ZHANG Bo,LI Wei-Hua

DOI: https://doi.org/10.3969/j.issn.1002-137x.2006.03.027

2006-01-01

Abstract:The phishing hazard becomes more and more terrible.This paper introduces and analyses the phishing attack behaviors.It adopts the methods of building the attack forest and sorting the attack behaviours and then constitutes the attack model.It presents the anti-phishing theory system and some countermeasure.Furthermore it analyses the phishing attack and defence based on the IPv6.

Daojing He,Sammy Chan,Yan Zhang,Chunming Wu,Bing Wang

DOI: https://doi.org/10.1109/mis.2013.105

IF: 6.744

2014-01-01

IEEE Intelligent Systems

Abstract:Attack-defense models play an important role in the design of cybersecurity systems. Here, the authors review some traditional and prevailing attack-defense models along with their weaknesses. Then, they survey some recently proposed paradigm shifts to these models based on which more effective security strategies can be designed. Further, they provide some suggestions on how to adopt the new models, and present challenges that need to be addressed in this field.

QIN Junning,HAN Jiajia,ZHOU Sheng,WU Chunming,CHEN Shuangxi,ZHAO Ruoyan,ZHANG Jiangyu

DOI: https://doi.org/10.11959/j.issn.1000-0801.2020143

2020-01-01

Abstract:The unbalanced development status of network security was introduced.The main hazards and the mechanism model of penetration testing were described,and the inherent shortcomings of many existing traditional defense methods were analyzed.However,new method of the mimic defense model makes the attack information obtained invalid by dynamically selecting the executive set and adaptively changing the system composition.The same attack mode is difficult to be maintained or reproduced.Based on the attack chain model,the traditional defensetechnology and mimic defense technology were analyzed and compared,and it was demonstrated that it had a protective role in multiple stages of the attack chain.Finally,the effectiveness and superiority of the mimic defense was verified by experiments,and the model was summarized and prospected.

Fei Yu,XiaoPing Dai,Yue Shen,Huang Huang,Miaoliang Zhu

DOI: https://doi.org/10.1109/ICSSSM.2005.1500110

2005-01-01

Abstract:The problem in network security presently is how to get real-time intrusion detection and alert. In the paper, we design Intrusion Detection System architecture and arithmetic again, meanwhile put forward an improved pattern matching arithmetic based on protocol analysis and theorization machine on Frete. New architecture can use network processor to collect and analyze data in network bottom, which enhance the speed and efficiency in Detection System.

LUO Dan,LIU Wan-Jun,LUO Chao,CAO Long-Bing,DAI Ru-Wei

DOI: https://doi.org/10.3969/j.issn.1002-137X.2005.05.005

2005-01-01

Computer Science

Abstract:In recent years, telecom frauds have been getting more and more widespread in either western developed countries or other developing countries. Many telecom operators and experts in this field have recognized the serious- ness and persistence of telecom frauds, they have worked together to develop strategies, algorithms and tools for de- tecting, analyzing and preventing fraudulent activities. However, the above work including industrial practices has shown to be unsatisfactory. In this paper, we focus on finding a hybrid strategy for intelligent analysis and control of frauds in terms of systematism and the methodology of metasynthesis. We first discuss the complexity of telecom fraudulent activities from multiple-dimension point of view. Furthermore, we present an approach for system analysis and design of fraud system: a package solution of intelligent analysis and control from life cycle of fraudulent activity, and a five-model and four-analysis method. A framework of intelligent analysis and control system for dealing with frauds is also shown. Our case study of owe fee classification and a system prototype shows that our strategy is valu- able and feasible for systematic and scientific decision making of dealing with telecom frauds.

