WUChunming

DOI: https://doi.org/10.3969/j.issn.1009-6868.2016.01.009

2016-01-01

Abstract:Dynamic network proactive security defence is an effective method for solving the unknown vulnerabilities and back door attacks in the information system. In this paper, the evolution defense mechanism (EDM) is proposed. According to the security status, network system security needs, EDM can select the best network configuration change elements to deal with potential attacks and ensure the safety requirements of a specific level. Dynamic reconfiguration and changes of the network need to be considered in accordance with the security situation of the system and the possible network attacks. The key is how to detect and the security situation and network attacks. It proposes that study on dynamic network proactive security defense in China is in the initial stage, and there is stil much work to do.

LIN Junhao,FENG Dongqin

DOI: https://doi.org/10.11959/j.issn.2096−6652.202006

2020-01-01

Abstract:Compared with traditional network security defense methods,industrial system security protection research based on process flow has become an important research direction in the field of industrial security.An improved backward cloud algorithm based on first order absolute central moment (BC-1stM) non-deterministic reverse cloud method was proposed,which was modeled by the time series and the normal state of the process flow.The security protection detection and alarm based on the process attack mode in the industrial system was realized,and Tennessee Eastman chemical process platform was adopted to validate the algorithm.The results show that the model had a high precision in the detection of attack behavior and detection of attack points,and improved the security protection capability of industrial systems.

QIN Junning,HAN Jiajia,ZHOU Sheng,WU Chunming,CHEN Shuangxi,ZHAO Ruoyan,ZHANG Jiangyu

DOI: https://doi.org/10.11959/j.issn.1000-0801.2020143

2020-01-01

Abstract:The unbalanced development status of network security was introduced.The main hazards and the mechanism model of penetration testing were described,and the inherent shortcomings of many existing traditional defense methods were analyzed.However,new method of the mimic defense model makes the attack information obtained invalid by dynamically selecting the executive set and adaptively changing the system composition.The same attack mode is difficult to be maintained or reproduced.Based on the attack chain model,the traditional defensetechnology and mimic defense technology were analyzed and compared,and it was demonstrated that it had a protective role in multiple stages of the attack chain.Finally,the effectiveness and superiority of the mimic defense was verified by experiments,and the model was summarized and prospected.

Daojing He,Sammy Chan,Yan Zhang,Chunming Wu,Bing Wang

DOI: https://doi.org/10.1109/mis.2013.105

IF: 6.744

2014-01-01

IEEE Intelligent Systems

Abstract:Attack-defense models play an important role in the design of cybersecurity systems. Here, the authors review some traditional and prevailing attack-defense models along with their weaknesses. Then, they survey some recently proposed paradigm shifts to these models based on which more effective security strategies can be designed. Further, they provide some suggestions on how to adopt the new models, and present challenges that need to be addressed in this field.

LIU Sen-sen,CHEN Wei-hua,JIANG Quan-yuan

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.03.036

2009-01-01

Abstract:The risk theory was applied to static security analysis of power system,and a power system risk model with obvious parallel processing was built.A novel parallel processing approach of risk assessment of power system was presented based on the parallel model.The approach was implemented by PC cluster.In the implementation of specific parallel computing,the PC cluster technology was used.The New England 10-machine 39-node system was used to verify power system static security risk assessment methodology based on parallel computing.System's N-1 breaking accidents were used as the system's expected accident set.The risk of line power overload and that of bus low voltage were used as the two risk indicators to describe static security.The performance of parallel computing algorithm based on indicators and that of parallel computing algorithm based on static incidents allocation were compared.

Wei Wang,Guangsong Li,Keke Gai,Yazhe Tang,Benchao Yang,Xueming Si

DOI: https://doi.org/10.1002/CPE.6035

2022-01-01

Concurrency and Computation: Practice and Experience

Abstract:With the development and popularization of Internet technology, network security has become the focus of attention. Vulnerabilities and back doors are regarded as two of the main reasons of network security problems. Dynamic heterogeneous redundant (DHR) architecture is a typical framework of cyberspace mimic defense. It can make use of untrusted hardware and software components to construct a high reliable and high security information system. In this article, a mathematical model is set up for the DHR architecture, and the system security is characterized by vulnerability consistency rate and success rate of system attack. The antiattack ability of the DHR system is analyzed using the mathematical model.

