Beipeng Mu,Xinming Chen,Zhen Chen

DOI: https://doi.org/10.1109/cmc.2011.130

2011-01-01

Abstract:Network Security Appliances are deployed at the vantage point of the Internet to detect security events and prevent attacks. However, these appliances are not so effective when it comes to distributed attacks such as DDoS. This paper presents a design and implementation of collaborative network security management system (CNSMS), which organize the NetSecu nodes into a hybrid P2P and hierarchy architecture to share the security knowledge. NetSecu nodes are organized into a hierarchy architecture so they could realize different management or security functions. In each level, nodes formed a P2P networks for higher efficiency. To guarantee identity trustworthy and information exchange secure, PKI infrastructure is deployed in CNSMS. Finally experiments are conducted to test the computing and communication cost.

WU Ji-yi,PING Ling-di,FAN Rong,Zhijie Lin

2008-01-01

Abstract:With the increasing demand of computer networks security,the distributed intrusion detection technology becomes an important research area.However,the traditional distributed intrusion detection systems have some shortcomings in certain aspects,such as distributivity,flexibility,interoperability,detecting efficiency,and insider threat avoidance etc.To deal with the insider threat more effectively,P2P overlay IDS based on an adaptive trust alert correlation was proposed.Under JXTA P2P framework,a P2P overlay IDS prototype system was implemented,and its effectiveness to prevent the spread of a real Internet worm was evaluated over an emulated network.The experiment results show the P2P overlay IDS significantly increases the overall survival rate of vulnerable peers in network.

Xinming Chen,Beipeng Mu,Zhen Chen

DOI: https://doi.org/10.1109/cmc.2011.94

2011-01-01

Abstract:Malicious attacks are frequently launched to make specified network service unavailable, compromising end hosts for political or business purpose. Though network security appliances are widely deployed to resist these attacks, there is a lack of dynamic and collaborative platform to flexibly configure and manage all the security elements. In this paper, we present NetSecu, a platform based on Java and Click Router, which can dynamically enable, disable and configure security elements such as firewall, IPS and AV. Furthermore, a collaborate module is implemented to integrate individual NetSecu platform into a Secure Overlay Network, providing collaborative traffic control against DDoS attack. Equipped with collaborate module, NetSecu platforms are organized in a tree hierarchy where each level node is registered to its father node. A Central Management Site acts as the root node for large scale deployment. The policy is distributed from higher level to lower level NetSecu nodes, while security events are aggregated from lower level to higher level. Performance evaluation shows that our NetSecu system can achieve line rate with and without security function. Finally we deploy the NetSecu platform in multiple sites, where our design is fully demonstrated and tested.

Zhijun Zhang

2011-01-01

Abstract:As the use of distributed deployment of a large number of heterogeneous security devices in order to build network security defense system generates a mass of security event information which is difficult to effectively manage and the security monitoring systems that are deployed in different places are difficult to manage integratedly, united platform model for network security management is proposed. According to the actual distribution of Yunnan security monitoring systems, the platform establish a level of information system by the use of distributed technology. Platform designs and analyzes its oriented network security managers system architecture and uses risk assessment and event correlation to analyze network operating conditions in real-time, reduce false alarm ratio so that network security managers can find security accidents precisely and respond promptly. And then the paper describes key technologies such as distributed data model,secure event standardization model,secure communication and control protocol in detail.

WUChunming

DOI: https://doi.org/10.3969/j.issn.1009-6868.2016.01.009

2016-01-01

Abstract:Dynamic network proactive security defence is an effective method for solving the unknown vulnerabilities and back door attacks in the information system. In this paper, the evolution defense mechanism (EDM) is proposed. According to the security status, network system security needs, EDM can select the best network configuration change elements to deal with potential attacks and ensure the safety requirements of a specific level. Dynamic reconfiguration and changes of the network need to be considered in accordance with the security situation of the system and the possible network attacks. The key is how to detect and the security situation and network attacks. It proposes that study on dynamic network proactive security defense in China is in the initial stage, and there is stil much work to do.

