检索结果-南通市图书馆

Trust Type Based Trust Bootstrapping Model of Computer Network Collaborative Defense

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

China Communications 2015年第12期12卷 133-146页

作者： YU Yang xia chunhe LI Shiying LI Zhong Beijing Key Laboratory of Network Technology School of Computer Science and EngineeringBeihang University

In the system of Computer Network Collaborative Defense(CNCD),it is difficult to evaluate the trustworthiness of defense agents which are newly added to the system,since they lack historical interaction for trust evaluation.This will lead that the newly added agents could not get reasonable initial trustworthiness,and affect the whole process of trust evaluation.To solve this problem in CNCD,a trust type based trust bootstrapping model was introduced in this research.First,the division of trust type,trust utility and defense cost were discussed.Then the constraints of defense tasks were analyzed based on game theory.According to the constraints obtained,the trust type of defense agents was identified and the initial trustworthiness was assigned to defense agents.The simulated experiment shows that the methods proposed have lower failure rate of defense tasks and better adaptability in the respect of defense task execution.

关键词：防御系统网络协同引导模型计算机信任信托国防部博弈分析

Modeling and Global Conflict Analysis of Firewall Policy

在线全文

学校读者我要写书评

暂无评论

China Communications 2014年第5期11卷 124-135页

作者： LIANG xiaoyan xia chunhe JIAO Jian HU Junshun LI xiaojian Beij ing Key Laboratory of Network Technology Beihang University Beijing 100191 R R. China Beijing Information Science & Technology University Beijing 100192 P. R. China Software Development Center of China Agricultural Bank Beijing 100073 P. R. China College of Computer Science and Information Technology Guangxi Normal University Guilin 541004 Guangxi Province P. R. China

The global view of firewall policy conflict is important for administrators to optimize the policy.It has been lack of appropriate firewall policy global conflict analysis,existing methods focus on local conflict detection.We research the global conflict detection algorithm in this paper.We presented a semantic model that captures more complete classifications of the policy using knowledge concept in rough set.Based on this model,we presented the global conflict formal model,and represent it with OBDD(Ordered Binary Decision Diagram).Then we developed GFPCDA(Global Firewall Policy Conflict Detection Algorithm) algorithm to detect global conflict.In experiment,we evaluated the usability of our semantic model by eliminating the false positives and false negatives caused by incomplete policy semantic model,of a classical algorithm.We compared this algorithm with GFPCDA algorithm.The results show that GFPCDA detects conflicts more precisely and independently,and has better performance.

关键词：防火墙冲突分析建模冲突检测语义模型策略冲突测算法形式化模型

LDA-ID:An LDA-Based Framework for Real-Time Network Intrusion Detection

在线全文

学校读者我要写书评

暂无评论

China Communications 2023年第12期20卷 166-181页

作者： Weidong Zhou Shengwei Lei chunhe xia Tianbo Wang Key Laboratory of Beijing Network Technology Beihang UniversityBeijing 100191China School of Cyber Science and Technology Beihang UniversityBeijing 100191China

Network intrusion poses a severe threat to the Internet.However,existing intrusion detection models cannot effectively distinguish different intrusions with high-degree feature overlap.In addition,efficient real-time detection is an urgent problem.To address the two above problems,we propose a Latent Dirichlet Allocation topic model-based framework for real-time network Intrusion Detection(LDA-ID),consisting of static and online LDA-ID.The problem of feature overlap is transformed into static LDA-ID topic number optimization and topic selection.Thus,the detection is based on the latent topic features.To achieve efficient real-time detection,we design an online computing mode for static LDA-ID,in which a parameter iteration method based on momentum is proposed to balance the contribution of prior knowledge and new information.Furthermore,we design two matching mechanisms to accommodate the static and online LDA-ID,respectively.Experimental results on the public NSL-KDD and UNSW-NB15 datasets show that our framework gets higher accuracy than the others.

