The increasing adoption of smart devices and cloud services,coupled with limitations in local computing and storage resources,prompts numerous users to transmit private data to cloud servers for processing.However,the...The increasing adoption of smart devices and cloud services,coupled with limitations in local computing and storage resources,prompts numerous users to transmit private data to cloud servers for processing.However,the transmission of sensitive data in plaintext form raises concerns regarding users'privacy and security.To address these concerns,this study proposes an efficient privacy-preserving secure neural network inference scheme based on homomorphic encryption and secure multi-party computation,which ensures the privacy of both the user and the cloud server while enabling fast and accurate ciphertext inference.First,we divide the inference process into three stages,including the merging stage for adjusting the network structure,the preprocessing stage for performing homomorphic computations,and the online stage for floating-point operations on the secret sharing of private data.Second,we propose an approach of merging network parameters,thereby reducing the cost of multiplication levels and decreasing both ciphertext-plaintext multiplication and addition operations.Finally,we propose a fast convolution algorithm to enhance computational eficiency.Compared with other state-of-the-art methods,our scheme reduces the linear operation time in the online stage by at least 11%,significantly reducing inference time and communication overhead.展开更多
This paper proposes a model-based control framework for vehicle platooning systems with secondorder nonlinear dynamics operating over switching signed networks,time-varying delays,and deception attacks.The study inclu...This paper proposes a model-based control framework for vehicle platooning systems with secondorder nonlinear dynamics operating over switching signed networks,time-varying delays,and deception attacks.The study includes two configurations:a leaderless structure using Finite-Time Non-Singular Terminal Bipartite Consensus(FNTBC)and Fixed-Time Bipartite Consensus(FXTBC),and a leader—follower structure ensuring structural balance and robustness against deceptive signals.In the leaderless model,a bipartite controller based on impulsive control theory,gauge transformation,and Markovian switching Lyapunov functions ensures mean-square stability and coordination under deception attacks and communication delays.The FNTBC achieves finite-time convergence depending on initial conditions,while the FXTBC guarantees fixed-time convergence independent of them,providing adaptability to different operating states.In the leader—follower case,a discontinuous impulsive control law synchronizes all followers with the leader despite deceptive attacks and switching topologies,maintaining robust coordination through nonlinear corrective mechanisms.To validate the approach,simulations are conducted on systems of five and seventeen vehicles in both leaderless and leader—follower configurations.The results demonstrate that the proposed framework achieves rapid consensus,strong robustness,and high resistance to deception attacks,offering a secure and scalable model-based control solution for modern vehicular communication networks.展开更多
Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHS...Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHSAS is developed for national backbone network,large network operators,large enterprises and other large-scale network.This paper describes its architecture and key technologies:Network Security Oriented Total Factor Information Collection and High-Dimensional Vector Space Analysis,Knowledge Representation and Management of Super Large-Scale Network Security,Multi-Level,Multi-Granularity and Multi-Dimensional Network Security Index Construction Method,Multi-Mode and Multi-Granularity Network Security Situation Prediction Technology,and so on.The performance tests show that YHSAS has high real-time performance and accuracy in security situation analysis and trend prediction.The system meets the demands of analysis and prediction for large-scale network security situation.展开更多
A model of intelligent intrusion detection based on rough neural network (RNN), which combines the neural network and rough set, is presented. It works by capturing network packets to identify network intrusions or ma...A model of intelligent intrusion detection based on rough neural network (RNN), which combines the neural network and rough set, is presented. It works by capturing network packets to identify network intrusions or malicious attacks using RNN with sub-nets. The sub-net is constructed by detection-oriented signatures extracted using rough set theory to detect different intrusions. It is proved that RNN detection method has the merits of adaptive, high universality, high convergence speed, easy upgrading and management.展开更多
In this paper,the security problem for the multi-access edge computing(MEC)network is researched,and an intelligent immunity-based security defense system is proposed to identify the unauthorized mobile users and to p...In this paper,the security problem for the multi-access edge computing(MEC)network is researched,and an intelligent immunity-based security defense system is proposed to identify the unauthorized mobile users and to protect the security of whole system.In the proposed security defense system,the security is protected by the intelligent immunity through three functions,identification function,learning function,and regulation function,respectively.Meanwhile,a three process-based intelligent algorithm is proposed for the intelligent immunity system.Numerical simulations are given to prove the effeteness of the proposed approach.展开更多
To provide a high-security guaran- tee to network coding and lower the comput- ing complexity induced by signature scheme, we take full advantage of homomorphic prop- erty to build lattice signature schemes and sec- u...To provide a high-security guaran- tee to network coding and lower the comput- ing complexity induced by signature scheme, we take full advantage of homomorphic prop- erty to build lattice signature schemes and sec- ure network coding algorithms. Firstly, by means of the distance between the message and its sig- nature in a lattice, we propose a Distance-bas- ed Secure Network Coding (DSNC) algorithm and stipulate its security to a new hard problem Fixed Length Vector Problem (FLVP), which is harder than Shortest Vector Problem (SVP) on lattices. Secondly, considering the bound- ary on the distance between the message and its signature, we further propose an efficient Bo- undary-based Secure Network Coding (BSNC) algorithm to reduce the computing complexity induced by square calculation in DSNC. Sim- ulation results and security analysis show that the proposed signature schemes have stronger unforgeability due to the natural property of lattices than traditional Rivest-Shamir-Adleman (RSA)-based signature scheme. DSNC algo- rithm is more secure and BSNC algorithm greatly reduces the time cost on computation.展开更多