Fuye Han,Zhen Chen,HongFeng Xu,Haopei Wang,Yong Liang

DOI: https://doi.org/10.1504/ijsn.2012.053459

2012-01-01

International Journal of Security and Networks

Abstract:Botnets are extremely versatile programs used in many network attacks, such as sending large volumes of spam or launching Distributed Denial-of-Service DDoS attacks. Botnets can switch command-and-control servers automatically, which makes completely suppressing botnets very challenging. In this paper, we present a collaborative botnet suppression system based on an overlay network, with one control center node and several suppression nodes. The suppression nodes automatically collect network traffic information and deploy suppression rules; the control center node gathers all collected data, and processes this data by using a botnet detection algorithm. Once botnets are detected, the control center node generates and distributes suppression rules. In order to prevent an excessive growth of the rules set, the system automatically identifies and removes invalid rules through an efficient feedback mechanism.

Chen Junhua

DOI: https://doi.org/10.1109/IMCCC.2013.79

2013-09-21

Abstract:To solve the lack of collaborative control and whole effect of security modules in the traditional early-warning systems, a novel network security collaborative early-warning technology is studied and a collaborative control framework and early-alert info quick-publish mechanism is proposed. This framework was based on multi-agent, which can make secure modules in the framework be associated with each other to accomplish to communication and work together. Furthermore, two corresponding multicast trees of early-alert information publish are established based on two multi-agent network typology structures: the bottom random overlay network and top hypercube structured overlay network. Simulation results show that this network security collaborative early-warning can make all module functions work normally and reduce this info load and publish time, furthermore, improve the network security system's collaborative defense capability well.

Computer Science

Jia Xu,Jia Yan,Liang He,Purui Su,Dengguo Feng

DOI: https://doi.org/10.1109/CloudCom.2010.16

2010-01-01

Abstract:Massive Internet invasions implemented through the distributed platform fabricated by rapid diffusion of malwares, has become a significant issue in network security. We argue that the notion of “Collaborative Security” is an emerging trend in resisting distributed attacks originated from malware. Therefore, this paper proposes a new architecture: CloudSEC, for composing collaborative security-related services in clouds, such as correlated intrusion analysis, anti-spam, anti-DDOS, automated malware detection and containment. CloudSEC is modeled as a dynamic peer-to-peer overlay hierarchy with three types of top-down architectural components. Based on, this architecture, both data distribution and task scheduling overlays can be simultaneously implemented in a loosely coupled fashion, which can efficiently retrieve data resources from heterogeneous network security facilities, and harness distributed collection of computational resources to process data-intensive tasks. Hence, CloudSEC endues the network security infrastructure with the capability of dynamic adaptation and collaboration on an inter-organizational scale. The results of preliminary evaluation demonstrate that, CloudSEC not only delivers a sample service of distributed intrusion correlation with high scalability and robustness, but also achieves remarkable effectiveness in data sharing and task scheduling.

Jiang Bian,Remzi Seker,Mengjun Xie

DOI: https://doi.org/10.1109/icnsurv.2013.6548542

2013-01-01

Abstract:The application areas for Unmanned Aircraft (UA) Systems (UAS) are constantly expanding. Aside from providing an attractive alternative in applications that are risky for humans, smaller UAS become highly attractive for applications where use of larger aircraft is not practical. This paper presents the UAS Collaboration Wireless Network (UAS-CWN), a secure and reliable UAS communication mesh-network. This solution is proposed for the circumstances where a large number of UAS are deployed to cooperatively accomplish a mission such as surveillance in hostile environments. The proposed UAS-CWN system provides high fault-tolerance through use of information dispersal algorithm and meanwhile reduces the risk of information exposure to the adversaries via security-enhancing mechanisms. Our evaluation shows promising results. Especially, a UAS-CWN with high security-level settings can withstand losing 30% of the total number of unmaned aircrafts while steadily achieving above 96% data recovery rate.