Jonghyun Kim

2005-01-01

Abstract:Many early Internet protocols were designed without a fundamentally secure infrastructure and hence vulnerable to attacks such as denial of service (DoS) attacks and worms. DoS attacks attempt to consume the resources of a remote host or network, thereby denying or degrading service to legitimate users. Network forensics is an emerging area wherein the source or the cause of the attacker is determined using IDS tools. The problem of finding the source (s) of attack (s) is called the “trace back problem”. Lately, Internet worms have become a major problem for the security of computer networks, causing considerable amount of resources and time to be spent recovering from the disruption of systems. In addition to breaking down victims, these worms create large amounts of unnecessary network data traffic that results in network congestion, thereby affecting the entire network.

Wei Li,Lei Li,Bo Gu

DOI: https://doi.org/10.12783/DTSSEHS/ICED2017/15152

2017-11-06

Abstract:This paper analysis the reason of the college students are often subject to "telecom and network fraud", students' lack of social experience, vulnerable to lure, personal information leakage is serious, the information protection consciousness. Lack of fraud prevention education, online fraud is difficult to eradicate the problem in-depth analysis. Thus, colleges and universities will take "telecom and network fraud" risk prevention into students' daily education management system, to establish risk prevention screening mechanism, establishment of early warning mechanism to prevent risks, prevent "telecom and network fraud" attacks on campus again.

Computer Science,Business,Education

Zhaobin Liu

2006-01-01

Abstract:Based on detection prevention-data fusion analysis and data mining-response,a layered intrusion prevention system(IPS) model is proposed.The IPS based on multi-sensor data fusion and data mining has more reasonable and availability than single system.This work improves the traditional firework technology and intrusion detection system,solves the problem of intranet safety,failing to report and attacking with new DoS incurred because of it.The design is the generalization.So it can be extended to other enterprise easily.

ZHANG Tao,HU Ming-zeng,YUN Xiao-chun,ZHANG Yong-zheng

DOI: https://doi.org/10.3321/j.issn:1000-436x.2005.12.017

2005-01-01

Abstract:The research of security analysis needed a systemic security analysis model that was from the system resource and security factor of computer network.For the classification,rate and the main threaten of the security requirement,system devices,access privilege,host connection relation and vulnerability were analyzed,and the computer network attack from the point of view that the attacker's objective was to get privilege escalation was described.The computer system security analysis by fault tree and the network system security analysis by attack graph use the security analysis model.

Yanli Liu,Meng Cui

DOI: https://doi.org/10.1007/978-3-030-51431-0_39

2020-07-24

Abstract:Since the new century, with the gradual popularization of computer networks around the world, network security defense methods have become more sophisticated and comprehensive, but they are still unable to defend against increasingly sophisticated and increasingly globalized virus attacks. In the process of network use and promotion, the influence of viruses on the network and hackers’ attacks have become an important factor threatening network security. Especially when people use the Internet to pay funds, remittances and other online financial activities, network security has become a constant topic. Establishing an efficient network security incident response system is of great significance for the network to better play its role. Based on the research of network security monitoring, network attack defense, network data backup and recovery theory and technology, this paper studies the strategy model of network security incident response, and uses relevant theories and methods of software engineering, combined with programming languages, to achieve Related application modules of this model. This article implements a low-cost, high-performance multi-data backup and recovery system that works in conjunction with other security devices and systems in the network. The overall structure and workflow are analyzed and designed to achieve multi-point backup and Fast recovery, efficient synchronization strategy for remote data, etc. The experimental research found that the network security incident response system can effectively reduce the security risk of the internal network, with a security proportion of more than 92%.

LI lang,LI Renfa,LI Kenli

DOI: https://doi.org/10.3969/j.issn.1671-1815.2006.02.011

2006-01-01

Abstract:Presently, aiming at the increasingly serious campus network security, a set of more efficient and perfect model of active defense are propose. This model organically joins intrusion detection and deception techniques, adopt the technology of the honeynet to draw the characteristic storehouse of the attack, transmit the mechanism through XML news, realized an intact active defense system model, the relevant sore technology is discussed.

