Aiping Li,Jiajia Miao,Yan Jia

DOI: https://doi.org/10.1007/978-3-642-10240-0_6

2009-01-01

Abstract:Computer networks have become ubiquitous and integral part of the nation's critical infrastructure. How to grasp the real-time overall situation of the network security is very noteworthy to study. An increasing number of network security systems have been deployed in the backbone and the gateways of enterprises, including various Nett low systems, IDS, VDS, VS and firewalls. These products make great contributions in enhancing the network security. However, current network security systems are independent and autonomous. Consequently, such solutions cannot figure out an overview of the network security situation. In another perspective, building a new global monitoring system will suffer from redundant construction and longer deploying time. We propose a novel and high assurance solution called GS-TMS which reuses the log data generated by the existing systems. Based on the data stream and data integration technologies, GS-TMS provides a desirable capability in quickly building a large-scale distributed network monitoring system. Furthermore, GS-TMS has additional notable advantages over current monitoring systems in scalability and flexibility.

秦元坤,彭乐,薛一波

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.13.020

2008-01-01

Abstract:Many of the current information security applications are typical data-flow applications,which require high performance of data flow queries.On data flow management systems in the field of information security is researched,a statistical analysis method is provided which is efficient and flexible for data flow queries and are very important for improving the efficiency of these application sys-tems.The design and implementation of Tsinghua stream system is described,which could perform real time queries and analysis on high speed network data flow,and provide strong supports to a variety of applications.Furthermore,in particular,this system optimizes the five common aggregating queries,which meets the requirements of applications in Gigabit network.

Li Dong,Xue Yibo

DOI: https://doi.org/10.3969/j.issn.1000-386X.2008.12.093

2008-01-01

Abstract:Network applications such as network behaviour and traffic analysis,etc.,have raised higher demands for handling the network stream along with the deepened research and application in information security fields.Stream analysis was re-characterized in terms of data stream management system,and the Data Stream Management System for Information Security(IS-DSMS) which could fit the gigabyte network was designed and implemented.The technologies of sample,synopsis and sliding windows were adopted to optimize five common aggregated queries in the system.The test experiments have proved that it has practical performance in gigabyte network condition and can be used as the real-time engine to query and make statistic of the network data flow.Meanwhile,it may provide a high and effective support to network invasion and network monitoring.

沈建宇,李建华,张月国

DOI: https://doi.org/10.3969/j.issn.1009-8054.2010.02.041

2010-01-01

Abstract:Complex and various network attacks have occurred frequently, thus the people begin to realize the importance of real-time supervision on the network security. The event-stream technology is applied to process the security events, and the framework model of security supervision system is designed. This system has the function of immediately collecting and parsing alert events from different network security devices when some attacks occur suddenly, meanwhile, in this model system, the EQL interface language-based rule engine is used to manage the event-stream, this could effectively support the real-time query and analysis on large-scale network events.

Yu Sun,Xiaorong Liu,Xiaoli Shen

DOI: https://doi.org/10.1155/2022/3170164

IF: 1.968

2022-11-19

Security and Communication Networks

Abstract:With the rapid advancement of society and the level of programming and the rapid development of computer technology, networking and information are playing an increasingly important role in the social life of the masses. Creating and developing a network information security monitoring system have become one of the most important ways to keep a computer running smoothly. Traditional information security systems cannot adapt to the ever-changing network environment. If only relying on it to maintain network security, it will be far from effective monitoring and defense. Based on the theory of network information security, this study analyzes the characteristics of network information and the information security monitoring technology at the current stage. Based on the background of big data era, a new type of computer network information security monitoring system is proposed. This system is compared with the traditional network information security monitoring system, and the performance and stability of the system are investigated, respectively. The experimental data show that the network information security monitoring system designed in this study can achieve more than 99% detection rate of external attacks in a network environment with a background traffic of 10M. Its false alarm rate is lower than 4%, and the false alarm rate is lower than 7%. The qualitative mean reaches 93.02%, indicating its good monitoring accuracy and stability. By popularizing it in the current network environment, it can effectively identify and defend information attacks and maintain the development of network information security.