LI Jia-rui,LING Xiao-bo,LI Chen-xi,LI Zi-mu,YANG Jia-hai,ZHANG Lei,WU Cheng-nan

DOI: https://doi.org/10.11896/jsjkx.210800107

2022-01-01

Computer Science

Abstract:In order to overcome the difficulties that current attack graph model cannot reflect real-time network attack events,a method is proposed including a forward risk probability update algorithm and a forward-backward combined risk probability update algorithm,which meets the needs of real-time analyzing network security.It first performs specific quantitative analysis on the uncertainty of each node in the graph,and uses Bayesian networks to calculate their static probabilities.After that,it updates the dynamic probability of each node along the forward and backward paths according to the real-time network security events,instantly reflecting the changes of external conditions and assessing real-time risk levels across the network.Experimental results show that the method can calibrate and adjust the risk probability of each node according to the actual situation,which helps the network operator correctly understand the dangerous levels of the network and make better decision for defense and prevention of the next attack.

Chao Qi,Jiangxing Wu,Guozhen Cheng,Jianjian Ai,Shuo Zhao

DOI: https://doi.org/10.1155/2018/4123736

IF: 1.968

2018-01-01

Security and Communication Networks

Abstract:Security evaluation of SDN architectures is of critical importance to develop robust systems and address attacks. Focused on a novel-proposed dynamic SDN framework, a game-theoretic model is presented to analyze its security performance. This model can represent several kinds of players' information, simulate approximate attack scenarios, and quantitatively estimate systems' reliability. Andwe explore several typical game instances defined by system's capability, players' objects, and strategies. Experimental results illustrate that the system's detection capability is not a decisive element to security enhancement as introduction of dynamism and redundancy into SDNcan significantly improve security gain and compensate for its detection weakness. Moreover, we observe a range of common strategic actions across environmental conditions. And analysis reveals diverse defense mechanisms adopted in dynamic systems have different effect on security improvement. Besides, the existence of equilibrium in particular situations further proves the novel structure's feasibility, flexibility, and its persistent ability against long-term attacks.

张恺伦,江全元

2013-01-01

Abstract:With the promotion and application of wide area measurement systems (WAMS) in power system, the security of its communication system is attracting a growing body of research. To analyze the vulnerability of WAMS communication infrastructures when facing network intrusions, an assessing method of vulnerability based on attack tree model is proposed. First, the attack tree model of WAMS communication system is established, which directly reflects the intrusion scenarios when the system is maliciously attacked. Second, a more reasonable assessing method for the vulnerability of passwords and ports is proposed, as well as the vulnerability of the system with all scenarios taken into consideration. Finally, the paper puts forth the concept of vulnerability sensitivity, which can quantitatively evaluate the effect of changes in the leaf vulnerability on the system, so as to find out the critical port.

Zenan Wu,Liqin Tian,Yi Zhang,Yan Wang,Yuquan Du

DOI: https://doi.org/10.1155/2021/4005877

IF: 1.968

2021-11-13

Security and Communication Networks

Abstract:At present, most network security analysis theory assumes that the players are completely rational. However, this is not consistent with the actual situation. In this paper, based on the effectiveness constraints on both sides with network attack and defense, with the help of stochastic Petri net and evolutionary game theory, the Petri net model of network attack and defense stochastic evolutionary game is reconstructed, the specific definition of the model is given, and the modeling method is given through the network connection relationship and attack and defense strategy set. Using this model, a quantitative analysis of network attack events is carried out to solve a series of indicators related to system security, namely, attack success rate, average attack time, and average system repair time. Finally, the proposed model and analysis method are applied to a classic network attack and defense process for experimental analysis, and the results verify the rationality and accuracy of the model and analysis method.

computer science, information systems,telecommunications

Xin YANG,Hui LI,Jiangxing WU,Peng YI

DOI: https://doi.org/10.1360/ssi-2019-0224

2020-01-01

Abstract:Cyber mimic defenses have recently emerged as a dynamic heterogeneity redundancy architecture, which adjust the asymmetry between defenders and attackers by reconfiguring the system according to the network scenario. Some studies have investigated the effectiveness of security models, however, there is still a lack of convincing and practical methods to assess CMD networks quantitatively. Thus, in this paper, we propose a two-dimension model that calculates those details as a digital result to compare different CMD networks. In addition, the proposed method demonstrates good scalability in different networks. Specifically, in the first dimension, i.e., attacking a single node, we elaborate on system configurations and employ the Generalized Stochastic Petri net model to capture the effectiveness of different behaviors from gamers. To quantify the impacts of those behaviors, we parameterized them using a Poisson process, common vulnerabilities and exposures, and the common vulnerability scoring system. In the second dimension, we adopt Markov chains and the Martingale theory to analyze the attack process along the attack chain. Finally, security metrics and countermeasures under different scenarios are presented to verify the effectiveness of CMD, which provides some guidance for designing future systems with acceptable cost.

