Wireless Sensor Network(WSN)is a distributed sensor network composed a large number of nodes with low cost,low performance and self-management.The special structure of WSN brings both convenience and vulnerability.For...Wireless Sensor Network(WSN)is a distributed sensor network composed a large number of nodes with low cost,low performance and self-management.The special structure of WSN brings both convenience and vulnerability.For example,a malicious participant can launch attacks by capturing a physical device.Therefore,node authentication that can resist malicious attacks is very important to network security.Recently,blockchain technology has shown the potential to enhance the security of the Internet of Things(IoT).In this paper,we propose a Blockchain-empowered Authentication Scheme(BAS)for WSN.In our scheme,all nodes are managed by utilizing the identity information stored on the blockchain.Besides,the simulation experiment about worm detection is executed on BAS,and the security is evaluated from detection and infection rate.The experiment results indicate that the proposed scheme can effectively inhibit the spread and infection of worms in the network.展开更多
Current worm detection methods are unable to detect multi-vector polymorphic worms effectively. Based on negative selection mechanism of the immune system, a local network worm detection system that detects worms was ...Current worm detection methods are unable to detect multi-vector polymorphic worms effectively. Based on negative selection mechanism of the immune system, a local network worm detection system that detects worms was proposed. Normal network service requests were represented by self-strings, and the detection system used self-strings to monitor the network for anomaly. According to the properties of worm propagation, a control center correlated the anomalies detected in the form of binary trees to ensure the accuracy of worm detection. Experiments show the system to be effective in detecting the traditional as well as multi-vector polymorphic worms.展开更多
Objective To detect unknown network worm at its early propagation stage. Methods On the basis of characteristics of network worm attack, the concept of failed connection flow (FCT) was defined. Based on wavelet packet...Objective To detect unknown network worm at its early propagation stage. Methods On the basis of characteristics of network worm attack, the concept of failed connection flow (FCT) was defined. Based on wavelet packet analysis of FCT time series, this method computed the energy associated with each wavelet packet of FCT time series, transformed the FCT time series into a series of energy distribution vector on frequency domain, then a trained K-nearest neighbor (KNN) classifier was applied to identify the worm. Results The experiment showed that the method could identify network worm when the worm started to scan. Compared to theoretic value, the identification error ratio was 5.69%. Conclusion The method can detect unknown network worm at its early propagation stage effectively.展开更多
Active worms can cause widespread damages at so high a speed that effectively precludes human-directed reaction, and patches for the worms are always available after the damages have been caused, which has elevated th...Active worms can cause widespread damages at so high a speed that effectively precludes human-directed reaction, and patches for the worms are always available after the damages have been caused, which has elevated them self to a first-class security threat to Metropolitan Area Networks (MAN). Multi-agent system for Worm Detection and Containment in MAN (MWDCM) is presented to provide a first-class automatic reaction mechanism that automatically applies containment strategies to block the propagation of the worms and to protect MAN against worm scan that wastes a lot of network bandwidth and crashes the routers. Its user agent is used to detect the known worms. Worm detection agent and worm detection correlation agent use two-stage based decision method to detect unknown worms. They adaptively study the accessing in the whole network and dynamically change the working parameters to detect the unknown worms. MWDCM confines worm infection within a macro-cell or a micro-cell of the metropolitan area networks, the rest of the accesses and hosts continue functioning without disruption. MWDCM integrates Worm Detection System (WDS) and network management system. Reaction measures can be taken by using Simple Network Management Protocol (SNMP) interface to control broadband access server as soon as the WDS detect the active worm. MWDCM is very effective in blocking random scanning worms. Simulation results indicate that high worm infection rate of epidemics can be avoided to a degree by MWDCM blocking the propagation of the worms.展开更多
Instant messaging (IM) has become one of the most popular online communication tools among consumer and enterprise IM users. It provides instant message delivery, as well as convenient file transfer services. The in...Instant messaging (IM) has become one of the most popular online communication tools among consumer and enterprise IM users. It provides instant message delivery, as well as convenient file transfer services. The increasing popularity and functionalities of IM programs have made it increasingly attractive for attackers, especially for worm writers. IM contact list offers worm an easy way of finding potential victims so that the worm could achieve a surprising spreading speed. This paper first presents our experimental results of simulating IM worm propagation in the logical network defined by IM contact lists, which is reported to be a scale-free network. Then, the existing proposals for detecting and containing IM worm epidemics are discussed. At last, a new algorithm for this purpose is presented, which is based on the observation of the bi-directional nature of IM worm traffic, and its advantages and possible improvements in implementation are analyzed. The simulation results show the proposed algorithm is of significant effect on restricting IM worm propagation.展开更多
The spread of the worm causes great harm to the computer network. It has recently become the focus of the network security research. This paper presents a local-worm detection algorithm by analyzing the characteristic...The spread of the worm causes great harm to the computer network. It has recently become the focus of the network security research. This paper presents a local-worm detection algorithm by analyzing the characteristics of traffic generated by the TCP-based worm. Moreover, we adjust the worm location algorithm, aiming at the differences between the high-speed and the low-speed worm scanning methods. This adjustment can make the location algorithm detect and locate the worm based on different scanning rate. Finally, we verified the validity and efficiency of the proposed algorithm by simulating it under NS-2.展开更多
基金supported by the Natural Science Foundation under Grant No.61962009Major Scientific and Technological Special Project of Guizhou Province under Grant No.20183001Foundation of Guizhou Provincial Key Laboratory of Public Big Data under Grant No.2018BDKFJJ003,2018BDKFJJ005 and 2019BDKFJJ009.
