检索结果-南通市图书馆

A General Authentication and Key Agreement Framework for Industrial Control System

Chinese Journal of Electronics 2024年第4期33卷 1046-1062页

作者： Shan GAO Junjie CHEN Bingsheng ZHANG Kui REN Xiaohua YE Yongsheng SHEN School of Cyber Science and Technology Zhejiang University Hangzhou Global Scientific and Technological Innovation Center Zhejiang University Zhejiang Provincial Key Laboratory of Blockchain and Cyberspace Governance Hangzhou City Brain Co. Ltd

In modern industrial control systems(ICSs), when user retrieving the data stored in field device like smart sensor, there exists two main problems: one is lack of the verification for identification of user and field device;the other is that user and field device need exchange a key to encrypt sensitive data transmitted over the *** propose a comprehensive authentication and key agreement framework that enables all connected devices in an ICS to mutually authenticate each other and establish a peer-to-peer session key. The framework combines two types of protocols for authentication and session key agreement: The first one is an asymmetric cryptographic key agreement protocol based on transport layer security handshake protocol used for internet access, while the second one is a newly designed lightweight symmetric cryptographic key agreement protocol specifically for field devices. This proposed lightweight protocol imposes very light computational load and merely employs simple operations like one-way hash function and exclusive-or(XOR) operation. In comparison to other lightweight protocols, our protocol requires the field device to perform fewer computational operations during the authentication phase. The simulation results obtained using Open SSL demonstrates that each authentication and key agreement process in the lightweight protocol requires only 0.005 ms. Our lightweight key agreement protocol satisfies several essential security features, including session key secrecy, identity anonymity, untraceability, integrity, forward secrecy, and mutual authentication. It is capable of resisting impersonation, man-in-the-middle, and replay attacks. We have employed the Gong-NeedhamYahalom(GNY) logic and automated validation of internet security protocols and application tool to verify the security of our symmetric cryptographic key agreement protocol.

关键词： Performance evaluation Protocols Costs Industrial control internet security Authentication Time measurement

来源：

同方期刊数据库评论

在线全文

同方期刊数据库

学校读者我要写书评

暂无评论

Comprehensive DDoS Attack Classification Using Machine LearningAlgorithms

引用

Computers, Materials & Continua 2022年第10期73卷 577-594页

作者： Olga Ussatova Aidana Zhumabekova Yenlik Begimbayeva Eric T.Matson Nikita Ussatov Al-Farabi Kazakh National University Almaty050040Kazakhstan Institute of Information and Computational Technologies Almaty050010Kazakhstan Satbayev University Almaty050013Kazakhstan Purdue University West Lafayette47907INUSA Turan University Almaty050013Kazakhstan

The fast development of internet technologies ignited the growthof techniques for information security that protect data, networks, systems,and applications from various threats. There are many types of threats. Thededicated denial of service attack (DDoS) is one of the most serious andwidespread attacks on internet resources. This attack is intended to paralyzethe victim’s system and cause the service to fail. This work is devoted tothe classification of DDoS attacks in the special network environment calledSoftware-Defined Networking (SDN) using machine learning algorithms. Theanalyzed dataset included instances of two classes: benign and *** the dataset contained twenty-two features, the feature selection techniques were required for dimensionality reduction. In these experiments, theInformation gain, the Chi-square, and the F-test were applied to decreasethe number of features to ten. The classes were also not completely balanced, so undersampling, oversampling, and synthetic minority oversampling(SMOTE) techniques were used to balance classes equally. The previousresearch works observed the classification of DDoS attacks applying variousfeature selection techniques and one or more machine learning ***, they did not pay much attention to classifying the combinations offeature selection and balancing methods with different machine learningalgorithms. This work is devoted to the classification of datasets with eightmachine learning algorithms: naïve Bayes, logistic regression, support vectormachine, k-nearest neighbors, decision tree, random forest, XGBoost, andCatBoost. In the experimental results, the Information gain and F-test featureselection methods achieved better performance with all eight ML algorithmsthan with the Chi-square technique. Furthermore, the accuracy values of theoversampled and SMOTE datasets were higher than that of the undersampledand imbalanced datasets. Among machine learning algorithms, the accuracyof support vector