Chun Lei Wang,Dong Xia Wang,Qing Miao,Liang Ming,Lan Fang,Yi Qi Dai

DOI: https://doi.org/10.2991/isccca.2013.194

2013-01-01

Applied Mechanics and Materials

Abstract:Network survivability has the characteristics of complexity, dynamic evolution and uncertainty, which has become one of the most important factors for analyzing and evaluating network performance. Network survivability analysis and evaluation is a process of analyzing and quantifying the degree to which network system can survive in network threats. This paper proposes a novel network survivability analysis and evaluation model.Firstly, network survivability is abstracted as a dynamic game process among network attacker, network defender and normal user, thereafter network survivability evolutionary game model is established and network survivability analysis algorithm is proposed based on the game model. Secondly, the survivability characteristics of the network can be measured and evaluated based on the analyzed information based on the proposed immune evolutionary algorithm for network survivability metric weight solving and network survivability evaluation method using multiple criteria decision making. Finally, the proposed network survivability analysis and evaluation model is experimented in a typical network environment and the correctness and effectiveness of the model is validated through experimental analysis.

Boyu Gao,Libao Shi

DOI: https://doi.org/10.1109/access.2020.2973030

IF: 3.9

2020-01-01

IEEE Access

Abstract:The rapid development of advanced information and communication technology has made modern power systems evolve into more complicated cyber-physical power systems (CPPSs) with mutual coupling characteristics between cyber systems and power systems, and at the same time, the CPPSs have to confront some newly emerged risks owing to cyber system unreliability or cyberattacks. In this paper, regarding the cyber and physical attacks in a CPPS, the operation risks and vulnerabilities of transmission lines are discussed in detail by building relevant game-theoretic models. Under two possible cyberattack scenarios, namely time delay of system recovery and distributed denial of service, a three-stage defender-attacker-defender tri-level mathematical programming model is proposed based on dynamic game theory of complete information. In particular, the objective functions and corresponding constraint conditions in each level are analyzed and constructed elaborately. For the solution of this proposed tri-level programming model, a solution method based on an improved particle swarm optimization approach combined with sequential quadratic programming technique is applied during analysis. Finally, the proposed model is validated through two case studies, and some preliminary concluding remarks are summarized.

Kunfu Wang,Wei Feng,Xing Li

DOI: https://doi.org/10.12783/dtcse/ccnt2020/35444

2021-01-01

DEStech Transactions on Computer Science and Engineering

Abstract:In order to assist network administrators to assess network security risks, a new Bayesian model of network risk assessment method is proposed. Firstly, the model designs the quantitative method of attack revenue and attack cost index, introduces the atomic attack efficiency variable, and integrates the variable into the calculation of probability, obtains the prior risk probability of each node in the network, so as to carry out the static evaluation of network risk. Secondly, DNO_Alg of deleting node order is proposed to determine the order of eliminating elements, so that Bayesian model can be transformed into cluster tree. Finally, combined with the detected attacks, the cluster tree propagation algorithm is used to dynamically calculate the posterior risk probability of nodes, so as to evaluate the network risk in real time.

Shouhuai Xu,Wenlian Lu,Hualun Li

DOI: https://doi.org/10.48550/arXiv.1603.08309

2016-03-28

Abstract:The concept of active cyber defense has been proposed for years. However, there are no mathematical models for characterizing the effectiveness of active cyber defense. In this paper, we fill the void by proposing a novel Markov process model that is native to the interaction between cyber attack and active cyber defense. Unfortunately, the native Markov process model cannot be tackled by the techniques we are aware of. We therefore simplify, via mean-field approximation, the Markov process model as a Dynamic System model that is amenable to analysis. This allows us to derive a set of valuable analytical results that characterize the effectiveness of four types of active cyber defense dynamics. Simulations show that the analytical results are inherent to the native Markov process model, and therefore justify the validity of the Dynamic System model. We also discuss the side-effect of the mean-field approximation and its implications.

Cryptography and Security,Social and Information Networks,Dynamical Systems

YANG Xiao-hui,ZHOU Xue-hai,TIAN Jun-feng,LI Zhen

2010-01-01

Abstract:In order to improve current dynamic trusted evaluation theories and methods of software,the conceptions of behavior trace and checkpoint scene are proposed to depict the dynamic characteristics of software behaviors,the deviation degrees of behavior trace and checkpoint scene are measured by computing system call context values and formulating relationship constraint rules of system call arguments,and a dynamic trusted evaluation model is built based on software behavior automaton.Experimental results show that this novel model can accurately obtain information on software behavior and correctly detect attacks with lower overhead.