This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in wireless mesh networks.In this approach,the immunity-based agents m...This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in wireless mesh networks.In this approach,the immunity-based agents monitor the situation in the network.These agents can take appropriate actions according to the underlying security policies.Specifically,their activities are coordinated in a hierarchical fashion while sensing,communicating,determining and generating responses.Such an agent can learn about and adapt to its environment dynamically and can detect both known and unknown intrusions.The proposed intrusion detection architecture is designed to be flexible,extendible,and adaptable so that it can perform real-time monitoring.This paper provides the conceptual view and a general framework of the proposed system.In the end,the architecture is illustrated by an example and by simulation to show it can prevent attacks efficiently.展开更多
This paper proposed a distributed key management approach by using the recently developed concepts of certificate-based cryptosystem and threshold secret sharing schemes. Without any assumption of prefixed trust relat...This paper proposed a distributed key management approach by using the recently developed concepts of certificate-based cryptosystem and threshold secret sharing schemes. Without any assumption of prefixed trust relationship between nodes, the ad hoc network works in a self-organizing way to provide the key generation and key management services using threshold secret sharing schemes, which effectively solves the problem of single point of failure. The proposed approach combines the best aspects of identity-based key management approaches (implicit certification) and traditional public key infrastructure approaches (no key escrow).展开更多
The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which ...The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which protected data and facilities from being attacked by outside users by means of firewall, security monitor and control system. Firewall was basically the first line of defense for the intranet; the security monitoring system was a kind of IDS (Intrusion Detection System), while security control system provided authentication, authorization,data-encrypted transmission and security management. This architecture provides various security services, such as identification, authentication, authorization, data integrity and confidentiality.展开更多
Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of se...Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of sensor data,current practices in network forensic analysis are to manually examine,an error prone,labor-intensive and time consuming process.To solve these problems,in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments,and fuse digital evidence from different sources such as hosts and sub-networks automatically.In the end,we evaluate the method on well-known KDD Cup1999 dataset.The results prove our method is very effective for real-time network forensics,and can provide comprehensible messages for a forensic investigators.展开更多
In order to improve the security of high school campus networks,this paper introduces the goal,system composition,and function of the network security of high school campus networks,and puts forward a series of strate...In order to improve the security of high school campus networks,this paper introduces the goal,system composition,and function of the network security of high school campus networks,and puts forward a series of strategies,including the establishment of network security protection system,data backup and recovery mechanism,and strengthening network security management and training.Through these strategies,the safety and stable operation of the campus network can be ensured,the quality of education can be improved,and school’s development can be promoted.展开更多
The ever-growing network traffic threat landscape necessitates adopting accurate and robust intrusion detection systems(IDSs).IDSs have become a research hotspot and have seen remarkable performance improvements.Gener...The ever-growing network traffic threat landscape necessitates adopting accurate and robust intrusion detection systems(IDSs).IDSs have become a research hotspot and have seen remarkable performance improvements.Generative adversarial networks(GANs)have also garnered increasing research interest recently due to their remarkable ability to generate data.This paper investigates the application of(GANs)in(IDS)and explores their current use within this research field.We delve into the adoption of GANs within signature-based,anomaly-based,and hybrid IDSs,focusing on their objectives,methodologies,and advantages.Overall,GANs have been widely employed,mainly focused on solving the class imbalance issue by generating realistic attack samples.While GANs have shown significant potential in addressing the class imbalance issue,there are still open opportunities and challenges to be addressed.Little attention has been paid to their applicability in distributed and decentralized domains,such as IoT networks.Efficiency and scalability have been mostly overlooked,and thus,future works must aim at addressing these gaps.展开更多
In network-based intrusion detection practices,there are more regular instances than intrusion instances.Because there is always a statistical imbalance in the instances,it is difficult to train the intrusion detectio...In network-based intrusion detection practices,there are more regular instances than intrusion instances.Because there is always a statistical imbalance in the instances,it is difficult to train the intrusion detection system effectively.In this work,we compare intrusion detection performance by increasing the rarely appearing instances rather than by eliminating the frequently appearing duplicate instances.Our technique mitigates the statistical imbalance in these instances.We also carried out an experiment on the training model by increasing the instances,thereby increasing the attack instances step by step up to 13 levels.The experiments included not only known attacks,but also unknown new intrusions.The results are compared with the existing studies from the literature,and show an improvement in accuracy,sensitivity,and specificity over previous studies.The detection rates for the remote-to-user(R2L)and user-to-root(U2L)categories are improved significantly by adding fewer instances.The detection of many intrusions is increased from a very low to a very high detection rate.The detection of newer attacks that had not been used in training improved from 9%to 12%.This study has practical applications in network administration to protect from known and unknown attacks.If network administrators are running out of instances for some attacks,they can increase the number of instances with rarely appearing instances,thereby improving the detection of both known and unknown new attacks.展开更多
