Chonggang Wang,K. Sohraby,V. Lawrence,Bo-Yi Li,Yueming Hu

2015-01-01

Abstract:Wireless sensor network (WSN) comprises of spatially distributed autonomous sensors to screen physical or environmental conditions and to agreeably go their information through the network to a principle area. One of the critical necessities of a WSN is the efficiency of vitality, which expands the life time of the network. At the same time there are some different variables like Load Balancing, congestion control, coverage, Energy Efficiency, mobility and so on. A few methods have been proposed via scientists to accomplish these objectives that can help in giving a decent topology control. In the piece, a few systems which are accessible by utilizing improvement and transformative strategies that give a multi target arrangement are examined. In this paper, we compare different algorithms' execution in view of a few parameters intended for every target and the outcomes are analyzed. KeywordsTopology control; Wireless sensor networks; QOS. __________________________________________________*****_________________________________________________

Huang Xiaobo,Pan Xuezeng

DOI: https://doi.org/10.3969/j.issn.1000-386X.2007.07.059

2007-01-01

Abstract:An algorithm based on SNMP and ICMP to discover topology structure of network and the method of visualizing them are introduced.The experience gained from development is summarized.

Dezhang Kong,Yi Shen,Xiang Chen,Qiumei Cheng,Hongyan Liu,Dong Zhang,Xuan Liu,Shuangxi Chen,Chunming Wu

DOI: https://doi.org/10.1109/tnet.2022.3203561

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:The topology discovery service in Software-Defined Networking (SDN) provides the controller with a global view of the substrate network topology, allowing for central management of the entire network. Unfortunately, emerging topology attacks can poison the network topology and result in unforeseeable disasters. Although researchers have made great efforts to mitigate this problem, security hazards still exist. In this paper, we propose Invisible Assailant Attack (IAA), the first combination topology attack capable of injecting and maintaining fake links even when 12 existing defense strategies are deployed simultaneously. IAA consists of 14 attack phases that apply multiple attack strategies. Attackers skillfully disguise the attack traffic in each phase so that it looks like normal network traffic, and perform these phases in a well-planned sequence, thereby bypassing existing defenses step by step. To mitigate this attack, we propose a Route Path Verification (RPV) mechanism that orchestrates multiple defense strategies to identify fake links. According to the experiments, RPV can successfully detect IAA with low overhead: its detection completes within 1 ms while its per-flow storage consumption is only a few KB.

Geng-hong LU,Dong-qin FENG

DOI: https://doi.org/10.13195/j.kzyjc.2016.0551

2017-01-01

Abstract:The attacks against the industrial control network have different types and various attack intensity. Under this circumstance, the traditional detection techniques cannot identify the multiple types of attacks effectively, and can not assess the security situations of the industrial control network comprehensively and accurately. Therefore, the industrial control network security situation awareness model is proposed. Firstly, the rule extraction can be done by applying the improved C-SVC algorithm to the multi-sensor data. Then with the application of decision fusion algorithm, the decision-level fusion is completed and the results of situation awareness are procured. The simulation experiment results show that the proposed model and algorithms can distinguish multiple types of attacks effectively, identify the attacks that are launched against the industrial control system accurately, and generate the results of situation awareness.

Yan Liu,Lian Liu,Yu Yan

DOI: https://doi.org/10.1145/3409501.3409532

2020-01-01

Abstract:Network topology is one of the most important parts in network security situation awareness tasks. Considering that the topology may change due to network intrusion, adjustment of routing policies, etc., the traditional static topology analysis methods cannot capture the dynamic change of network topology with time, which leads to the problem of weak early warning ability. To find out the small trend changes of the network topology over time, a network topology change detection method is proposed based on statistical process control: 1) to simplify the continuous dynamics of network topology, the observation network is regarded as a sampling sequence of the topological networks that dynamically change with time, a longitudinal topological network is constructed; 2) to quantify the differences of network structure from multiple perspectives, network structure parameters of each period are selected and measured; 3) to find out the trendy structural change in the longitudinal topological network, the cumulative sum method in industrial control is introduced to evaluate the change of topological parameters and further track to the starting time of change. Extensive experiments are performed on the simulation data, showing that compared with simple parameter statistics method, the method proposed can be sensitive to network changes and trace back to the beginning of the trend change.