Li Xiao,Yunhao Liu

2004-01-01

Abstract:Current and future Internet and distributed systems rely on both centralized client-server model and decentralized peer-to-peer (P2P) model. P2P model is an emerging technology aiming to effectively utilize and manage increasingly large and globally distributed information and computing resources, complementing the available client-server services. In order to truly adopt the P2P model for deploying large-scale Internet applications, and timely merge this model as an indispensable component in the main stream of distributed computing technology, we must address several major technical challenges including the efficiency of overlay networks, cost-effective P2P information search, and privacy and security protection of peers. This dissertation focuses on addressing two critical issues. The first issue is topology mismatch problem between P2P overlay networks and the underlying physical networks in unstructured P2P systems. Addressing topology mismatch problem can fundamentally improve overall search performance of P2P systems. We demonstrate the seriousness of the topology mismatch problem, and define an optimal overlay problem that is proved to be a NP-hard problem. We then develop several effective schemes and algorithms to alleviate the topology mismatch problem. Our proposed algorithms are completely distributed, scalable and effective. Simulation studies show that the total traffic and response time of the queries can be significantly reduced by these schemes without shrinking the search scope. The second issue is overlay distributed denial-of-service (DDoS) attack in P2P systems. Most previous security techniques protect networks from network-layer DDoS attacks, but cannot be applied to overlay DDoS attacks. We propose a distributed and scalable method, DD-POLICE, to detect malicious nodes in order to defend P2P systems from overlay flooding-based DDoS attacks. We show the effectiveness of DD-POLICE by simulation studies and implementation on Gnutella 0.6 protocols. We believe that widely employing these proposed approaches will make P2P systems more scalable and robust.

Jian-liang SUN,Yong-zheng MANG,Xiao-chun YUN

DOI: https://doi.org/10.3969/j.issn.1000-3428.2011.13.041

2011-01-01

Abstract:In view of existing work's lack of scalability and uniformity,this paper presents an universal collaborative interaction model and system based on Von Neumann architecture for network security(UINAS).According to the UINAS,it implements a system and tests real data to verify system's effectiveness.Experimental result shows that the UINAS and the system proposed in this paper are of good universality,scalability,applicability and they can effectively accomplish single and multi source collaborative interaction tasks,find associations between multi-source security events.

HUANG Jia-Lin,Liu Hai-Tao,Mei Zhen-Kun,Gan Miao-Jin,Sun Qian

2008-01-01

Periodical of Ocean University of China

Abstract:The management of a large campus network is complex and difficult.An effective network management system is basical for secure and steady network.The current network management systems focus on the management of the equipment,they have not related network management to the network user behavior.The System Based on User Network Behavior Monitoring and Controlling amalgamated the technical character of various system manufacturer.Because of making use of the functions and the management messages of the present network equipments and systems,analyzing and ruling the user's network behavior,and eliminating the effect of the bad network behavior,it can maintain a secure and steady network and reduce the network manager's workload.

Tianning Zang,Xiao-chun Yun,Tianyi Zang,Yongzheng Zhang,Chaoguang Men

DOI: https://doi.org/10.1109/icpads.2010.88

2010-01-01

Abstract:On open digital computing infrastructure, various large-scale and complicated malicious behaviors are increasingly threatening the security of digital computing infrastructure. In this paper, a Cooperative Work Model (CRM) is presented by extending the conceptions of the Universal Turing Machine to deal with the threats. Then the Cooperative Work System Framework (CWSF) is derived from the model. Based on the framework, two practical Cooperative Work Systems (CWSs) are developed to track and analyze the Botnet and DDoS on digital computing infrastructure respectively. The systems collectively use and coordinate various monitoring systems distributed in the back-bone network of the infrastructure. The experimental results of analyzing typical security events show that the framework and systems are efficient and effective to collaboratively use diverse related network systems for monitoring and analyzing the large-scale network events. Currently, the systems are running steadily in the monitoring environment of a large-scale back-bone network.