Under the assumption that the wiretapper can get at most r(r < n) independent messages, Cai et al. showed that any rate n multicast code can be modified to another secure network code with transmitting rate n- r by...Under the assumption that the wiretapper can get at most r(r < n) independent messages, Cai et al. showed that any rate n multicast code can be modified to another secure network code with transmitting rate n- r by a properly chosen matrix Q^(-1). They also gave the construction for searching such an n × n nonsingular matrix Q. In this paper, we find that their method implies an efficient construction of Q. That is to say, Q can be taken as a special block lower triangular matrix with diagonal subblocks being the(n- r) ×(n- r)and r × r identity matrices, respectively. Moreover, complexity analysis is made to show the efficiency of the specific construction.展开更多
Over the past few years,rapid advancements in the internet and communication technologies have led to increasingly intricate and diverse networking systems.As a result,greater intelligence is necessary to effectively ...Over the past few years,rapid advancements in the internet and communication technologies have led to increasingly intricate and diverse networking systems.As a result,greater intelligence is necessary to effectively manage,optimize,and maintain these systems.Due to their distributed nature,machine learning models are challenging to deploy in traditional networks.However,Software-Defined Networking(SDN)presents an opportunity to integrate intelligence into networks by offering a programmable architecture that separates data and control planes.SDN provides a centralized network view and allows for dynamic updates of flow rules and softwarebased traffic analysis.While the programmable nature of SDN makes it easier to deploy machine learning techniques,the centralized control logic also makes it vulnerable to cyberattacks.To address these issues,recent research has focused on developing powerful machine-learning methods for detecting and mitigating attacks in SDN environments.This paper highlighted the countermeasures for cyberattacks on SDN and how current machine learningbased solutions can overcome these emerging issues.We also discuss the pros and cons of using machine learning algorithms for detecting and mitigating these attacks.Finally,we highlighted research issues,gaps,and challenges in developing machine learning-based solutions to secure the SDN controller,to help the research and network community to develop more robust and reliable solutions.展开更多
In this paper, a security protocol for the advanced metering infrastructure (AMI) in smart grid is proposed. Through the AMI, customers and the service provider achieve two-way communication. Real-time monitoring an...In this paper, a security protocol for the advanced metering infrastructure (AMI) in smart grid is proposed. Through the AMI, customers and the service provider achieve two-way communication. Real-time monitoring and demand response can be applied because of the information exchanged. Since the information contains much privacy of the customer, and the control messages need to be authenticated, security needs to be ensured for the communication in the AM1. Due to the complicated network structure of the AMI, the asymmetric communications, and various security requirements, existing security protocols for other networks can hardly be applied into the AMI directly. Therefore, a security protocol specifically for the AMI to meet the security requirements is proposed. Our proposed security protocol includes initial authentication, secure uplink data aggregation, secure downlink data transmission, and domain secrets update. Compared with existing researches in related areas, our proposed security protocol takes the asymmetric communications of the AMI and various security requirements in smart grid into consideration.展开更多
Theory and technology of network security is the core course of information security major,however,it still faces many challenges in the education of foreign graduate students studying in China.This paper analyzes the...Theory and technology of network security is the core course of information security major,however,it still faces many challenges in the education of foreign graduate students studying in China.This paper analyzes the status quo and existing problems in the course of theory and technology of network security for foreign graduate students studying in China,the most fundamental of which is that the existing teaching materials are difficult to meet the needs of foreign graduate students.In view of the problem,this paper discusses how to improve the existing teaching materials to adapt to the teaching needs for foreign students and puts forward some new ideas and reform measures.展开更多
Water conservancy project is the key to Chinas national economic development and maintain social stability, and has played a huge role in water resources utilization, flood control and waterlogging prevention, ecologi...Water conservancy project is the key to Chinas national economic development and maintain social stability, and has played a huge role in water resources utilization, flood control and waterlogging prevention, ecological environment protection and disaster prevention and reduction. This paper analyzes the water conservancy information network security protection system, analyzes the concept of water conservancy information network security protection system and the value of water conservancy information network security protection system construction background, and put forward the effective measures of water conservancy information network security protection system construction, provide reference for improving the information management level of water conservancy project.展开更多
