黄勇,陈小平,潘雪增,陈红洲,蒋晓宁

DOI: https://doi.org/10.16208/j.issn1000-7024.2008.09.057

2008-01-01

Abstract:Under the WAN environment,large-scale VPN networks is effectively and safely managed by long-distance centralized mana-gement system based on SNMP.To solve the flaw of topology discovery,a method in which agent initiates registry to the server is pro-posed.After analysis of the SNMPv3 security features,the public key authentication mechanism is introduced and the procedure of key negotiation is discussed in detail.For poor reliability and real-time data transmission of UDP-based SNMP,a strategy of configuration based on XML is given,which is proved to be feasible and efficient by the result of experiment at last.

Zhaohui Hu,Qi Chen,Ruizhao Yu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2001.10.020

2001-01-01

Abstract:This article introduces the implementation of TCP Protocol and the technique of Port Scanning based on the characteristic of TCP Protocol,at the same time,the several implementations of Port Scanning are also described. We also analyze the potential external attacks that can be made because of the weakness of operation system and the ways to avoid suck kinds of attack are also put up.

XU Ming,CHEN Qi,WANG Ling-wu

DOI: https://doi.org/10.16208/j.issn1000-7024.2006.14.052

2006-01-01

Abstract:The architecture ofSNMP is studied and the SNMP isanalyzed.Themodel of SNMP protocol stack is designed which support SNMPv1/v2c and SNMPv3,the core engine of this model in differentsub-modules is designed and implemented.Somepivotal technique like retry and multi-tread is used in communication module,USM model is realized in security module.

HE Tian-he,PAN Xue-zeng

DOI: https://doi.org/10.3969/j.issn.1671-7147.2007.03.016

2007-01-01

Abstract:SNMP provides a way to manage and monitor the computer network.By extending its access control model on the 3rd version,the paper offers two methods : view based access control model(vacm) and role based access control model.It enhances RBAC's power and function.In use SNMPv3 based on Time Enhanced RBAC is more efficient and useful.

Xiao He

2010-01-01

Abstract:This paper analyzes the current methods commonly used in intrusion detection and network intrusion attacks,based on an SNMP-based Intrusion Detection System protocol design.Through reading and analyzing Management Information Base(MIB) of the network connection information,aiming at the characteristics of network intrusion and attacks,The program monitoring the network.The system consists of six modules,to realize network intrusion detection.

张恺伦,江全元

2013-01-01

Abstract:With the promotion and application of wide area measurement systems (WAMS) in power system, the security of its communication system is attracting a growing body of research. To analyze the vulnerability of WAMS communication infrastructures when facing network intrusions, an assessing method of vulnerability based on attack tree model is proposed. First, the attack tree model of WAMS communication system is established, which directly reflects the intrusion scenarios when the system is maliciously attacked. Second, a more reasonable assessing method for the vulnerability of passwords and ports is proposed, as well as the vulnerability of the system with all scenarios taken into consideration. Finally, the paper puts forth the concept of vulnerability sensitivity, which can quantitatively evaluate the effect of changes in the leaf vulnerability on the system, so as to find out the critical port.

Xinzheng Feng,Jun Wu,Kuan Wang,Jianhua Li,Meng Wang

DOI: https://doi.org/10.1109/dasc-picom-datacom-cyberscitec.2017.69

2017-01-01

Abstract:In recent years, a lot of attentions have been paid to Internet of Things (IoT) while IoT is more widely used in life. To ensure the security and stability of the IoT and integrate heterogeneous networks in the IoT, IEEE establishes IEEE P21451 protocol family. And IEEE P21451-1-5 is designed to help IoT to manage network through Simple Network Management Protocol (SNMP) efficiently, but the SNMP based IEEE P21451-1-5 has some security problem. This paper analyses the main structure and security mechanisms of SNMP, and summarize the existing security threats, which can help researchers to improve the security of the IEEE P21451-1-5.

ZHU Min,LI Sheng-hong,JING Tao

DOI: https://doi.org/10.3969/j.issn.1009-444x.2005.01.015

2005-01-01

Abstract:Abstrcat SNMP has become the standard protocol of network management actually,and its security is always the focus that people pay attention to.An easier and less costly security application of SNMP is implemented through adding the secure objects to the MIB to control the application software.