Zhou Gu,Ju H. Park,Dong Yue,Zheng-Guang Wu,Xiangpeng Xie

DOI: https://doi.org/10.1109/tsmc.2019.2960115

2021-01-01

Abstract:This article studies the security of networked interconnected systems (NISs) subject to cyber-attacks based on a new event-triggered mechanism (ETM). NISs with spatially distributed subsystems are vulnerable to cyber-attacks. With a new concept of security control, attention is focused on designing a novel ETM together with a decentralized output feedback control (DOFC) scheme such that the NIS subject to cyber-attacks is stable in secure sense. Under the proposed ETM, the average data-releasing rate over the whole operating period can be extremely decreased, thereby reducing the burden of network bandwidth, computation, and battery-supply. Moreover, during the system with external disturbance or attack on the communication network, more transmission-events can be generated than other periods. As a result, the desired control performance can be achieved. By using stochastic analysis techniques and Lyapunov stability theory, sufficient conditions are derived to obtain both the controller gains and the parameters of the ETM. Numerical simulation of chemical reactor systems is given to illustrate the advantages and effectiveness of the proposed theories and design techniques.

Jun Li,HanPing Hu,Qiao Ke,Naixue Xiong

DOI: https://doi.org/10.3390/s17030553

2017-03-09

Abstract:With the rapid development of virtual machine technology and cloud computing, distributed denial of service (DDoS) attacks, or some peak traffic, poses a great threat to the security of the network. In this paper, a novel topology link control technique and mitigation attacks in real-time environments is proposed. Firstly, a non-invasive method of deploying virtual sensors in the nodes is built, which uses the resource manager of each monitored node as a sensor. Secondly, a general topology-controlling approach of resisting the tolerant invasion is proposed. In the proposed approach, a prediction model is constructed by using copula functions for predicting the peak of a resource through another resource. The result of prediction determines whether or not to initiate the active defense. Finally, a minority game with incomplete strategy is employed to suppress attack flows and improve the permeability of the normal flows. The simulation results show that the proposed approach is very effective in protecting nodes.

Zheng,Xu Mingwei,Li Qi,Zhang Yun

DOI: https://doi.org/10.7544/issn1000-1239.2018.20160740

2018-01-01

Journal of Computer Research and Development

Abstract:Software-defined networking (SDN) is a new network paradigm.Unlike the conventional network,SDN separates the control plane from the data plane.The function of the data plane is enabled in switches while only the controller provides the functions of the control plane.The controller learns topologies of the whole networks and makes the traffic forwarding decisions.However,recent studies show that there exist some serious vulnerabilities in topology management services of the current SDN controller designs,which mainly exists in host tracking service and link discovery service.Attackers can exploit these vulnerabilities to poison the network topology information in the SDN controllers.What's more,attackers can even make the whole network down.Fortunately,researchers have paid some attention to this serious problem and proposed their defense solution.However,the existing countermeasures can be easily evaded by the attackers.In this paper,we propose an effective approach called SecTopo,to defend against the network topology poisoning attacks.Our evaluation on SecTopo in the Floodlight controller shows that the defense solution can effectively secure network topology with a minor impact on normal operations of OpenFlow controllers.