A robust ecological security network(ESN)is essential for ensuring regional ecological security,improving fragile ecological conditions,and promoting sustainable development.Climate change and land use/cover change(LU...A robust ecological security network(ESN)is essential for ensuring regional ecological security,improving fragile ecological conditions,and promoting sustainable development.Climate change and land use/cover change(LUCC)influence the structure and connectivity of the ESN by impacting ecosystem services(ESs).Previous studies primarily focused on the overall effects of LUCC on ESN changes,but they largely overlooked the effects of detailed LUCC transitions.In this study,we evaluated changes in the structure and connectivity of the ESN in the Songnen Plain(SNP),Northeast China,over the past 30 yr(1990s-2020s)using circuit theory and graph theory.We further explored the effects of climate change,LUCC,and detailed LUCC transformations on ESN changes through factorial control experiments.Results revealed a 24.86%decrease in ecological sources and a 27.06%decrease in ecological corridors,accompanied by a decline in ESN connectivity from the 1990s to the 2010s.Conversely,from the 2010s to the 2020s,ecological sources increased by 14.71%and ecological corridors increased by 25.71%due to ecological projects such as returning farmland to wetlands,resulting in an overall increase in ESN connectivity.The changes in ESN structure were primarily attributed to LUCC effects,followed by climate change effects and their interactions.In contrast,the changes in connectivity were significantly affected by climate change,followed by interactive effects and LUCC.Through detailed examination of LUCC transformation effects,we further found that the changes in ESN structure were primarily attributed to wetland loss,followed by deforestation and urban expansion.Meanwhile,the changes in ESN connectivity were mainly due to the effects of wetland loss,urban expansion and deforestation.Notably,the adverse effects of wetland loss partly offset climate change benefits on ESN.Our study offers valuable insights for developing future land management policies and implementing ecological projects,aimed at maintaining a stable ESN and ensuring sustainable human development.展开更多
Given the grave local and international network security landscape,a national strategic level analysis indicates that the modernization and advancement within the Industry 4.0 era are closely correlated with overall c...Given the grave local and international network security landscape,a national strategic level analysis indicates that the modernization and advancement within the Industry 4.0 era are closely correlated with overall competitive strength.Consequently,China proposed a strategy for the integration of industrialization and informatization,optimizing and adjusting its industrial structure to swiftly achieve transformation and upgrading in the Industry 4.0 era,thereby enhancing the sophistication of intelligent industrial control systems.The distributed control system in a nuclear power plant functions as an industrial control system,overseeing the operational status of the physical process.Its ability to ensure safe and reliable operation is directly linked to nuclear safety and the cybersecurity of the facility.The management of network security in distributed control systems(DCS)is crucial for achieving this objective.Due to the varying network settings and parameters of the DCS implemented in each nuclear power plant,the network security status of the system sometimes diverges from expectations.During system operation,it will undoubtedly encounter network security issues.Consequently,nuclear power plants utilize the technical criteria outlined in GB/T 22239 to formulate a network security management program aimed at enhancing the operational security of DCS within these facilities.This study utilizes existing network security regulations and standards as a reference to analyze the network security control standards based on the nuclear power plant’s control system.It delineates the fundamental requirements for network security management,facilitating integration with the entire life cycle of the research,development,and application of the nuclear power plant’s distributed control system,thereby establishing a network security management methodology that satisfies the control requirements of the nuclear power plant.Initially,it presents DCS and network security management,outlines current domestic and international network security legislation and standards,and specifies the standards pertinent to the administration of DCS in nuclear power plants.Secondly,the design of network security management for DCS is executed in conjunction with the specific context of nuclear power plants.This encompasses the deployment of network security apparatus,validation of the network security management strategy,and optimization adjustments.Consequently,recommendations beneficial to the network security management of nuclear power plants are compiled,aimed at establishing a management system and incorporating the concept of full life cycle management,which is predicated on system requirements,system design,and both software and hardware considerations.Conversely,it presents the notion of comprehensive life cycle management and suggests network security management strategies encompassing system requirements,system architecture,detailed hardware and software design and implementation,procurement,internal system integration,system validation and acceptance testing,system installation,operational maintenance,system modifications,and decommissioning.We will consistently enhance the performance and functionality of DCS in nuclear power plants,establish a safe and secure operational environment,and thereby facilitate the implementation of DCS in nuclear facilities while ensuring robust network security in the future.展开更多
基金Project supported by the National Natural Science Foundation of China(No.U22B2026 and 62572121)the ZTE Industry University Research Cooperation Project。
文摘The increasing adoption of smart devices and cloud services,coupled with limitations in local computing and storage resources,prompts numerous users to transmit private data to cloud servers for processing.However,the transmission of sensitive data in plaintext form raises concerns regarding users'privacy and security.To address these concerns,this study proposes an efficient privacy-preserving secure neural network inference scheme based on homomorphic encryption and secure multi-party computation,which ensures the privacy of both the user and the cloud server while enabling fast and accurate ciphertext inference.First,we divide the inference process into three stages,including the merging stage for adjusting the network structure,the preprocessing stage for performing homomorphic computations,and the online stage for floating-point operations on the secret sharing of private data.Second,we propose an approach of merging network parameters,thereby reducing the cost of multiplication levels and decreasing both ciphertext-plaintext multiplication and addition operations.Finally,we propose a fast convolution algorithm to enhance computational eficiency.Compared with other state-of-the-art methods,our scheme reduces the linear operation time in the online stage by at least 11%,significantly reducing inference time and communication overhead.
