on addressing the unique security challenges in this field.In this paper,various security requirements in railway 5G networks are analyzed,and specific processes and methods for conducting comprehensive security risk assessments are presented.This study provides a framework for securing railway 5G network development and ensuring its long-term sustainability.
基金funded by Youth Program of Shaanxi Provincial Department of Science and Technology(Grant No.2024JC-YBQN-0630)。
文摘Quantum key distribution(QKD)optical networks can provide more secure communications.However,with the increase of the QKD path requests and key updates,network blocking problems will become severe.The blocking problems in the network can become more severe because each fiber link has limited resources(such as wavelengths and time slots).In addition,QKD optical networks are also affected by external disturbances such as data interception and eavesdropping,resulting in inefficient network communication.In this paper,we exploit the idea of protection path to enhance the anti-interference ability of QKD optical network.By introducing the concept of security metric,we propose a routing wavelength and time slot allocation algorithm(RWTA)based on protection path,which can lessen the blocking problem of QKD optical network.According to simulation analysis,the security-metric-based RWTA algorithm(SM-RWTA)proposed in this paper can substantially improve the success rate of security key(SK)update and significantly reduce the blocking rate of the network.It can also improve the utilization rate of resources such as wavelengths and time slots.Compared with the non-security-metric-based RWTA algorithm(NSM-RWTA),our algorithm is robust and can enhance the anti-interference ability and security of QKD optical networks.
基金supported in part by Vietnam National Foundation for Science and Technology Development(NAFOSTED)under Grant 102.04-2021.57in part by Culture,Sports and Tourism R&D Program through the Korea Creative Content Agency grant funded by the Ministry of Culture,Sports and Tourism in 2024(Project Name:Global Talent Training Program for Copyright Management Technology in Game Contents,Project Number:RS-2024-00396709,Contribution Rate:100%).
文摘Digital content such as games,extended reality(XR),and movies has been widely and easily distributed over wireless networks.As a result,unauthorized access,copyright infringement by third parties or eavesdroppers,and cyberattacks over these networks have become pressing concerns.Therefore,protecting copyrighted content and preventing illegal distribution in wireless communications has garnered significant attention.The Intelligent Reflecting Surface(IRS)is regarded as a promising technology for future wireless and mobile networks due to its ability to reconfigure the radio propagation environment.This study investigates the security performance of an uplink Non-Orthogonal Multiple Access(NOMA)system integrated with an IRS and employing Fountain Codes(FCs).Specifically,two users send signals to the base station at separate distances.A relay receives the signal from the nearby user first and then relays it to the base station.The IRS receives the signal from the distant user and reflects it to the relay,which then sends the reflected signal to the base station.Furthermore,a malevolent eavesdropper intercepts both user and relay communications.We construct mathematical equations for Outage Probability(OP),throughput,diversity evaluation,and Interception Probability(IP),offering quantitative insights to assess system security and performance.Additionally,OP and IP are analyzed using a Deep Neural Network(DNN)model.A deeper comprehension of the security performance of the IRS-assisted NOMA systemin signal transmission is provided by Monte Carlo simulations,which are also carried out to confirm the theoretical conclusions.
基金Under the auspices of National Key Research and Development Program of China(No.2022YFF1300904)the National Natural Science Foundation of China(No.42271119,42371075,42471127)+1 种基金Youth Innovation Promotion Association,Chinese Academy of Sciences(No.2023238)Jilin Province Science and Technology Development Plan Project(No.20230203001SF)。
文摘A robust ecological security network(ESN)is essential for ensuring regional ecological security,improving fragile ecological conditions,and promoting sustainable development.Climate change and land use/cover change(LUCC)influence the structure and connectivity of the ESN by impacting ecosystem services(ESs).Previous studies primarily focused on the overall effects of LUCC on ESN changes,but they largely overlooked the effects of detailed LUCC transitions.In this study,we evaluated changes in the structure and connectivity of the ESN in the Songnen Plain(SNP),Northeast China,over the past 30 yr(1990s-2020s)using circuit theory and graph theory.We further explored the effects of climate change,LUCC,and detailed LUCC transformations on ESN changes through factorial control experiments.Results revealed a 24.86%decrease in ecological sources and a 27.06%decrease in ecological corridors,accompanied by a decline in ESN connectivity from the 1990s to the 2010s.Conversely,from the 2010s to the 2020s,ecological sources increased by 14.71%and ecological corridors increased by 25.71%due to ecological projects such as returning farmland to wetlands,resulting in an overall increase in ESN connectivity.The changes in ESN structure were primarily attributed to LUCC effects,followed by climate change effects and their interactions.In contrast,the changes in connectivity were significantly affected by climate change,followed by interactive effects and LUCC.Through detailed examination of LUCC transformation effects,we further found that the changes in ESN structure were primarily attributed to wetland loss,followed by deforestation and urban expansion.Meanwhile,the changes in ESN connectivity were mainly due to the effects of wetland loss,urban expansion and deforestation.Notably,the adverse effects of wetland loss partly offset climate change benefits on ESN.Our study offers valuable insights for developing future land management policies and implementing ecological projects,aimed at maintaining a stable ESN and ensuring sustainable human development.