文摘Wireless Sensor Network(WSN)is a distributed sensor network composed a large number of nodes with low cost,low performance and self-management.The special structure of WSN brings both convenience and vulnerability.For example,a malicious participant can launch attacks by capturing a physical device.Therefore,node authentication that can resist malicious attacks is very important to network security.Recently,blockchain technology has shown the potential to enhance the security of the Internet of Things(IoT).In this paper,we propose a Blockchain-empowered Authentication Scheme(BAS)for WSN.In our scheme,all nodes are managed by utilizing the identity information stored on the blockchain.Besides,the simulation experiment about worm detection is executed on BAS,and the security is evaluated from detection and infection rate.The experiment results indicate that the proposed scheme can effectively inhibit the spread and infection of worms in the network.
文摘Current worm detection methods are unable to detect multi-vector polymorphic worms effectively. Based on negative selection mechanism of the immune system, a local network worm detection system that detects worms was proposed. Normal network service requests were represented by self-strings, and the detection system used self-strings to monitor the network for anomaly. According to the properties of worm propagation, a control center correlated the anomalies detected in the form of binary trees to ensure the accuracy of worm detection. Experiments show the system to be effective in detecting the traditional as well as multi-vector polymorphic worms.
基金This work was supported by National "863" programof China (No.2003AA148010) and National Torch Project of China (No.2005EB011484) .
文摘Objective To detect unknown network worm at its early propagation stage. Methods On the basis of characteristics of network worm attack, the concept of failed connection flow (FCT) was defined. Based on wavelet packet analysis of FCT time series, this method computed the energy associated with each wavelet packet of FCT time series, transformed the FCT time series into a series of energy distribution vector on frequency domain, then a trained K-nearest neighbor (KNN) classifier was applied to identify the worm. Results The experiment showed that the method could identify network worm when the worm started to scan. Compared to theoretic value, the identification error ratio was 5.69%. Conclusion The method can detect unknown network worm at its early propagation stage effectively.
基金Partially supported by the Teaching and Research Award for Outstanding Young Teachers in High Education Institutions of MOE, China (No.200065).
文摘Active worms can cause widespread damages at so high a speed that effectively precludes human-directed reaction, and patches for the worms are always available after the damages have been caused, which has elevated them self to a first-class security threat to Metropolitan Area Networks (MAN). Multi-agent system for Worm Detection and Containment in MAN (MWDCM) is presented to provide a first-class automatic reaction mechanism that automatically applies containment strategies to block the propagation of the worms and to protect MAN against worm scan that wastes a lot of network bandwidth and crashes the routers. Its user agent is used to detect the known worms. Worm detection agent and worm detection correlation agent use two-stage based decision method to detect unknown worms. They adaptively study the accessing in the whole network and dynamically change the working parameters to detect the unknown worms. MWDCM confines worm infection within a macro-cell or a micro-cell of the metropolitan area networks, the rest of the accesses and hosts continue functioning without disruption. MWDCM integrates Worm Detection System (WDS) and network management system. Reaction measures can be taken by using Simple Network Management Protocol (SNMP) interface to control broadband access server as soon as the WDS detect the active worm. MWDCM is very effective in blocking random scanning worms. Simulation results indicate that high worm infection rate of epidemics can be avoided to a degree by MWDCM blocking the propagation of the worms.
基金Supported by the National Natural Science Foundation of China (60573136)
文摘Instant messaging (IM) has become one of the most popular online communication tools among consumer and enterprise IM users. It provides instant message delivery, as well as convenient file transfer services. The increasing popularity and functionalities of IM programs have made it increasingly attractive for attackers, especially for worm writers. IM contact list offers worm an easy way of finding potential victims so that the worm could achieve a surprising spreading speed. This paper first presents our experimental results of simulating IM worm propagation in the logical network defined by IM contact lists, which is reported to be a scale-free network. Then, the existing proposals for detecting and containing IM worm epidemics are discussed. At last, a new algorithm for this purpose is presented, which is based on the observation of the bi-directional nature of IM worm traffic, and its advantages and possible improvements in implementation are analyzed. The simulation results show the proposed algorithm is of significant effect on restricting IM worm propagation.
基金the National Natural Science Foundation of China (Grant No. 60403028)
文摘The spread of the worm causes great harm to the computer network. It has recently become the focus of the network security research. This paper presents a local-worm detection algorithm by analyzing the characteristics of traffic generated by the TCP-based worm. Moreover, we adjust the worm location algorithm, aiming at the differences between the high-speed and the low-speed worm scanning methods. This adjustment can make the location algorithm detect and locate the worm based on different scanning rate. Finally, we verified the validity and efficiency of the proposed algorithm by simulating it under NS-2.