Di Li,Yikun Hu,Guoqing Xiao,Mingxing Duan,Kenli Li

DOI: https://doi.org/10.1002/cpe.7577

2023-01-01

Concurrency and Computation Practice and Experience

Abstract:SummaryWith the rapid development of the internet, cyberspace security issues have become increasingly prominent. The importance of constructing a cyberspace security system is self‐evident, but compared with attackers, defenders in cyberspace are in a castle‐like passive defense state in most cases. Therefore, building a reliable, accurate, timely, and active defense system is challenging. The key is to accurately focus on defense priorities, the anticipation of attackers who will likely succeed, and blocking attacks in a timely manner. In this article, we propose an active defense model based on the interaction of situational awareness and firewalls. First, by biasing the integrity, confidentiality, and availability of assets to get the score of assets, and using the Common Vulnerability Scoring System to assess the threat level of assets, we combine the two to determine the maximum system damage that the asset will suffer if it is lost, and then focus on defense. Meanwhile, log analysis of the network situational awareness platform can predict successful attackers, and then the linked firewall strategy can block these attacks in time before the attackers obtain attack gains. After that, we force the attackers to give up their attacks on the target by increasing the attack cost. We compared our model with iptables auto‐blocking and nginx auto‐blocking, and our model excelled them across the board in terms of comprehensiveness and false positive rate. The experimental results verify thar our active defense model proposed in this article can better reduce the defense cost and increase the attack cost, thus achieving the relatively defense goal.

Zhang jing,Hu huaping,Liu bo,Xiao fengtao,Chen xin

DOI: https://doi.org/10.3969/j.issn.1674-9456.2010.07.011

2010-01-01

Abstract:Because of the present architecture of Internet and the lack mechanism of certifi cation making DDoS attacks occurs very easy. And the fast development of botnet has been offered powerful tool for DDoS attacks. DDoS attack is one of major threat of network security, so how to defend DDoS attacks become a hot point of network security research. Based on the model of DDoS attacks and analyzing the reason of attacks’ occur, we introduce the defense technology of DDoS attacks from four aspects: attack prevention, attack detection, attack response and attack source tracking. In the last, we suggest the worthy research points.

Huaijun Wang,Dingyi Fang,Hao Dong,Yuanxiao Lei,Xiaoqing Gong,Yuanxiang Gu

DOI: https://doi.org/10.1109/HPCC.and.EUC.2013.163

2013-01-01

Abstract:In recent years, software faces more and more security threats, such as software piracy, malicious reverse engineering, software tampering, which make much loss to software users or software manufacturers. The idea and process of attacking software can give us guidance on how to prevent the attack and protect software effectively. In this paper, we understand software attack (in the paper software attack mostly means software Reverse Engineering attack) process by modeling it. We model software attack process based on the Marked Petri Net, called SAMMPN, which is a six-tuple (P, T, F, Path, Rate, Cost). Then, based on the SAMMPN, we propose methods to guide software attacks, to evaluate software protection and to improve protection techniques. At last, we verify the SAMMPN by a case, which shows unpacking guidance, evaluates four kinds of Packers and gives improving suggestions for these Packers. The case shows that SAMMPN can help us effectively understand the software attack process and improve software protection.

Wei JIANG,Zhi - hong TIAN,Xiang CUI

DOI: https://doi.org/10.25103/jestr.065.15

2013-01-01

Journal of Engineering Science and Technology Review

Abstract:With the rapid development of computer network and information technology, the Internet has been suffering from a variety of security attacks over the past few years. Attacks have become both numerous and complex, and the defender can not understand. In order to understand and defend against cyber attacks, it is necessary to understand the kind of attack. In this paper, we study computer and network attacks, and introduce a classification of them and propose a cyber attack classification called DMAT (Defense-oriented Multidimensional Attack Taxonomy). We use nine categories to describe the characteristic of the attack, which are attack target, attack impact, attack purpose, attack cost, attack exploiting, attack source, attack automation, attack loss and defense. The ninth category in the DMAT, classification by defense, is used to provide the defender with instructions of how to defense an attack. Compared to the existing taxonomies, our taxonomy efficiently classifies complex attacks and guide the defender to defense the possible attack. © 2013 Kavala Institute of Technology. All rights reserved.