computer science, information systems,telecommunications

Xiaoyu Jiang,Zhiqiang Ge

DOI: https://doi.org/10.1109/tai.2022.3145335

2022-01-01

IEEE Transactions on Artificial Intelligence

Abstract:With the rapid development of information technology, intelligent upgrading of the manufacturing industry has broken the closed environment of traditional industrial control systems (ICS); thus, the information security of ICS has been seriously threatened. As part of ICS, the process monitoring system (PMS) is heavily subject to external risks. Data-driven PMSs have been widely used as initial lines of defense to ensure ICS safety. Once the PMS is under attack, the consequences on the whole ICS will be unimaginable. Unfortunately, the safety issues of the PMS have received inadequate attention. This article reveals PMS’s vulnerabilities through effective attacks. A novel method called subspace transfer network (STN) is proposed to conduct adversarial and poisoning attacks on the PMS simultaneously. Then the attack task flow is defined and explained to make online adversarial attacks and data poisoning on PMS. Meanwhile, aiming at two poisoning goals, targeted and untargeted attacks of STN are designed, respectively. Finally, the PMS’s fragility is verified in two industrial benchmarks.

SONG Zhi-gang,CAI Jian-wei,QIU Wei-dong

DOI: https://doi.org/10.3969/j.issn.1009-8054.2008.03.023

2008-01-01

Abstract:In the light that the network security devices all work alone and cack coordinated monitoring mechanism, this paper brings foreword Extended STAT Based Network Security Monitoring to manage all the devices together. A unified standard format is used to describe all the events. By data aggregation, the number of redundant alerts is reduced. In addition, the impact of a single event is evaluated by multiple factors and the network security evaluated by statistic based risk assessment technology. These help user find out the network situation and the weakness and thus take effective protective measures.

Martin Andreoni Lopez,Diogo M. F. Mattos,Otto Carlos M. B. Duarte,Guy Pujolle

DOI: https://doi.org/10.1002/cpe.5344

2019-05-21

Concurrency and Computation: Practice and Experience

Abstract:<p>The late detection of security threats causes a significant increase in the risk of irreparable damages and restricts any defense attempt. In this paper, we propose a s<b>CA</b>lable <b>TR</b>Affic <b>C</b>lassifier and <b>A</b>nalyzer (CATRACA). CATRACA works as an efficient online Intrusion Detection and Prevention System implemented as a Virtualized Network Function. CATRACA is based on Apache Spark, a Big Data Streaming processing system, and it is deployed over the Open Platform for Network Functions Virtualization (OPNFV), providing an accurate real‐time threat‐detection service. The system presents a friendly graphical interface that provides real‐time visualization of the traffic and the attacks that occur in the network. Our prototype can differentiate normal traffic from denial of service (DoS) attacks and vulnerability probes over 95% accuracy under three different datasets. Moreover, CATRACA handles streaming data under concept drift detection with more than 85% of accuracy.</p>

DU Xiang-dang,ZHANG Yu,GONG Jing-jing,SHI Xiu-hua

DOI: https://doi.org/10.3969/j.issn.1001-2257.2013.02.014

2013-01-01

Abstract:With the monitoring system that places in mountain or presents the characteristics overall scattered and local concentrated,taking a centralized water supply system as the prototype,the paper designs a general remote monitoring system based on multiple network,which has achieved remote monitoring and automatic control for monitoring site.

Haixing Liu,Yixing Yuan,Ming Zhao,Jing Lu,Xiaoming Zheng,Hongbin Zhao

DOI: https://doi.org/10.1061/41202(423)150

2011-01-01

Abstract:With the global escalation of terrorist attacks, water supply network has become the weak links exposed to terrorists. Many countries have already raised infrastructure security as homeland security strategies, developing a corresponding tool to simulation and analysis vulnerability for the water distribution system (WDS). This paper is aiming at the non-source pollution in the WDS, and the water quality monitoring points are established. According to the theory of tracing exogenous pollutants in water distribution network, the model is developed by TEVA-SPOT optimizing monitoring point placement of water quality. This study is working to reduce system vulnerabilities, prevent and prepare for terrorist attacks, minimize public health impacts and infrastructure damage, and enhance recovery.