关键词： feature overlap LDA-ID optimal topic number determination real-time intrusion detection

Semantics-Based Compliance An a lys is o f N e two rk S e cu rity Policy Hie ra rch ie s

在线全文

学校读者我要写书评

暂无评论

China Communications 2012年第7期9卷 22-35页

作者： Yao Shan xia chunhe Hu Junshun Jiao Jian Li xiaojian Beijing Key Laboratory of Network Technology Beihang University Beijing 100191 P. R. China Beijing Information Technology University Beijing 100192 P. R. China College of Computer Science and Information Technology Guangxi Normal University Guilin 541004 P. R. China

Network security policy and the automated refinement of its hierarchies aims to simplify the administration of security services in complex network environments. The semantic gap between the policy hierarchies reflects the validity of the policy hierarchies yielded by the automated policy refinement process. However, little attention has been paid to the evaluation of the compliance between the derived lower level policy and the higher level policy. We present an ontology based on Ontology Web Language (OWL) to describe the semantics of security policy and their implementation. We also propose a method of estimating the semantic similarity between a given higher level security policy and the lower level ones to evaluate the compliance for the policy refinement approach. The method is verified in the case study. The experimental results demonstrate that the proposed method evaluates the semantic similarity between policy and implementation accurately, and that the algorithm of concept similarity analysis reflects the subjective similarity judgment of policy and implementation more accurate than the other algorithms.

关键词：语义本体Web语言 Lys 立方网络安全策略层次结构安全服务网络环境

Scalable and Identifier/Locator-Splitting Routing Protocol for Mobile Ad Hoc Networks

在线全文

学校读者我要写书评

暂无评论

China Communications 2012年第1期9卷 102-110页

作者： Wang Haiquan Chen Meng Hu Junshun xia chunhe Beijing Key Laboratory of Network Technology Beihang University Beijing 100191 P. R. China School of Computer Science and Engineering Beihang University Beijing 100191 P. R. China State Key Laboratory of Virtual Reality Technology and System Beihang University Beijing 100191 P. R. China School of So ware Beihang University Beijing 100191 P. R. China

In the traditional Internet Protocol (IP) architecture, there is an overload of IP semantic problems. Existing solutions focused mainly on the infrastructure for the fixed network, and there is a lack of support for Mobile Ad Hoc Networks (MANETs). To improve scalability. a routing protocol for MANETs is presented based on a locator named Tree-structure Locator Distance Vector (TLDV). The hard core of this routing method is the identifier/locator split by the Distributed Hash Table (DHT) method, which provides a scalable routing service. The node locator indicates its relative location in the network and should be updated whenever topology changes. Locator space is organized as a tree-structure, and the basic routing operation of the TLDV protocol is presented. TLDV protocol is compared to some classical routing protocols for MANETs on the NS2 platform. Results show that TLDV has better scalability.

关键词：网络基础设施路由协议可扩展性移动Ad 定位器无线自组网分裂识别

On the satisfiability of authorization requirements in business process

在线全文

学校读者我要写书评

暂无评论

Frontiers of Computer Science 2017年第3期11卷 528-540页

作者： Yang BO chunhe xia Zhigang ZHANG Xinzheng LU Beijing Key Laboratory of Network Technology Beihang University Beijing 100191 China School of Computer Science and Engineering Beihang University Beijing 100191 China The Research Institute of Beihang University in Shenzhen Shenzhen 518057 China National Education Examinations Authority Ministry of Education Beijing 100084 China

Satisfiability problem of authorization require- ments in business process asks whether there exists an as- signment of users to tasks that satisfies all the requirements, and methods were proposed to solve this problem. However, the proposed methods are inefficient in the sense that a step of the methods is searching all the possible assignments, which is time-consuming. This work proposes a method to solve the satisfiability problem of authorization requirements with- out browsing the assignments space. Our method uses im- proved separation of duty algebra （ISoDA） to describe a sat- isfiability problem of qualification requirements and quan- tification requirements （Separation of Duty and Binding of Duty requirements）. Thereafter, ISoDA expressions are re- duced into multi-mutual-exclusive expressions. The satisfia- bilities of multi-mutual-exclusive expressions are determined by an efficient algorithm proposed in this study. The experiment shows that our method is faster than the state-of-the-art methods.