CHEN Chun-xia,HUANG Hao

DOI: https://doi.org/10.3969/j.issn.1001-3695.2005.07.040

2005-01-01

Abstract:It needs to further investigate t echnology of network attack to protect the network security. Attack models can help in describing and analyzing the course of attack structurely and effectively, further more, they can help in sharing the security knowledge and improving the efficiency of attack detectio n and security prediction. This article analyzes and compares several attack mod els in common use at present,and then prospects the future directions of attack model research in the end.

KANG Xiaolong,ZHANG Yuqing,TIAN Yumin

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.23.044

2005-01-01

Abstract:This paper puts forward the frame of network attack platform,designs and complements attack decision-making system model according to hacker’s attack process in attack theory,and points out the methods to improve it.Finally the paper puts emphasis on the merits and advantages of the model,and analyzes more application conditions about it beyond detection.

GUO Wei,WU Jiangxing,ZHANG Fan,SHEN Jianliang

DOI: https://doi.org/10.19363/j.cnki.cn10-1380/tn.2016.04.003

2016-01-01

Abstract:The incompletion of current automata model for system state expression and the singleness of angle on mod-eling cannot meet the requirement for characterization of cyberspace attack and defense. To address the problem, this pa-per proposes an angle-variable Zooming Finite Automaton (ZFA) structure. In ZFA, a complete set of parameters is used to identify the status of the state, and the observation coefficient it set up to enhance the ability of system analysis in a multi angle. The cyberspace attack and defense model and the security performance analysis method are given by means of the ZFA structure. The analysis reveals the natural disadvantage of the traditional security methods and the limitations of the moving target defense technology. Finally, the core components of the Cyberspace Mimic Defense (CMD) theory--ex-ecutive isomer architecture is discussed, and theoretically proved that the super linear growth of uncertainty can be ob-tained by construction at“Multi parameter”.

Xuemiao Zhang,Chong Fu,Jia Lu

DOI: https://doi.org/10.3969/j.issn.1000-386x.2017.09.032

2017-01-01

Abstract:Network system is becoming increasingly large,and security issues have become increasingly prominent.Due to the large-scale,complex and indirect trend of network attacks,as well as the insufficient ability and lack of awareness of the website system's security,minor enterprises and institutions are suffering huge losses.In view of this situation,we present a self-defense system model based on network situational awareness.On the basis of this model,we designed the decision mechanism based on attack threshold,and put forward some idea of solving different attack events with specific methods,and finally proposed a structural implementation scheme.By obtaining required data from system and deducing the attack number according the rule of decision mechanism and comparing with the attack threshold,system senses the happening to some attack events.The experiments verify the feasibility and simplicity of the judgment mechanism of self-defense system.

ZHU Jie,ZHANG Gexiang,WANG Tao,ZHAO Junbo

DOI: https://doi.org/10.13335/j.1000-3673.pst.2016.08.023

2016-01-01

Abstract:Aiming to distort power system state estimation by efficiently bypassing traditional bad data detection and identification algorithms,fraudulent data pose a great threat to safe and reliable operations of power systems.Therefore,more attention should be paid to investigate data security vulnerabilities of real power systems and formulate corresponding defense mechanism during process of constructing secure smart grids.For this reason,basic principles of fraudulent data and their impacts on power systems are firstly discussed.Secondly,according to feasible ways of constructing fraudulent data,their manipulation methods are classified into 2 categories:manipulating data collection and corrupting data communication.Thirdly,according to their capabilities,defense mechanisms are classified into 3 types:detection,identification and containment.Then merits and demerits of these defense mechanisms are discussed.Finally,some issues in urgent solution need about fraudulent data attacks and defense mechanisms are pointed out.