赵贵成,程鹏,王文海

DOI: https://doi.org/10.19358/j.issn.2096-5133.2018.03.007

2018-01-01

Abstract:自2010年"震网"事件以来,工业控制系统网络安全逐渐成为一个重要议题,而入侵检测技术因其较强的适用性,在工业界和学术界都得到了广泛研究。现场控制网络异常检测是该领域近年来最为前沿的研究方向之一,可以按照检测目标分为两类,分别是基于过程变量的异常检测和基于通信行为的异常检测。随后对这两个方向最新的研究成果进行总结探讨,比较两种方法的特点和优势并做出展望。 

Ying Wan,Jinde Cao

DOI: https://doi.org/10.3390/s23084013

2023-04-15

Abstract:Complex cyber-physical networks combine the prominent features of complex networks and cyber-physical systems (CPSs), and the interconnections between the cyber layer and physical layer usually pose significant impacts on its normal operation. Many vital infrastructures, such as electrical power grids, can be effectively modeled as complex cyber-physical networks. Given the growing importance of complex cyber-physical networks, the issue of their cybersecurity has become a significant concern in both industry and academic fields. This survey is focused on some recent developments and methodologies for secure control of complex cyber-physical networks. Besides the single type of cyberattack, hybrid cyberattacks are also surveyed. The examination encompasses both cyber-only hybrid attacks and coordinated cyber-physical attacks that leverage the strengths of both physical and cyber attacks. Then, special focus will be paid to proactive secure control. Reviewing existing defense strategies from topology and control perspectives aims to proactively enhance security. The topological design allows the defender to resist potential attacks in advance, while the reconstruction process can aid in reasonable and practical recovery from unavoidable attacks. In addition, the defense can adopt active switching-based control and moving target defense strategies to reduce stealthiness, increase the cost of attacks, and limit the attack impacts. Finally, conclusions are drawn and some potential research topics are suggested.

Yuantian Miao,Zichan Ruan,Lei Pan,Yu Wang,Jun Zhang,Yang Xiang

DOI: https://doi.org/10.48550/arXiv.1804.09023

2018-04-24

Abstract:Network traffic analytics technology is a cornerstone for cyber security systems. We demonstrate its use through three popular and contemporary cyber security applications in intrusion detection, malware analysis and botnet detection. However, automated traffic analytics faces the challenges raised by big traffic data. In terms of big data's three characteristics --- volume, variety and velocity, we review three state of the art techniques to mitigate the key challenges including real-time traffic classification, unknown traffic classification, and efficiency of classifiers. The new techniques using statistical features, unknown discovery and correlation analytics show promising potentials to deal with big traffic data. Readers are encouraged to devote to improving the performance and practicability of automatic traffic analytic in cyber security.

Cryptography and Security

Zhengbing Hu,Roman Odarchenko,Sergiy Gnatyuk,Maksym Zaliskyi,Anastasia Chaplits,Sergiy Bondar,Vadim Borovik,

DOI: https://doi.org/10.5815/ijcnis.2020.06.01

2021-12-08

International Journal of Computer Network and Information Security

Abstract:Represented paper is currently topical, because of year on year increasing quantity and diversity of attacks on computer networks that causes significant losses for companies. This work provides abilities of such problems solving as: existing methods of location of anomalies and current hazards at networks, statistical methods consideration, as effective methods of anomaly detection and experimental discovery of choosed method effectiveness. The method of network traffic capture and analysis during the network segment passive monitoring is considered in this work. Also, the processing way of numerous network traffic indexes for further network information safety level evaluation is proposed. Represented methods and concepts usage allows increasing of network segment reliability at the expense of operative network anomalies capturing, that could testify about possible hazards and such information is very useful for the network administrator. To get a proof of the method effectiveness, several network attacks, whose data is storing in specialised DARPA dataset, were chosen. Relevant parameters for every attack type were calculated. In such a way, start and termination time of the attack could be obtained by this method with insignificant error for some methods.