Zhen Chen,Wenyu Dong,Hang Li,Peng Zhang,Xinming Chen,Junwei Cao

DOI: https://doi.org/10.1109/tst.2014.6733211

2014-01-01

Abstract:A data center is an infrastructure that supports Internet service. Cloud computing is rapidly changing the face of the Internet service infrastructure, enabling even small organizations to quickly build Web and mobile applications for millions of users by taking advantage of the scale and flexibility of shared physical infrastructures provided by cloud computing. In this scenario, multiple tenants save their data and applications in shared data centers, blurring the network boundaries between each tenant in the cloud. In addition, different tenants have different security requirements, while different security policies are necessary for different tenants. Network virtualization is used to meet a diverse set of tenant-specific requirements with the underlying physical network, enabling multi-tenant datacenters to automatically address a large and diverse set of tenants requirements. In this paper, we propose the system implementation of vCNSMS, a collaborative network security prototype system used in a multi-tenant data center. We demonstrate vCNSMS with a centralized collaborative scheme and deep packet inspection with an open source UTM system. A security level based protection policy is proposed for simplifying the security rule management for vCNSMS. Different security levels have different packet inspection schemes and are enforced with different security plugins. A smart packet verdict scheme is also integrated into vCNSMS for intelligence flow processing to protect from possible network attacks inside a data center network.

Wu Liu,Ping Ren,Ke Liu,Hai-Xin Duan

DOI: https://doi.org/10.1109/FSKD.2011.6019988

2011-01-01

Abstract:In traditional network security management systems, system administrators could not prevent malicious users from illegal actions in time. In this paper, we first present a User Cooperation Trust Model (UCTM) which not only encourages the good behavior liberally, but also punishes those minatory behaviors decisively. Then based on UCTM we proposed and implemented the trust based P2P Network Security Management System (T2SMS) which dynamically evaluate user's reputation correlated with the user's privilege in the network. With T2SMS, a malicious user will be kicked out from the network system and refused from accessing resources of the network automatically when the user's reputation is lower than some threshold. © 2011 IEEE.

Ming Liu,Lu Ma,Chao Li,Ruiguang Li

DOI: https://doi.org/10.1109/icet49382.2020.9119607

2020-01-01

Abstract:The essence of network security is the asymmetric online confrontation with the partial observable cyber threats, which requires the defense ability against unexpected security incidents. The existing network intrusion detection systems are mostly static centralized structure, and usually faced with problems such as high pressure of central processing node, low fault tolerance, low damage resistance and high construction cost. In this paper, exploiting the advantage of collaborative decision-making of decentralized multiagent coordination, we design a collaborative cyber threat perception model, DI-MDPs, which is based on the decentralized coordination, and the core idea is initiative information interaction among agents. Then, we analysis the relevance and transformation conditions between the proposed model, then contribute a reinforcement learning algorithm HTI that takes advantage of the particular structure of DI-MDPs in which agent updates policies by learning both its local cognition and the additional information obtained through interaction. Finally, we compare and verify the performance of the designed algorithm under typical scenario setting.

Jinshu Su,Xiaofeng Wang,Wei Shi,Indrakshi Ray

DOI: https://doi.org/10.1002/sec.1276

IF: 1.968

2015-01-01

Security and Communication Networks

Abstract:The rapid growth of distributed and networking technologies has made our information system more vulnerable to attack threats, malicious behaviors, and unpredictable failures. As the emergence of botnets and advanced persistent threat attacks, the traditional defense technology cannot cope well with the new large-scale and obfuscated malwares. In distributed and virtualized environments, the trust risk of applications has been increased considerably, which made it vital to propose new trust access control technologies. In addition, the complicated system usually comprises a large number of components that are susceptible to unpredictable failures. We need new designs of resilient infrastructure and dependable services. The papers in this special issue focus on the security, trust, and resilience management for distributed and networking computing paradigms, such as wireless sensor network, P2P network, ad hoc networks, virtualized network, and software-defined network. The contributions of these papers are outlined next. To locate the real source of the Internet attacks, existing work is easy to be evaded by attackers and difficult to justify the stepping stones. Sheng Wen et al. introduce the consistent causality probability to detect the stepping stones. They formulate the ranges of abnormal causality probabilities according to the different network conditions and further implement self-adaptive methods to capture stepping stones. To extract signatures for malwares, most existing string-based signatures extracting methods have the problem of inaccuracy and time consuming. Sun Hao et al. present a system for automatically extracting signatures from large-scale malwares, named AutoMal. The system can extract both byte signatures and hashed signatures from the malware network flows with high accuracy. Multi-interface multi-channel can reduce the channel interference and improve the network capacity for multi-hop wireless ad hoc networks. Tong Zhao et al. design a dynamic channel assignment algorithm that can dynamically switch the channels to the less busy ones by monitoring the channel usages. Moreover, the algorithm is designed in a fully distributed way with low overhead For the task allocation in wireless sensor networks (WSNs), traditional solutions for high-performance computing cannot be directly used in WSNs because of limitations of resource availability and shared communication medium. Wenzhong Guo et al. design a discrete particle swarm optimization to generate a structure of the parallel coalitions, and then introduce the game theory and