Zhang Kai-lun,Tang Quan,Zhang Hong-gang

DOI: https://doi.org/10.1109/ispec50848.2020.9351155

2020-01-01

Abstract:With the promotion and application of wide area measurement systems (WAMS) in the Energy Internet, the security of its communication system is attracting a growing body of research. To analyze the vulnerability of WAMS communication infrastructures when facing network intrusions, an assessing method of vulnerability based on attack tree model is proposed. First, the attack tree model of WAMS communication system is established, which directly reflects the intrusion scenarios when the system is maliciously attacked. Second, a more reasonable assessing method for the vulnerability of passwords and ports is proposed, as well as the vulnerability of the system with all scenarios taken into consideration. Finally, the paper puts forth the definition of vulnerability sensitivity, which can quantitatively evaluate the effects of changes in the leaf vulnerability on the system, so as to find out the critical port.

Yuyang XUE,Hao ZHOU,Baohua ZHAO

DOI: https://doi.org/10.3321/j.issn:0253-987X.2009.10.011

2009-01-01

Abstract:Aimed at the problem that the vulnerable wireless local area network (WLAN) 802.1X protocol is not susceptible to replay and DoS (denial of service) attacks, etc, an informal method is introduced to analyze the security properties of 802.1X protocol. The method classifies attack behaviors according to the ability of attackers, and from the aspect of the role which attackers can play in the protocols (i.e., imitating normal protocol behavior or breaking normal communication). Then a new method, WLAN active testing, is proposed. Attacks to the protocol running mainbody are implemented by simulating the actions of the attacker which can be used to make up protocol messages. The results are used to determine whether the protocol security vulnerabilities exist or not. Testing results show that the method combines characteristics of both the attacker and the tester to cover some known protocol security vulnerabilities, and has the ability to reveal some potential problems.

霍宝锋,刘伯莹,岳兵,谢冰

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.08.004

2002-01-01

Abstract:A survey of the common network attacks are presented and five kinds of attacks include Probe,DoS,R2L,U2R and Data attacksare analysed.Some important attacks such as SYN Flooding,DDoS,IP spoofing,Trojan,Buffer_overflow and TCP hijack are researched particularly. Finally, as a countermeasure,the intrusion-detection model based on audit record is proposed in detail. ;;;

BAI Jiasong,ZHANG Menghao,BI Jun

DOI: https://doi.org/10.19729/j.cnki.1673-5188.2018.04.002

2019-01-01

Abstract:Software defined networking（SDN）has attracted significant attention from both academia and industry by its ability to reconfigure network devices with logically centralized applications.However,some critical security issues have also been introduced along with the benefits,which put an obstruction to the deployment of SDN.One root cause of these issues lies in the limited resources and capability of devices involved in the SDN architecture,especially the hardware switches lied in the data plane.In this paper,we analyze the vulnerability of SDN and present two kinds of SDN-targeted attacks:1)data-to-control plane saturation attack which exhausts resources of all SDN components,including control plane,data plane,and the in-between downlink channel and2)control plane reflection attack which only attacks the data plane and gets conducted in a more efficient and hidden way.Finally,we propose the corresponding defense frameworks to mitigate such attacks.

王熙,李卫,孙国基

DOI: https://doi.org/10.3969/j.issn.1000-7180.2004.07.021

2004-01-01

Abstract:Since different internet security products have different technical specialties and different functions, how to make them constitute an entire protection system to protect the network has become the hotspot in research. The article introduces a solution for interaction and control platform between the firewall and the Console based on SNMPv3 first, and then it presents the theory, implementation and pros cons of this solution.

王焕然,徐明伟

DOI: https://doi.org/10.3969/j.issn.1000-1220.2004.03.009

2004-01-01

Abstract:With the rapid development of Internet, network management becomes more and more important. The SNMP network management model is the most widely used management model of TCP/IP-based network. The modularization of documentation and architecture and the enhancement of security, which are addressed in SNMPv3, mean the SNMP network management coming to maturity. In this article, the history of SNMP and typical feature of key versions are introduced, some merits and demerits are presented. And, by conclusion, the authors point out the problems at this stage and further work to be done.

WANG Xiang-yu,YI Ping,DU Shang-xin

2011-01-01

Abstract:This article started from the introduction of the basic organization and structure of Wireless Mesh Network(WMN),and then presented the main routing attacks against WMN.Next the authors set up a test bed by taking the SR2 protocol under Click as a basis.Finally the authors studied and tested the vulnerability of the network to the black hole and flood attacks on the test bed,and purposed the detection mechanism and the method to control and exclude the malicious nodes out of the network.