Ying Zhang,Wei Chen,Jixing Liang,Bingxin Zheng,Shengming Jiang

DOI: https://doi.org/10.3390/s151229782

2015-12-01

Abstract:It is expected that in the near future wireless sensor network (WSNs) will be more widely used in the mobile environment, in applications such as Autonomous Underwater Vehicles (AUVs) for marine monitoring and mobile robots for environmental investigation. The sensor nodes' mobility can easily cause changes to the structure of a network topology, and lead to the decline in the amount of transmitted data, excessive energy consumption, and lack of security. To solve these problems, a kind of efficient Topology Control algorithm for node Mobility (TCM) is proposed. In the topology construction stage, an efficient clustering algorithm is adopted, which supports sensor node movement. It can ensure the balance of clustering, and reduce the energy consumption. In the topology maintenance stage, the digital signature authentication based on Error Correction Code (ECC) and the communication mechanism of soft handover are adopted. After verifying the legal identity of the mobile nodes, secure communications can be established, and this can increase the amount of data transmitted. Compared to some existing schemes, the proposed scheme has significant advantages regarding network topology stability, amounts of data transferred, lifetime and safety performance of the network.

Xiaolong Liang

DOI: https://doi.org/10.1109/netcit54147.2021.00053

2021-12-01

Abstract:With the rapid development of network communication technology, the continuous deepening of Internet application and the increasing enrichment of information, the Internet has become an important infrastructure of human society. With the development of network technology and the increasing complexity of network topology, the supervision of network is facing great challenges. Among them, network traffic anomaly detection is one of the important tasks in network supervision. It is an indispensable technical means in network intrusion detection, security monitoring, operation and maintenance. Network security has become a problem faced by people. Anomaly detection is valued by people in academia and industry because it can detect unknown attacks. Researchers have proposed a large number of anomaly detection methods and systems. However, with the continuous growth of network bandwidth and the continuous progress of network attack and defense game, the network itself is in the process of dynamic evolution, and the means and methods of network attack are also evolving, resulting in the improvement of detection accuracy and accuracy of anomaly detection system Operational efficiency, security and ease of use are facing severe challenges. It is of great significance to propose anomaly detection methods with high detection accuracy and high operation efficiency and optimize existing detection algorithms. It is also a cutting-edge scientific problem of common concern in the field of global network security in academia and industry. Based on the prediction model and classifier, this paper proposes a real-time online anomaly detection method for network traffic, and systematically implements this method.

Wei Zhou

DOI: https://doi.org/10.1155/2022/4960360

2022-02-08

Scientific Programming

Abstract:Big data processing technology has attracted a lot of attention due to its forecasting and warning of Internet security situation. The current risk assessment system still has problems such as high false alarm rate and excessive reliance on expert knowledge in the security defense system. Based on the big data-driven principle, this paper constructs a hierarchical local area network security risk event prediction model and proposes a predictive complex event processing method. The model building process is evolved and improved on the basis of the scoring function. The establishment method of vulnerability database and vulnerability association database is introduced in detail. At the same time, the problem of the difference between the structure and identification method of the information in the information database and the vulnerability database is solved, and the effect of timely modification when the data do not match is realized. Experimental results show that the algorithm has an accuracy of 98.75% and a fault tolerance rate of 0.0035, which promotes the accuracy of the network risk assessment results based on multistage network attacks.

computer science, software engineering

Chengze Du,Jibin Shi

2024-12-11

Abstract:Network tomography plays a crucial role in network monitoring and management, where network topology serves as the fundamental basis for various tomography tasks including traffic matrix estimation and link performance inference. The topology information, however, can be inferred through end-to-end measurements using various inference algorithms, posing significant security risks to network infrastructure. While existing protection methods attempt to secure topology information by manipulating end-to-end delay measurements, they often require complex computation and sophisticated modification strategies, making real-time protection challenging. Moreover, these delay-based modifications typically render the measurements unusable for network monitoring, even by trusted users, as the manipulated delays distort the actual network performance characteristics. This paper presents a novel privacy-preserving framework that addresses these limitations. Our approach provides efficient topology protection while maintaining the utility of measurements for authorized network monitoring. Through extensive evaluation on both simulated and real-world networks topology, we demonstrate that our framework achieves superior privacy protection compared to existing methods while enabling trusted users to effectively monitor network performance. Our solution offers a practical approach for organizations to protect sensitive topology information without sacrificing their network monitoring capabilities.