基金Deanship of Research and Graduate Studies at King Khalid University for funding this work through Large Research Project under grant number RGP.2/103/46”Deanship of Scientific Research at Northern Border University,Arar,Saudi Arabia for funding this research work through project number“NBU-FFR-2025-871-15”funding from Prince Sattam bin Abdulaziz University project number(PSAU/2025/R/1447).
文摘This paper proposes a model-based control framework for vehicle platooning systems with secondorder nonlinear dynamics operating over switching signed networks,time-varying delays,and deception attacks.The study includes two configurations:a leaderless structure using Finite-Time Non-Singular Terminal Bipartite Consensus(FNTBC)and Fixed-Time Bipartite Consensus(FXTBC),and a leader—follower structure ensuring structural balance and robustness against deceptive signals.In the leaderless model,a bipartite controller based on impulsive control theory,gauge transformation,and Markovian switching Lyapunov functions ensures mean-square stability and coordination under deception attacks and communication delays.The FNTBC achieves finite-time convergence depending on initial conditions,while the FXTBC guarantees fixed-time convergence independent of them,providing adaptability to different operating states.In the leader—follower case,a discontinuous impulsive control law synchronizes all followers with the leader despite deceptive attacks and switching topologies,maintaining robust coordination through nonlinear corrective mechanisms.To validate the approach,simulations are conducted on systems of five and seventeen vehicles in both leaderless and leader—follower configurations.The results demonstrate that the proposed framework achieves rapid consensus,strong robustness,and high resistance to deception attacks,offering a secure and scalable model-based control solution for modern vehicular communication networks.
基金This work is funded by the National Natural Science Foundation of China under Grant U1636215the National key research and development plan under Grant Nos.2018YFB0803504,2016YFB0800303.
文摘Network Security Situation Awareness System YHSAS acquires,understands and displays the security factors which cause changes of network situation,and predicts the future development trend of these security factors.YHSAS is developed for national backbone network,large network operators,large enterprises and other large-scale network.This paper describes its architecture and key technologies:Network Security Oriented Total Factor Information Collection and High-Dimensional Vector Space Analysis,Knowledge Representation and Management of Super Large-Scale Network Security,Multi-Level,Multi-Granularity and Multi-Dimensional Network Security Index Construction Method,Multi-Mode and Multi-Granularity Network Security Situation Prediction Technology,and so on.The performance tests show that YHSAS has high real-time performance and accuracy in security situation analysis and trend prediction.The system meets the demands of analysis and prediction for large-scale network security situation.
文摘A model of intelligent intrusion detection based on rough neural network (RNN), which combines the neural network and rough set, is presented. It works by capturing network packets to identify network intrusions or malicious attacks using RNN with sub-nets. The sub-net is constructed by detection-oriented signatures extracted using rough set theory to detect different intrusions. It is proved that RNN detection method has the merits of adaptive, high universality, high convergence speed, easy upgrading and management.
基金This work was supported by National Natural Science Foundation of China(No.61971026)the Fundamental Research Funds for the Central Universities(No.FRF-TP-18-008A3).
文摘In this paper,the security problem for the multi-access edge computing(MEC)network is researched,and an intelligent immunity-based security defense system is proposed to identify the unauthorized mobile users and to protect the security of whole system.In the proposed security defense system,the security is protected by the intelligent immunity through three functions,identification function,learning function,and regulation function,respectively.Meanwhile,a three process-based intelligent algorithm is proposed for the intelligent immunity system.Numerical simulations are given to prove the effeteness of the proposed approach.
基金ACKNOWLEDGEMENT This work was partially supported by the National Basic Research Program of China under Grant No. 2012CB315905 the National Natural Sci- ence Foundation of China under Grants No. 61272501, No. 61173154, No. 61370190 and the Beijing Natural Science Foundation under Grant No. 4132056.