高会生,尹霞

DOI: https://doi.org/10.3969/j.issn.1007-2691.2002.03.017

2002-01-01

Abstract:The design and implementation of the TMN information transformation system based on network monitoring are described in this paper. The system functions, including packets captured, information filtered and message transmission, satisfy the needs of the integration network management. It has been successfully used in the telecommunication network for electric power.

宫学庆,闫莺,常建龙,张晨,周傲英

DOI: https://doi.org/10.3778/j.issn.1673-9418.2008.02.006

2008-01-01

Abstract:Network traffic monitoring has been paid more and more attention in the telecom industry. As the network transmission bandwidth is increasing constantly,the traditional disk- based processing technology has not be able to meet the needs of operation management. Data stream processing technology could be applied to invent a new solution for the network traffic monitoring applications. SMART[1,2] and RealMon[3] are two net- work traffic monitoring tools developed by us,which are based on data stream processing technology. Aim- ming at meeting the requirements for network traffic monitoring of Shanghai Telecom’s backbone network,the design and application of the two systems are discussed. SMART is employing frequent items mining algo- rithm over data streams to support the Top- K queries over long- time sliding window. It achieves real- time traffic monitoring over lots of NetFlow streams. RealMon adapts dimension reduction analysis method to moni- tor the huge amount of SNMP messages which gather from routers in telecom backbone network. It monitors the correlations of thousands of network links and finds the traffic anomalies. Experiments and deployments in a real- life environment show that SMART and RealMon could meet the needs of traffic monitoring on back-bone network and greatly improve the performance of the monitoring system.

xiangjun ren,zhiqiang wei,zuojuan liang,hong liu,haihong kang

DOI: https://doi.org/10.1109/CISP.2012.6469855

2012-01-01

Abstract:As the integration of telecommunications networks, cable TV networks and the Internet in China, the users who choose digital TVs to enjoy kinds of programs will become more and more. However, the security problem of the digital signal transmission process is still a crucial problem and hinders the rapid development of the application of digital TVs. A security system for the data transmission of digital TVs is proposed in this paper. The system consists of two parts: the attack detection platform and the graded protection and response emergency system for the whole network. By utilizing the composite digital watermarks, we offer a method for protection and detection in the system-wide. Furthermore, the system realizes the illegal content detection, protection, warning, location and handling in a real-time manner. Besides, the system achieves no blind spot detection and graded response and protection for the whole networks. Finally, we propose a test bed to simulate the proposed security system.

GAN Liang,LI Run-heng,JIA Yan,LIU Jian

DOI: https://doi.org/10.3969/j.issn.1007-130X.2013.03.012

2013-01-01

Abstract:In the applications of large-scale network security monitoring,data stream of security events is analysised real-timely to acquire the characteristic of current security in the network and to assess dynamically the current security situation with Stream OLAP by building Stream Cube.Because of the limited memory capacity, Stream Cube only concerned about the current data within the time window,but expired data is stored approximately or simply discarded,so it do not support the query with time beyond the scope of current time window.We propose a real-time StreamCube-based multi-dimensional and multi-level analysis framework on security event stream, Hybrid Storage-StreamCube,which is implemented by a two-tier (memory and disk) storage model.On the basis of characteristics of data stream,we focus on the modeling,building,storing and querying of HS-StreamCube within the two-tier storage model.Efficient experiments verify the availability and efficiency of the system.

Wencong Cheng,Xishan Xu,Yan Jia,Peng Zou

DOI: https://doi.org/10.1109/waim.2008.65

2008-01-01

Abstract:This paper considers the problem of the dynamic risk assessment for the network based on the threat stream analysis. We analyze the general approach to do the network dynamic risk assessment. A stream based cube model is built to analyze the characteristics of the threat stream. Then combining with the research about the description and analysis of the threat effect, we propose the architecture of the network dynamic risk assessment.