关键词： internet security networks systems DDoS software-defined networking feature selection class balancing machine learning XGBoost CatBoost

来源：

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

SAFE:a Scalable Filter-Based Packet Filtering Scheme

引用

China Communications 2016年第2期13卷 163-177页

作者： LU Ning HU Wenhao College of Information Science and Engineering Northeastern University.ShenyangLiaoning110819 China State Key Laboratory of Networking and Switching Technology Beijing University of Posts and TelecommunicationsBeijing100000China Nanjing University of Information Science and Technology Nanjing Jiangsu210044 China

Recently, attacks have become Denial-of-Service （DOS） the mainstream threat to the internet service availability. The filter-based packet filtering is a key technology to defend against such attacks. Relying on the filtering location, the proposed schemes can be grouped into Victim-end Filtering and Source-end Filtering. The first scheme uses a single filtering router to block the attack flows near the victim, but does not take the factor that the filters are scarce resource into account, which causes the huge loss of legitimate flows; considering each router could contribute a few filters, the other extreme scheme pushes the filtering location back into each attack source so as to obtain ample filters, but this may incur the severe network transmission delay due to the abused filtering routers. Therefore, in this paper, we propose a scalable filter-based packet filtering scheme to balance the number of filtering routers and the available filters. Through emulating DoS scenarios based on the synthetic and real-world Intemet topologies and further implementing the various filter-based packet filtering schemes on them, the results show that our scheme just uses fewer filtering routers to cut off all attack flows while minimizing the loss of legitimate flows.

关键词： internet security DoS attacks filtering scheme

来源：

维普期刊数据库

同方期刊数据库评论

在线全文

学校读者我要写书评

暂无评论

ResNeSt-biGRU: An Intrusion Detection Model Based on internet of Things

引用

Computers, Materials & Continua 2024年第4期79卷 1005-1023页

作者： Yan Xiang Daofeng Li Xinyi Meng Chengfeng Dong Guanglin Qin School of Computer and Electronics Information Guangxi UniversityNanning530004China Guangxi Colleges and Universities Key Laboratory of Multimedia Communications and Information Processing Guangxi UniversityNanning530004China

The rapid expansion of internet of Things (IoT) devices across various sectors is driven by steadily increasingdemands for interconnected and smart technologies. Nevertheless, the surge in the number of IoT device hascaught the attention of cyber hackers, as it provides them with expanded avenues to access valuable data. Thishas resulted in a myriad of security challenges, including information leakage, malware propagation, and financialloss, among others. Consequently, developing an intrusion detection system to identify both active and potentialintrusion traffic in IoT networks is of paramount importance. In this paper, we propose ResNeSt-biGRU, a practicalintrusion detection model that combines the strengths of ResNeSt, a variant of Residual Neural Network, andbidirectionalGated RecurrentUnitNetwork (biGRU).Our ResNeSt-biGRUframework diverges fromconventionalintrusion detection systems (IDS) by employing this dual-layeredmechanism that exploits the temporal continuityand spatial feature within network data streams, a methodological innovation that enhances detection *** conjunction with this, we introduce the PreIoT dataset, a compilation of prevalent IoT network behaviors, totrain and evaluate IDSmodels with a focus on identifying potential intrusion traffics. The effectiveness of proposedscheme is demonstrated through testing, wherein it achieved an average accuracy of 99.90% on theN-BaIoT datasetas well as on the PreIoT dataset and 94.45% on UNSW-NB15 dataset. The outcomes of this research reveal thepotential of ResNeSt-biGRU to bolster security measures, diminish intrusion-related vulnerabilities, and preservethe overall security of IoT ecosystems.