Junfeng Xie,Zhenhua Li,Guihai Chen

DOI: https://doi.org/10.1109/icpads.2007.4447757

2007-01-01

Abstract:Peer-to-peer computing has become a popular networking paradigm for file sharing, distributed computing, collaborative working, etc. The widely used unstructured peer-to-peer protocols mainly face two problems affecting their working efficiency: 1) inefficient flooding-based search, 2) topology mismatch between the overlay network and its underlying network. In this paper, we propose to organize nodes into a semantic overlay network called CON which is composed of special interest groups based on nodes' contents. CON guides the content search with semantic information so that it avoids most of the flooding cost. In order to alleviate the mismatch problem, nodes in CON initialize links according to their underlay proximity. Simulation results show that our mechanism efficiently increases the query success rate and reduces the traffic cost and query latency. We also compare CON with the similar work, which illuminates that CON performs better in many aspects.

楼润瑜,王备战,王伟

2010-01-01

Abstract:In order to defend the attacks caused by DDOS and worms(or vicious codes) in large scale network,a general,solid,in-depth and distributed active cooperation defense model is presented.A set of achievable methods ranging from systemic architecture,function mechanisms and algorithm descriptions are given.The model,which is demonstrated by the system architecture,function modules and active cooperation defense to stop the attacks,is the integrated and systemic model.It integrates several role security technologies,such as IDS,firework and honeynet,and achieves a complete set of functional mechanisms for active cooperation defense.By the cooperation from the security components within inside and outside the autonomous system(AS),we realize the active cooperation defense which involves the multi-level defense range from network boundary level,kernel level,sub-network level to host level.As a result,the presented model not only can achieve effectively security defense in the large scale network,but also can have the good generality and scalability.

Madhulika Mool,Prajyoti Sabale,Sneha Parpelli,Shalaka Chowriwar,Nilesh Sambhe

DOI: https://doi.org/10.48550/arXiv.1403.3328

2014-03-13

Networking and Internet Architecture

Abstract:Denial of service (DoS) and Distributed Denial of Service (DDoS) attacks continue to threaten the reliability of networking systems. Previous approaches for protecting networks from DoS attacks are reactive in that they wait for an attack to be launched before taking appropriate measures to protect the network. This leaves the door open for other attacks that use more sophisticated methods to mask their traffic. A secure overlay services (SOS) architecture has been proposed to provide reliable communication between clients and a target under DoS attacks. The SOS architecture employs a set of overlay nodes arranged in three hierarchical layers that controls access to the target. We propose an architecture called secure overlay services (SOS) that proactively prevents denial of service (DoS) attacks, which works toward supporting emergency services, or similar types of communication. The architecture uses a combination of secure overlay tunneling, routing via consistent hashing, and filtering. We reduce the probability of successful attacks by: 1) performing intensive filtering near protected network edges, pushing the attack point into the core of the network, where high-speed routers can handle the volume of attack traffic and 2) introducing randomness and anonymity into the forwarding architecture, making it difficult for an attacker to target nodes along the path to a specific SOSprotected destination. Using simple analytical models, we evaluate the likelihood that an attacker can successfully launch a DoS attack against an SOS protected network. Our analysis demonstrates that such an architecture reduces the likelihood of a successful attack to minuscule levels.