WEN Yan,WANG Huai-ming,HU Hua-ping

DOI: https://doi.org/10.3969/j.issn.1007-130x.2005.10.006

2005-01-01

Abstract:With the development and prevalence of networks,the security inside the networks is becoming more and more important.How to monitor and control the actions of host computers in LANs is the key to solving this question.This paper introduces the framework and functions of distributed network monitoring system based on the C/S model,and discusses several key technical points such as software architecture,packet decode engine,and so on.Finally the paper gives the application trend of this system and the test results.

Likun Liu,Hongli Zhang,Xiangzhan Yu,Yi Xin,Muhammad Shafiq,Mengmeng Ge

DOI: https://doi.org/10.1155/2018/9809345

2018-01-01

Wireless Communications and Mobile Computing

Abstract:During the last decade, rapid development of mobile devices and applications has produced a large number of mobile data which hide numerous cyber-attacks. To monitor the mobile data and detect the attacks, NIDS/NIPS plays important role for ISP and enterprise, but now it still faces two challenges, high performance for super large patterns and detection of the latest attacks. High performance is dominated by Deep Packet Inspection (DPI) mechanism, which is the core of security devices. A new TTL attack is just put forward to escape detecting, such that the adversary inserts packet with short TTL to escape from NIDS/NIPS. To address the above-mentioned problems, in this paper, we design a security system to handle the two aspects. For efficient DPI, a new two-step partition of pattern set is demonstrated and discussed, which includes first set-partition and second set-partition. For resisting TTL attacks, we set reasonable TTL threshold and patch TCP protocol stack to detect the attack. Compared with recent produced algorithm, our experiments show better performance and the throughput increased 27% when the number of patterns is 106. Moreover, the success rate of detection is 100%, and while attack intensity increased, the throughput decreased.

WANG Shan,CHEN Song,ZHOU Ming-tian

DOI: https://doi.org/10.3778/j.issn.1002-8331.2009.10.026

2009-01-01

Abstract:The current Network Management System(NMS) has the following problems:lack of monitor and management of network flow;lack of value-added service function,such as security,counting and network optimization;not supporting the analysis of high layer network management businesses demanded by network administrators and high-level managers.This paper designs a new network flow analysis system(FlowMonitor) to promote NMS and to solve the deficiencies of the conventional NMS.Focusing on the high layer requirements in network management,FlowMonitor can satisfies users'demands for analysis of using status,security defense and counting model based on the network flow.

Baojun Zhou,Jie Li,Xiaoyan Wang,Yu Gu,Li Xu,Yongqiang Hu,Lihua Zhu

DOI: https://doi.org/10.26599/bdma.2018.9020005

2018-01-01

Big Data Mining and Analytics

Abstract:Owing to the explosive growth of Internet traffic, network operators must be able to monitor the entire network situation and efficiently manage their network resources. Traditional network analysis methods that usually work on a single machine are no longer suitable for huge traffic data owing to their poor processing ability. Big data frameworks, such as Hadoop and Spark, can handle such analysis jobs even for a large amount of network traffic. However, Hadoop and Spark are inherently designed for offline data analysis. To cope with streaming data, various stream-processing-based frameworks have been proposed, such as Storm, Flink, and Spark Streaming. In this study, we propose an online Internet traffic monitoring system based on Spark Streaming. The system comprises three parts, namely, the collector, messaging system, and stream processor. We considered the TCP performance monitoring as a special use case of showing how network monitoring can be performed with our proposed system. We conducted typical experiments with a cluster in standalone mode, which showed that our system performs well for large Internet traffic measurement and monitoring.

Zhiyong Shan,Vinod Namboodiri

DOI: https://doi.org/10.24297/ijct.v20i.8841

2020-09-10

Abstract:In recent years, the emerged network worms and attacks have distributive characteristics, which can spread globally in a short time. Security management crossing network to co-defense network-wide attacks and improve the efficiency of security administration is urgently needed. This paper proposes a hierarchical distributed network security management system (HD-NSMS), which can centrally manage security across networks. First describes the system in macrostructure and microstructure; then discusses three key problems when building HD-NSMS: device model, alert mechanism, and emergency response mechanism; at last, it describes the implementation of HD-NSMS. The paper is valuable for implementing NSMS in that it derives from a practical network security management system (NSMS).

English Else