文摘In this paper,we investigate and analyze the network security risks faced by 5G private industrial networks.Based on current network security architecture and 3GPP requirements and considering the actual application of 5G private industrial networks,a comparative analysis is used to plan and design a private network security construction scheme.The network security construction model,network organization,and key processes of 5G private industrial networks at the current stage are investigated.In addition,the key direction for the next stage of construction is discussed.
文摘The 5G and satellite converged communication network(5G SCCN)is an impor⁃tant component of the integration of satellite-terrestrial networks,the national science,and technology major projects towards 2030.Security is the key to ensuring its operation,but at present,the research in this area has just started in our country.Based on the network char⁃acteristics and security risks,we propose the security architecture of the 5G SCCN and sys⁃tematically sort out the key protection technologies and improvement directions.In particu⁃lar,unique thinking on the security of lightweight data communication and design reference for the 5G SCCN network architecture is presented.It is expected to provide a piece of refer⁃ence for the follow-up 5G SCCN security technology research,standard evolution,and indus⁃trialization.
文摘In order to improve the security of high school campus networks,this paper introduces the goal,system composition,and function of the network security of high school campus networks,and puts forward a series of strategies,including the establishment of network security protection system,data backup and recovery mechanism,and strengthening network security management and training.Through these strategies,the safety and stable operation of the campus network can be ensured,the quality of education can be improved,and school’s development can be promoted.
文摘The Vertical Handover(VHO)is one of the most vital features provided for the heterogeneous mobile networks.It allows Mobile Users(MUs)to keep ongoing sessions without disruption while they continuously move between different Radio Access Technologies(RATs)such as Wireless Fidelity(Wi-Fi),Global System for Mobile Communication(GSM),Universal Mobile Telecommunications System(UMTS),Long Term Evolution(LTE)and Fifth Generation(5G).In order to fulfill this goal,the VHO must comply to three main phases:starting of collecting the required information and then passing it for decision phase to obtain the best available RAT for performing VHO by execution phase eventually.However,the execution phase still encounters some security issues which are exploited by hackers in launching malicious attacks such as ransomware,fragmentation,header manipulation,smurf,host initialization,reconnaissance,eavesdropping,Denial of Service(DoS),spoofing,Man in the Middle(MITM)and falsification.This paper thoroughly studies the recent security issues for hundreds VHO approaches found in the literature and comes up with a secure procedure to enhance VHO security during execution phase.A numerical analysis results of the proposed procedure are effectively evaluated in terms of security and signaling cost.Compared with the recent related work found in literature,the analysis demonstrates that the security is successfully improved by 20%whereas signaling cost is maintained as in non-proposed procedure.
文摘Active networks is primarily a Defense Advanced Research Projects Agency(DARPA)-funded project focusing on the research of mechanisms, applications, and operating systems to develop a reconfigurable network infrastructure. This letter proposes an Secure Active Tracing System (SATS) to implementing security for active networking in Internet. Unlike currently existing schemes, SATS reduces the computational overloads by executing the filtering operation on selected packet streams only when needed.
文摘Studied in this article is whether the Bayesian Network Model (BNM) can be effectively applied to the prioritization of defense in-depth security tools and procedures and to the combining of those measures to reduce cyber threats. The methods used in this study consisted of scanning 24 peer reviewed Cybersecurity Articles from prominent Cybersecurity Journals using the Likert Scale Model for the article’s list of defense in depth measures (tools and procedures) and the threats that those measures were designed to reduce. The defense in depth tools and procedures are then compared to see whether the Likert scale and the Bayesian Network Model could be effectively applied to prioritize and combine the measures to reduce cyber threats attacks against organizational and private computing systems. The findings of the research reject the H0 null hypothesis that BNM does not affect the relationship between the prioritization and combining of 24 Cybersecurity Article’s defense in depth tools and procedures (independent variables) and cyber threats (dependent variables).