文摘To provide a high-security guaran- tee to network coding and lower the comput- ing complexity induced by signature scheme, we take full advantage of homomorphic prop- erty to build lattice signature schemes and sec- ure network coding algorithms. Firstly, by means of the distance between the message and its sig- nature in a lattice, we propose a Distance-bas- ed Secure Network Coding (DSNC) algorithm and stipulate its security to a new hard problem Fixed Length Vector Problem (FLVP), which is harder than Shortest Vector Problem (SVP) on lattices. Secondly, considering the bound- ary on the distance between the message and its signature, we further propose an efficient Bo- undary-based Secure Network Coding (BSNC) algorithm to reduce the computing complexity induced by square calculation in DSNC. Sim- ulation results and security analysis show that the proposed signature schemes have stronger unforgeability due to the natural property of lattices than traditional Rivest-Shamir-Adleman (RSA)-based signature scheme. DSNC algo- rithm is more secure and BSNC algorithm greatly reduces the time cost on computation.
基金supported by National Natural Science Foundation of China under Grant No.60932003National High Technical Research and Development Program of China(863 program) Grant No.2007AA01Z452,No.2009AA01Z118+1 种基金Shanghai Municipal Natural Science Foundation under Grant No.09ZR1414900National Undergraduate Innovative Test Program under Grant No.091024812
文摘This paper focuses on investigating immunological principles in designing a multi-agent security architecture for intrusion detection and response in wireless mesh networks.In this approach,the immunity-based agents monitor the situation in the network.These agents can take appropriate actions according to the underlying security policies.Specifically,their activities are coordinated in a hierarchical fashion while sensing,communicating,determining and generating responses.Such an agent can learn about and adapt to its environment dynamically and can detect both known and unknown intrusions.The proposed intrusion detection architecture is designed to be flexible,extendible,and adaptable so that it can perform real-time monitoring.This paper provides the conceptual view and a general framework of the proposed system.In the end,the architecture is illustrated by an example and by simulation to show it can prevent attacks efficiently.
文摘This paper proposed a distributed key management approach by using the recently developed concepts of certificate-based cryptosystem and threshold secret sharing schemes. Without any assumption of prefixed trust relationship between nodes, the ad hoc network works in a self-organizing way to provide the key generation and key management services using threshold secret sharing schemes, which effectively solves the problem of single point of failure. The proposed approach combines the best aspects of identity-based key management approaches (implicit certification) and traditional public key infrastructure approaches (no key escrow).
文摘The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which protected data and facilities from being attacked by outside users by means of firewall, security monitor and control system. Firewall was basically the first line of defense for the intranet; the security monitoring system was a kind of IDS (Intrusion Detection System), while security control system provided authentication, authorization,data-encrypted transmission and security management. This architecture provides various security services, such as identification, authentication, authorization, data integrity and confidentiality.
基金supported by the National Natural Science Foundation of China under Grant No.60903166 the National High Technology Research and Development Program of China(863 Program) under Grants No.2012AA012506,No.2012AA012901,No.2012AA012903+9 种基金 Specialized Research Fund for the Doctoral Program of Higher Education of China under Grant No.20121103120032 the Humanity and Social Science Youth Foundation of Ministry of Education of China under Grant No.13YJCZH065 the Opening Project of Key Lab of Information Network Security of Ministry of Public Security(The Third Research Institute of Ministry of Public Security) under Grant No.C13613 the China Postdoctoral Science Foundation General Program of Science and Technology Development Project of Beijing Municipal Education Commission of China under Grant No.km201410005012 the Research on Education and Teaching of Beijing University of Technology under Grant No.ER2013C24 the Beijing Municipal Natural Science Foundation Sponsored by Hunan Postdoctoral Scientific Program Open Research Fund of Beijing Key Laboratory of Trusted Computing Funds for the Central Universities, Contract No.2012JBM030
文摘Network intrusion forensics is an important extension to present security infrastructure,and is becoming the focus of forensics research field.However,comparison with sophisticated multi-stage attacks and volume of sensor data,current practices in network forensic analysis are to manually examine,an error prone,labor-intensive and time consuming process.To solve these problems,in this paper we propose a digital evidence fusion method for network forensics with Dempster-Shafer theory that can detect efficiently computer crime in networked environments,and fuse digital evidence from different sources such as hosts and sub-networks automatically.In the end,we evaluate the method on well-known KDD Cup1999 dataset.The results prove our method is very effective for real-time network forensics,and can provide comprehensible messages for a forensic investigators.
文摘In order to improve the security of high school campus networks,this paper introduces the goal,system composition,and function of the network security of high school campus networks,and puts forward a series of strategies,including the establishment of network security protection system,data backup and recovery mechanism,and strengthening network security management and training.Through these strategies,the safety and stable operation of the campus network can be ensured,the quality of education can be improved,and school’s development can be promoted.