关键词： internet of Things cyberattack intrusion detection internet security

来源：

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

Preventing IP Source Address Spoofing: A Two-Level, State Machine-Based Method

引用

Tsinghua Science and Technology 2009年第4期14卷 413-422页

作者：毕军刘冰洋吴建平沈燕 Tsinghua National Laboratory for Information Science and Technology Network Research Center Tsinghua University China Education and Research Network (CERNET)

A signature-and-verification-based method, automatic peer-to-peer anti-spoofing （APPA）, is pro- posed to prevent IP source address spoofing. In this method, signatures are tagged into the packets at the source peer, and verified and removed at the verification peer where packets with incorrect signatures are filtered. A unique state machine, which is used to generate signatures, is associated with each ordered pair of APPA peers. As the state machine automatically transits, the signature changes accordingly. KISS ran- dom number generator is used as the signature generating algorithm, which makes the state machine very small and fast and requires very low management costs. APPA has an intra-AS （autonomous system） level and an inter-AS level. In the intra-AS level, signatures are tagged into each departing packet at the host and verified at the gateway to achieve finer-grained anti-spoofing than ingress filtering. In the inter-AS level, signatures are tagged at the source AS border router and verified at the destination AS border router to achieve prefix-level anti-spoofing, and the automatic state machine enables the peers to change signatures without negotiation which makes APPA attack-resilient compared with the spoofing prevention method. The results show that the two levels are both incentive for deployment, and they make APPA an integrated anti-spoofing solution.

关键词： source address spoofing spoofing prevention internet security

来源：

维普期刊数据库

同方期刊数据库评论

在线全文

学校读者我要写书评

暂无评论

A Router Based Packet Filtering Scheme for Defending Against DoS Attacks

引用

China Communications 2014年第10期11卷 136-146页

作者： LU Ning SU Sen JING Maohua HAN Jian School of Computer and Communication Engineering Northeastern University at Qinhuangdao State Key Laboratory of Networking and Switching Technology Beijing University of Posts and Telecommunications.

The filter-based reactive packet filtering is a key technology in attack traffic filtering for defending against the Denial-of- Service （DOS） attacks. Two kinds of relevant schemes have been proposed as victim- end filtering and source-end filtering. The first scheme prevents attack traffic from reaching the victim, but causes the huge loss of legitimate flows due to the scarce filters （termed as collateral damages）; the other extreme scheme can obtain the sufficient filters, but severely degrades the network transmission performance due to the abused filtering routers. In this paper, we propose a router based packet filtering scheme, which provides relatively more filters while reducing the quantity of filtering touters. We implement this scheme on the emulated DoS scenarios based on the synthetic and real-world internet topologies. Our evaluation results show that compared to the previous work, our scheme just uses 20% of its filtering routers, but only increasing less than 15 percent of its collateral damage.

关键词： internet security DoS attacks filter-based reactive packet filtering

来源：

维普期刊数据库

同方期刊数据库评论

在线全文

学校读者我要写书评

暂无评论

后棱镜时代的国际网络治理

引用

国际法学 2014年第11期

作者：崔聪聪

美国已建立起一整套涵盖网络空间战略、法律、军事和技术保障的网络防控体系。美国对ICANN的监管权的移交不会导致其丧失对互联网的实际控制权。自上而下的方法不是互联网国际治理的最优解决方案，互联网治理需要利益相关方的共同参与... 详细信息

美国已建立起一整套涵盖网络空间战略、法律、军事和技术保障的网络防控体系。美国对ICANN的监管权的移交不会导致其丧失对互联网的实际控制权。自上而下的方法不是互联网国际治理的最优解决方案，互联网治理需要利益相关方的共同参与。美国提出的“多利益相关方模式”是其单边主义以及先发制人战略在网络空间的延伸，是对主权国家信息主权的不当溶蚀。为建立和平与公正的网络空间国际秩序，应设立网络安全与发展委员会，并将其纳入到联合国框架。互联网的国际治理应遵循主权平等原则和相对安全观，并充分发挥政府的主导作用。

关键词：网络安全信息主权网络空间国际秩序相对安全观国际网络治理 internet security information sovereignty international cyberspace order relative security outlook international network governance

来源：人大复印报刊资料评论

在线全文

人大复印报刊资料

学校读者我要写书评

暂无评论

欢迎您,

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

请选择保存的检索档案：

请选择收藏分类：

通借通还

欢迎您,

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

在线全文

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：