Cryptography and Security

Baoxian Zhang,Zhenzhen Jiao,Cheng Li,Zheng Yao,Athanasios V. Vasilakos

DOI: https://doi.org/10.1002/wcm.2660

2016-01-01

Abstract:Topology control is an efficient strategy for improving the performance of wireless ad hoc and sensor networks by building network topologies with desirable features. In this process, location information of nodes can be used to improve the performance of a topology control algorithm and also ease its operations. Many location-based topology control algorithms have been proposed. In this paper, we propose two location-assisted grid-based topology control (GBP) algorithms. The design objective of our algorithm is to effectively reduce the number of active nodes required to keep global network connectivity. In grid-based topology control, a network is divided into equally spaced squares (called grids). We accordingly design cross-sectional topology control algorithm and diagonal topology control algorithm based on different network parameter settings. The key idea is to build near-minimal connected dominating set for the network at the grid level. Analytical and simulation results demonstrate that our designed algorithms outperform existing work. Furthermore, the diagonal algorithm outperforms the cross-sectional algorithm. Copyright (c) 2016 John Wiley & Sons, Ltd.

HUANG Jia-Lin,Liu Hai-Tao,Mei Zhen-Kun,Gan Miao-Jin,Sun Qian

2008-01-01

Periodical of Ocean University of China

Abstract:The management of a large campus network is complex and difficult.An effective network management system is basical for secure and steady network.The current network management systems focus on the management of the equipment,they have not related network management to the network user behavior.The System Based on User Network Behavior Monitoring and Controlling amalgamated the technical character of various system manufacturer.Because of making use of the functions and the management messages of the present network equipments and systems,analyzing and ruling the user's network behavior,and eliminating the effect of the bad network behavior,it can maintain a secure and steady network and reduce the network manager's workload.

Rafail Kartsioukas,Rajat Tandon,Zheng Gao,Jelena Mirkovic,Michalis Kallitsis,Stilian Stoev

2023-06-22

Abstract:Network operators and system administrators are increasingly overwhelmed with incessant cyber-security threats ranging from malicious network reconnaissance to attacks such as distributed denial of service and data breaches. A large number of these attacks could be prevented if the network operators were better equipped with threat intelligence information that would allow them to block or throttle nefarious scanning activities. Network telescopes or "darknets" offer a unique window into observing Internet-wide scanners and other malicious entities, and they could offer early warning signals to operators that would be critical for infrastructure protection and/or attack mitigation. A network telescope consists of unused or "dark" IP spaces that serve no users, and solely passively observes any Internet traffic destined to the "telescope sensor" in an attempt to record ubiquitous network scanners, malware that forage for vulnerable devices, and other dubious activities. Hence, monitoring network telescopes for timely detection of coordinated and heavy scanning activities is an important, albeit challenging, task. The challenges mainly arise due to the non-stationarity and the dynamic nature of Internet traffic and, more importantly, the fact that one needs to monitor high-dimensional signals (e.g., all TCP/UDP ports) to search for "sparse" anomalies. We propose statistical methods to address both challenges in an efficient and "online" manner; our work is validated both with synthetic data as well as real-world data from a large network telescope.

Cryptography and Security,Applications,Methodology

Xi Chen

DOI: https://doi.org/10.54254/2755-2721/38/20230530

2024-02-07

Abstract:With the widespread application of computer network technology, computer network security defense capability has become a focus of attention in various industries. The extensive use of computer information systems in various sectors has significantly improved work efficiency but has also introduced security risks and management issues. The deployment of network security detection and control systems allows for effective security monitoring and management of computer operations and real-time network information. This paper presents a computer network security detection and control system based on human-computer interaction, which enables users to handle daily key business processes. The work principles and overall architecture of the network security detection and control system are analyzed and demonstrated. It offers functions such as filtering options, address rules, network security detection, network unreachability, overall traffic analysis, subnet definition, fault diagnosis, and security analysis. Testing and analysis indicate that the systems design achieves the intended goals. In the application of network security features, it can effectively combine various forces to enhance the quality and efficiency of network security, making it widely applicable in various industry units.