文摘The ever-growing network traffic threat landscape necessitates adopting accurate and robust intrusion detection systems(IDSs).IDSs have become a research hotspot and have seen remarkable performance improvements.Generative adversarial networks(GANs)have also garnered increasing research interest recently due to their remarkable ability to generate data.This paper investigates the application of(GANs)in(IDS)and explores their current use within this research field.We delve into the adoption of GANs within signature-based,anomaly-based,and hybrid IDSs,focusing on their objectives,methodologies,and advantages.Overall,GANs have been widely employed,mainly focused on solving the class imbalance issue by generating realistic attack samples.While GANs have shown significant potential in addressing the class imbalance issue,there are still open opportunities and challenges to be addressed.Little attention has been paid to their applicability in distributed and decentralized domains,such as IoT networks.Efficiency and scalability have been mostly overlooked,and thus,future works must aim at addressing these gaps.
基金the Institute for Information and Communications Technology Planning and Evaluation(IITP)funded by the Korea Government(MSIT)under Grant 20190007960022002(2020000000110).
文摘In network-based intrusion detection practices,there are more regular instances than intrusion instances.Because there is always a statistical imbalance in the instances,it is difficult to train the intrusion detection system effectively.In this work,we compare intrusion detection performance by increasing the rarely appearing instances rather than by eliminating the frequently appearing duplicate instances.Our technique mitigates the statistical imbalance in these instances.We also carried out an experiment on the training model by increasing the instances,thereby increasing the attack instances step by step up to 13 levels.The experiments included not only known attacks,but also unknown new intrusions.The results are compared with the existing studies from the literature,and show an improvement in accuracy,sensitivity,and specificity over previous studies.The detection rates for the remote-to-user(R2L)and user-to-root(U2L)categories are improved significantly by adding fewer instances.The detection of many intrusions is increased from a very low to a very high detection rate.The detection of newer attacks that had not been used in training improved from 9%to 12%.This study has practical applications in network administration to protect from known and unknown attacks.If network administrators are running out of instances for some attacks,they can increase the number of instances with rarely appearing instances,thereby improving the detection of both known and unknown new attacks.
基金Supported by the National Natural Science Foundation of China(61201253)
文摘Under the assumption that the wiretapper can get at most r(r < n) independent messages, Cai et al. showed that any rate n multicast code can be modified to another secure network code with transmitting rate n- r by a properly chosen matrix Q^(-1). They also gave the construction for searching such an n × n nonsingular matrix Q. In this paper, we find that their method implies an efficient construction of Q. That is to say, Q can be taken as a special block lower triangular matrix with diagonal subblocks being the(n- r) ×(n- r)and r × r identity matrices, respectively. Moreover, complexity analysis is made to show the efficiency of the specific construction.
文摘Over the past few years,rapid advancements in the internet and communication technologies have led to increasingly intricate and diverse networking systems.As a result,greater intelligence is necessary to effectively manage,optimize,and maintain these systems.Due to their distributed nature,machine learning models are challenging to deploy in traditional networks.However,Software-Defined Networking(SDN)presents an opportunity to integrate intelligence into networks by offering a programmable architecture that separates data and control planes.SDN provides a centralized network view and allows for dynamic updates of flow rules and softwarebased traffic analysis.While the programmable nature of SDN makes it easier to deploy machine learning techniques,the centralized control logic also makes it vulnerable to cyberattacks.To address these issues,recent research has focused on developing powerful machine-learning methods for detecting and mitigating attacks in SDN environments.This paper highlighted the countermeasures for cyberattacks on SDN and how current machine learningbased solutions can overcome these emerging issues.We also discuss the pros and cons of using machine learning algorithms for detecting and mitigating these attacks.Finally,we highlighted research issues,gaps,and challenges in developing machine learning-based solutions to secure the SDN controller,to help the research and network community to develop more robust and reliable solutions.
基金supported by the National Science Fourdation under Grant No.CNS-1423408
文摘In this paper, a security protocol for the advanced metering infrastructure (AMI) in smart grid is proposed. Through the AMI, customers and the service provider achieve two-way communication. Real-time monitoring and demand response can be applied because of the information exchanged. Since the information contains much privacy of the customer, and the control messages need to be authenticated, security needs to be ensured for the communication in the AM1. Due to the complicated network structure of the AMI, the asymmetric communications, and various security requirements, existing security protocols for other networks can hardly be applied into the AMI directly. Therefore, a security protocol specifically for the AMI to meet the security requirements is proposed. Our proposed security protocol includes initial authentication, secure uplink data aggregation, secure downlink data transmission, and domain secrets update. Compared with existing researches in related areas, our proposed security protocol takes the asymmetric communications of the AMI and various security requirements in smart grid into consideration.
文摘Theory and technology of network security is the core course of information security major,however,it still faces many challenges in the education of foreign graduate students studying in China.This paper analyzes the status quo and existing problems in the course of theory and technology of network security for foreign graduate students studying in China,the most fundamental of which is that the existing teaching materials are difficult to meet the needs of foreign graduate students.In view of the problem,this paper discusses how to improve the existing teaching materials to adapt to the teaching needs for foreign students and puts forward some new ideas and reform measures.