关键词： satisfiability authorization requirements separation of duty binding of duty business process

A behavior-aware SLA-based framework for guaranteeing the security conformance of cloud service

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Frontiers of Computer Science 2020年第6期14卷 153-169页

作者： xiaochen LIU chunhe xia Tianbo WANG Li ZHONG xiaojian LI Beijing Key Laboratory of Network Technology School of Computer Science and EngineeringBeihang UniversityBeijing 100191China School of Computer Science and Information Technology Guangxi Normal UniversityGuilin 541004China School of Cyber Science and Technology Beihang UniversityBeijing 100191China

As cloud computing technology turning to mature,cloud services have become a trust-based service.Users'distrust of the security and performance of cloud services will hinder the rapid deployment and development of cloud services.So cloud service providers(CSPs)urgently need a way to prove that the infrastructure and the behavior of cloud services they provided can be trusted.The challenge here is how to construct a novel framework that can effective verify the security conformance of cloud services,which focuses on fine-grained descriptions of cloud service behavior and security service level aggreements(SLAs).In this paper,we propose a novel approach to verify cloud service security conformance,which reduces the description gap between the CSP and users through modeling cloud service behavior and security SLA,these models enable a systematic integration of security constraints and service behavior into cloud while using UPPAAL to check the performance and security conformance.The proposed approach is validated through case study and experiments with real cloud service based on Open-Stack,which illustrates CloudSec approach effectiveness and can be applied on realistic cloud scenario.

关键词： security conformance security SLA cloud be-havior modeling

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

薄壁铝端管加工工艺改进

工具技术 2023年第9期57卷 143-146页

作者：夏春和赵纯颖沈阳飞机工业(集团)有限公司沈阳市110850 中航沈飞民用飞机有限责任公司

针对薄壁铝端管加工中存在的问题,提出了调整装夹方式、改变加工方法、使用新材料刀具、优化工具参数和工艺参数等多个方面的改进方案,解决了加工过程中表面粗糙度不理想、生产效率低、工艺流程分散、工序内容简单和周转次数多等问题,... 详细信息

针对薄壁铝端管加工中存在的问题,提出了调整装夹方式、改变加工方法、使用新材料刀具、优化工具参数和工艺参数等多个方面的改进方案,解决了加工过程中表面粗糙度不理想、生产效率低、工艺流程分散、工序内容简单和周转次数多等问题,提高了产品生产效率,缩短了加工周期,具有良好的经济性。

关键词：铝端管装夹胎具 PCD刀具粗糙度工艺改进

基于语义分析的Windows恶意软件检测方法

在线全文

学校读者我要写书评

暂无评论

信息网络安全 2023年第10期 58-63页

作者：王宇吕良双夏春和北京航空航天大学网络技术北京市重点实验室北京100191 广西区域多源信息集成与智能处理协同创新中心桂林541004

Windows恶意软件严重侵害个人、企业甚至国家安全,为了有效发现新型恶意软件、深入剖析恶意软件的工作机制,文章提出一种基于语义分析的Windows恶意软件检测方法。该方法使用API调用之间的依赖关系描述恶意软件的行为,结合符号执行技术... 详细信息

Windows恶意软件严重侵害个人、企业甚至国家安全,为了有效发现新型恶意软件、深入剖析恶意软件的工作机制,文章提出一种基于语义分析的Windows恶意软件检测方法。该方法使用API调用之间的依赖关系描述恶意软件的行为,结合符号执行技术提取API调用依赖图,并将其作为软件的底层行为特征,通过模式发现和匹配方法,将API调用依赖图映射为ATT&CK(Adversarial Tactics,Techniques,and Common Knowledge)框架中的攻击技术,反映恶意软件所包含的行为语义。文章构建了支持向量机分类器,将攻击技术特征作为分类器输入进行训练和测试。实验结果表明,文章提出的方法能够有效发现新型恶意软件。

关键词：恶意软件检测符号执行 ATT&CK