Weidong Fang,Wuxiong Zhang,Wei Chen,Tao Pan,Yepeng Ni,Yinxuan Yang

DOI: https://doi.org/10.1155/2020/2643546

2020-09-10

Wireless Communications and Mobile Computing

Abstract:As a key component of the information sensing and aggregating for big data, cloud computing, and Internet of Things (IoT), the information security in wireless sensor network (WSN) is critical. Due to constrained resources of sensor node, WSN is becoming a vulnerable target to many security attacks. Compared to external attacks, it is more difficult to defend against internal attacks. The former can be defended by using encryption and authentication schemes. However, this is invalid for the latter, which can obtain all keys of the network. The studies have proved that the trust management technology is one of effective approaches for detecting and defending against internal attacks. Hence, it is necessary to investigate and review the attack and defense with trust management. In this paper, the state-of-the-art trust management schemes are deeply investigated for WSN. Moreover, their advantages and disadvantages are symmetrically compared and analyzed in defending against internal attacks. The future directions of trust management are further provided. Finally, the conclusions and prospects are given.

computer science, information systems,telecommunications,engineering, electrical & electronic

Shou-Zhou Liu,Yan-Fu Li,Zhou Yang

DOI: https://doi.org/10.1016/j.egypro.2018.04.069

2018-01-01

Energy Procedia

Abstract:Smart electricity meter (SEM) is a critical infrastructure of the smart grid. The security problems of SEM are becoming increasingly important. In this research, we develop attack trees to analyse the attack paths that a cyber-attacker might follow to attack the local metering system consisting of several SEMs and a data concentration unit. Then we use game theory to model the interactions between an attacker and a defender. For the former, he/she expects that the attacks can be realized with high probabilities and profits. The purpose of the research is to help the latter to realize the optimal allocation of limited defensive resources.

Yu Hu,Yuanming Wu,Hongshuai Wang

DOI: https://doi.org/10.4236/wsn.2014.611023

2014-01-01

Wireless Sensor Network

Abstract:The security problems of wireless sensor networks (WSN) have attracted people’s wide attention. In this paper, after we have summarized the existing security problems and solutions in WSN, we find that the insider attack to WSN is hard to solve. Insider attack is different from outsider attack, because it can’t be solved by the traditional encryption and message authentication. Therefore, a reliable secure routing protocol should be proposed in order to defense the insider attack. In this paper, we focus on insider selective forwarding attack. The existing detection mechanisms, such as watchdog, multipath retreat, neighbor-based monitoring and so on, have both advantages and disadvantages. According to their characteristics, we proposed a secure routing protocol based on monitor node and trust mechanism. The reputation value is made up with packet forwarding rate and node’s residual energy. So this detection and routing mechanism is universal because it can take account of both the safety and lifetime of network. Finally, we use OPNET simulation to verify the performance of our algorithm.

Yuan Gao,Hong Ao,Zenghui Feng,Weigui Zhou,Su Hu,Wanbin Tang

DOI: https://doi.org/10.1016/j.procs.2018.03.083

2018-01-01

Procedia Computer Science

Abstract:This paper discuss the term threats, attacks and vulnerabilities in Wireless Sensor Networks followed by a model that relates the three entities. Based on the model, a framework of Trusted Wireless Sensor node is presented consisting of two major sections which are platform security enhancement and Trusted Authentication protocol to enhance sensor nodes security features and confirm the fidelity of node joining the network respectively. The design of the framework is in line with Trusted Computing Group specifications toward trusted platform implementation. Finally, brief analysis on the proposed framework is presented.

Hui Xie,Min Xiao,Mei Guo

DOI: https://doi.org/10.1088/1757-899X/452/4/042025

2018-12-13

IOP Conference Series: Materials Science and Engineering

Abstract:The continuous development and wide application of computer technology are conducive to the realization of the sharing of social resources and information, and provide greater convenience for the development and improvement of all walks of life in society [1]. However, with the development of society, computer network security has also received more attention. Today, computer network security has become an important area of the computer network engineering technology. A major security threat to network security is the ARP attack. This paper describes the principle, working process, attack hazards, and performance of attacks after ARP. Protection against ARP attacks.

Physics,Computer Science