文摘Water conservancy project is the key to Chinas national economic development and maintain social stability, and has played a huge role in water resources utilization, flood control and waterlogging prevention, ecological environment protection and disaster prevention and reduction. This paper analyzes the water conservancy information network security protection system, analyzes the concept of water conservancy information network security protection system and the value of water conservancy information network security protection system construction background, and put forward the effective measures of water conservancy information network security protection system construction, provide reference for improving the information management level of water conservancy project.
基金Under the auspices of National Key Research and Development Program of China(No.2022YFF1300904)the National Natural Science Foundation of China(No.42271119,42371075,42471127)+1 种基金Youth Innovation Promotion Association,Chinese Academy of Sciences(No.2023238)Jilin Province Science and Technology Development Plan Project(No.20230203001SF)。
文摘A robust ecological security network(ESN)is essential for ensuring regional ecological security,improving fragile ecological conditions,and promoting sustainable development.Climate change and land use/cover change(LUCC)influence the structure and connectivity of the ESN by impacting ecosystem services(ESs).Previous studies primarily focused on the overall effects of LUCC on ESN changes,but they largely overlooked the effects of detailed LUCC transitions.In this study,we evaluated changes in the structure and connectivity of the ESN in the Songnen Plain(SNP),Northeast China,over the past 30 yr(1990s-2020s)using circuit theory and graph theory.We further explored the effects of climate change,LUCC,and detailed LUCC transformations on ESN changes through factorial control experiments.Results revealed a 24.86%decrease in ecological sources and a 27.06%decrease in ecological corridors,accompanied by a decline in ESN connectivity from the 1990s to the 2010s.Conversely,from the 2010s to the 2020s,ecological sources increased by 14.71%and ecological corridors increased by 25.71%due to ecological projects such as returning farmland to wetlands,resulting in an overall increase in ESN connectivity.The changes in ESN structure were primarily attributed to LUCC effects,followed by climate change effects and their interactions.In contrast,the changes in connectivity were significantly affected by climate change,followed by interactive effects and LUCC.Through detailed examination of LUCC transformation effects,we further found that the changes in ESN structure were primarily attributed to wetland loss,followed by deforestation and urban expansion.Meanwhile,the changes in ESN connectivity were mainly due to the effects of wetland loss,urban expansion and deforestation.Notably,the adverse effects of wetland loss partly offset climate change benefits on ESN.Our study offers valuable insights for developing future land management policies and implementing ecological projects,aimed at maintaining a stable ESN and ensuring sustainable human development.
文摘Given the grave local and international network security landscape,a national strategic level analysis indicates that the modernization and advancement within the Industry 4.0 era are closely correlated with overall competitive strength.Consequently,China proposed a strategy for the integration of industrialization and informatization,optimizing and adjusting its industrial structure to swiftly achieve transformation and upgrading in the Industry 4.0 era,thereby enhancing the sophistication of intelligent industrial control systems.The distributed control system in a nuclear power plant functions as an industrial control system,overseeing the operational status of the physical process.Its ability to ensure safe and reliable operation is directly linked to nuclear safety and the cybersecurity of the facility.The management of network security in distributed control systems(DCS)is crucial for achieving this objective.Due to the varying network settings and parameters of the DCS implemented in each nuclear power plant,the network security status of the system sometimes diverges from expectations.During system operation,it will undoubtedly encounter network security issues.Consequently,nuclear power plants utilize the technical criteria outlined in GB/T 22239 to formulate a network security management program aimed at enhancing the operational security of DCS within these facilities.This study utilizes existing network security regulations and standards as a reference to analyze the network security control standards based on the nuclear power plant’s control system.It delineates the fundamental requirements for network security management,facilitating integration with the entire life cycle of the research,development,and application of the nuclear power plant’s distributed control system,thereby establishing a network security management methodology that satisfies the control requirements of the nuclear power plant.Initially,it presents DCS and network security management,outlines current domestic and international network security legislation and standards,and specifies the standards pertinent to the administration of DCS in nuclear power plants.Secondly,the design of network security management for DCS is executed in conjunction with the specific context of nuclear power plants.This encompasses the deployment of network security apparatus,validation of the network security management strategy,and optimization adjustments.Consequently,recommendations beneficial to the network security management of nuclear power plants are compiled,aimed at establishing a management system and incorporating the concept of full life cycle management,which is predicated on system requirements,system design,and both software and hardware considerations.Conversely,it presents the notion of comprehensive life cycle management and suggests network security management strategies encompassing system requirements,system architecture,detailed hardware and software design and implementation,procurement,internal system integration,system validation and acceptance testing,system installation,operational maintenance,system modifications,and decommissioning.We will consistently enhance the performance and functionality of DCS in nuclear power plants,establish a safe and secure operational environment,and thereby facilitate the implementation of DCS in nuclear facilities while ensuring robust network security in the future.