文摘In order to manage all kinds of network security devices and software systems efficiently, and make them collaborate with each other, the model for an open network security management platform is presented. The feasibility and key implementing technology of the model are expatiated. A prototype system is implemented to validate it.
文摘With the development of information networks, the problem of power security has increasingly caused many attention of people, but the simple power security defense system has been difficult to meet the current complex network environment. Aiming at this situation, by using the method of T-S fuzzy neural network model to analyze the characteristics of the data transmission in network, it has obtained corresponding threat information. By processing these threat information, it completes the construction of three-dimensional power security defense system. The paper carries on the corresponding data training methods by using T-shirt model fuzzy neural network, which has certain reference significance for the data analysis of other similar fields. At the same time, the study of building on the three-dimensional power security defense system aims to provide a theoretical reference for solving the security defense of the current complex network environment.
基金supported by the Wuhan Frontier Program of Application Foundation (No.2018010401011295)National High Technology Research and Development Program of China (“863” Program) (Grant No. 2015AA016002)
文摘Software-Defined Networking (SDN) has been a hot topic for future network development, which implements the different layers of control plane and data plane respectively. Despite providing high openness and programmability, the “three-layer two-interface” architecture of SDN changes the traditional network and increases the network attack nodes, which results in new security issues. In this paper, we firstly introduced the background, architecture and working process of SDN. Secondly, we summarized and analyzed the typical security issues from north to south: application layer, northbound interface, control layer, southbound interface and data layer. Another contribution is to review and analyze the existing solutions and latest research progress of each layer, mainly including: authorized authentication module, application isolation, DoS/DDoS defense, multi-controller deployment and flow rule consistency detection. Finally, a conclusion about the future works of SDN security and an idealized global security architecture is proposed.
文摘In recent years, with the increase of the speed of social development, the network level of its computer has also been continuously improved, in its computer network application and popularization stage, has achieved good results. But there are also more and more problems, such as data theft and system damage, which need to be analyzed and applied in security technologies to maintain network security.
基金Supported by the Foundation of Tianjin for Science and Technology Innovation(10FDZDGX00400,11ZCKFGX00900)Key Project of Educational Reform Foundation of Tianjin Municipal Education Commission(C03-0809)
文摘With the rapid development of global information and the increasing dependence on network for people, network security problems are becoming more and more serious. By analyzing the existing security assessment methods, we propose a network security situation evaluation system based on modified D-S evidence theory is proposed. Firstly, we give a modified D-S evidence theory to improve the reliability and rationality of the fusion result and apply the theory to correlation analysis. Secondly, the attack successful support is accurately calculated by matching internal factors with external threats. Multi-module evaluation is established to comprehensively evaluate the situation of network security. Finally we use an example of actual network datasets to validate the network security situation evaluation system. The simulation result shows that the system can not only reduce the rate of false positives and false alarms, but also effectively help analysts comprehensively to understand the situation of network security.
基金supported by State Key Laboratory of Software Development Environment under Grant No. SKLSDE-2009ZX-02China Aviation Science Fund under Grant No.20081951National High Technical Research and Development Program of China (863 Program) under Grant No.2007AA01Z183
文摘As the number of Virtual Machines(VMs) consolidated on single physical server increases with the rapid advance of server hardware,virtual network turns complex and frangible.Modern Network Security Engines(NSE) are introduced to eradicate the intrusions occurring in the virtual network.In this paper,we point out the inadequacy of the present live migration implementation,which hinders itself from providing transparent VM relocation between hypervisors equipped with Network Security Engines(NSE-H).This occurs because the current implementation ignores VM-related Security Context(SC) required by NSEs embedded in NSE-H.We present the CoM,a comprehensive live migration framework,for NSE-H-based virtualization computing environment.We built a prototype system on Xen hypervisors to evaluate our framework,and conduct experiments under various realistic application environments.The results demonstrate that our solution successfully fixes the inadequacy of the present live migration implementation,and the performance overhead is negligible.