Xiaohu Li,Timothy Paul Parker,Shouhuai Xu

DOI: https://doi.org/10.1109/tdsc.2008.75

2011-01-01

Abstract:Traditional security analyses are often geared toward cryptographic primitives or protocols. Although such analyses are necessary, they cannot address a defender's need for insight into which aspects of a networked system having a significant impact on its security, and how to tune its configurations or parameters so as to improve security. This question is known to be notoriously difficult to answer, and the state of the art is that we know little about it. Toward ultimately addressing this question, this paper presents a stochastic model for quantifying security of networked systems. The resulting model captures two aspects of a networked system:1) the strength of deployed security mechanisms such as intrusion detection systems and 2) the underlying vulnerability graph, which reflects how attacks may proceed. The resulting model brings the following insights: 1) How should a defender “tune” system configurations (e.g., network topology) so as to improve security? 2) How should a defender “tune” system parameters (e.g., by upgrading which security mechanisms) so as to improve security? 3) Under what conditions is the steady-state number of compromised entities of interest below a given threshold with a high probability? Simulation studies are conducted to confirm the analytic results, and to show the tightness of the bounds of certain important metric that cannot be resolved analytically.

Yinxing Li

DOI: https://doi.org/10.1088/1742-6596/1648/4/042071

2020-10-01

Journal of Physics: Conference Series

Abstract:Abstract With the continuous development of human civilization and the continuous progress of computer technology, computer network has been widely used in our life, which has brought great convenience to people’s production and life. As the computer network plays an increasingly important role in daily life, the security of computer network has been paid more and more attention. Therefore, this paper studies the modeling of computer network security analysis based on deep learning algorithm. Starting from the types, levels and main problems of security needs, this paper analyzes the threats faced by the system equipment, access rights, and the main connection relationship, and makes a visual description of the network threats from the perspective of the purpose of the attack is to enhance higher permissions. The security analysis and modeling work is applied to the security fault tree method of computer system and the attack method of network information system. Through research and analysis, starting from the current state of computer network security, this paper deeply studies the analysis and modeling of computer network security, and realizes the evaluation of current computer network security. The accuracy rate of the proposed method for intrusion detection reaches 91.6%.

Anmin Xie,Cong Tang,Nike Gui,Zhuhua Cai,Jian-bin Hu,Zhong Chen

DOI: https://doi.org/10.1109/ICC.2010.5502655

2010-01-01

Abstract:To protect our networks against malicious intrusions, we need to evaluate these networks security. Previous works on attack graphs have provided meaningful conclusions on security measurement. However, large attack graphs are still hard to be understood vividly, and few suggestions have been proposed to prevent inside malicious attackers from attacking networks. To address these problems, we propose a novel approach to evaluate network security based on adjacency matrixes, which are constructed from existing attack graphs. With our model, we use gray scale images to show overall security vividly, and get quantitative evaluation scores. Moreover, we create a prioritized list of potential threatening hosts, which can help network administrators to harden network step by step. Analysis on computation cost shows that the upper bound computation cost of our measurement methodology is O(N3), which could be completed in real time. We also give an example to show how to put our methods in practice.

Xiuzhen Chen,Qinghua Zheng,Xiaohong Guan

DOI: https://doi.org/10.1007/s10796-008-9111-6

2008-01-01

Information Systems Frontiers

Abstract:Many security problems are caused by vulnerabilities hidden in enterprise computer networks. It is very important for system administrators to have knowledge about the security vulnerabilities. However, current vulnerability assessment methods may encounter the issues of high false positive rates, long computational time, and requirement of developing attack codes. Moreover, they are only capable of locating individual vulnerabilities on a single host without considering correlated effect of these vulnerabilities on a host or a section of network with the vulnerabilities possibly distributed among different hosts. To address these issues, an active vulnerability assessment system NetScope with C/S architecture is developed for evaluating computer network security based on open vulnerability assessment language instead of simulating attacks. The vulnerabilities and known attacks with their prerequisites and consequences are modeled based on predicate logic theory and are correlated so as to automatically construct potential attack paths with strong operation power of relational database management system. The testing results from a series of experiments show that this system has the advantages of a low false positive rate, short running periods, and little impact on the performance of audited systems and good scalability. The security vulnerabilities, undetectable if assessed individually in a network, are discovered without the need to simulate attacks. It is shown that the NetScope system is well suited for vulnerability assessment of large-scale computer networks such as campus networks and enterprise networks. Moreover, it can also be easily integrated with other security tools based on relational databases.