丁宇波,陈根才

DOI: https://doi.org/10.3969/j.issn.1000-3428.2003.03.052

2003-01-01

Abstract:The rule in CERNET that user's feedepends on data flow, which brings difficulty to campus network management. The technology used to avoid network e mbezzlement and user account in campus network has defects and its effect is n ot ideal. This paper puts forward new design, which has good balance in perform anc e, security and cost facts.

WANG Xiaodong,ZHU Miaoliang

DOI: https://doi.org/10.3969/j.issn.1000-3428.2005.07.055

2005-01-01

Abstract:This paper puts forward an intellective network safe guard system based on a multi-agent system structure. The purpose of the system is to defend the intrusion of campus-wide network. It is based on IDXP and the focus is blackboard. This system can deal with multi-levels and many ways of anti-intrusions, which has self-determination. It is proved to have a good performance by spot tests.

Fei Yu,XiaoPing Dai,Yue Shen,Huang Huang,Miaoliang Zhu

DOI: https://doi.org/10.1109/ICSSSM.2005.1500110

2005-01-01

Abstract:The problem in network security presently is how to get real-time intrusion detection and alert. In the paper, we design Intrusion Detection System architecture and arithmetic again, meanwhile put forward an improved pattern matching arithmetic based on protocol analysis and theorization machine on Frete. New architecture can use network processor to collect and analyze data in network bottom, which enhance the speed and efficiency in Detection System.

阎浩,张燕,严筱永

DOI: https://doi.org/10.3969/j.issn.1006-2475.2010.01.037

2010-01-01

Abstract:The traditional campus network system uses firewall and some access control policies to ensure its security,the network of this model just can prevent the danger from external,but can not effectively guard against the internal hidden security flaws,therefore,improving the internal security is an important link for secirity of the whole campus network.This paper analyzes the principle and characteristic of trusted network,applies the trusted network into the campus network,puts forward a new campus network system based on the authentication technology,at the same time,also describes its structure and elements,and gives the network topology diagram,finally analyzes the priciple of security mechanism and the specific methods for achieving this.

HUANG Jia-Lin,Liu Hai-Tao,Mei Zhen-Kun,Gan Miao-Jin,Sun Qian

2008-01-01

Periodical of Ocean University of China

Abstract:The management of a large campus network is complex and difficult.An effective network management system is basical for secure and steady network.The current network management systems focus on the management of the equipment,they have not related network management to the network user behavior.The System Based on User Network Behavior Monitoring and Controlling amalgamated the technical character of various system manufacturer.Because of making use of the functions and the management messages of the present network equipments and systems,analyzing and ruling the user's network behavior,and eliminating the effect of the bad network behavior,it can maintain a secure and steady network and reduce the network manager's workload.

YANG Xin,LI Hui,QUE Jianming,MA Zhentai,LI Gengxin,YAO Yao,WANG Bin,JIANG Fuli

DOI: https://doi.org/10.11896/jsjkx.220600265

2023-01-01

Abstract:Traditional IP-based Internet offers an end-to-end data transport service and has developed rapidly in the past half-century.However,serious security incidents emerged from attacks based on traditional networks.Traditional security mechanisms(e.g.,firewalls,intrusion detection systems) enhance security.However,most of them only provide some remedial strategies rather than solve the address-security problem radically due to the lack of change in network design.The overall in-depth security of the networked system cannot be guaranteed without a fundamental change.In order to meet the development requirements of the next generation of an endogenous security network,one of the future networks,the multi-identifier network(MIN),is introduced as our research background.This paper proposes an efficient scheme in hieratical architecture that provides comprehensive protection by addressing the security aspects pertaining to the network and application layers.At the network layer,the proposed architecture develops a multi-identifier routing scheme with embedded identity-based authentication and packet signature mechanisms to provide data tamper-resistance and traceability.At the application layer,the proposed architecture designs a mimic defensive scheme combined with weighted network centrality measures.This scheme focuses on protecting the core components of the whole network to improve the service's robustness and efficiently resist potential attacks.This paper tests and evaluates the proposed scheme from a theoretical and practical perspective.An analytical model is built based on the random walk for theoretical evaluation.In experiments,the proposed scheme is developed in MIN as MIN-VPN.Then considering IP-VPN as a baseline,anti-attack tests are conducted on IP-VPN and MIN-VPN.The results of theoretical evaluations and experiments show that the proposed scheme provides excellent transmission performance and successful defense against various TCP/IP-based attacks with acceptable defensive cost,demonstrating this security mechanism's effectiveness.In addition,after long-period penetration testing in three international elite security contests,the proposed method is effectively immune to all TCP/IP-based attacks from thousands of professional teams,thus verifying its strong security.

Beipeng Mu,Xinming Chen,Zhen Chen

DOI: https://doi.org/10.1109/cmc.2011.130

2011-01-01

Abstract:Network Security Appliances are deployed at the vantage point of the Internet to detect security events and prevent attacks. However, these appliances are not so effective when it comes to distributed attacks such as DDoS. This paper presents a design and implementation of collaborative network security management system (CNSMS), which organize the NetSecu nodes into a hybrid P2P and hierarchy architecture to share the security knowledge. NetSecu nodes are organized into a hierarchy architecture so they could realize different management or security functions. In each level, nodes formed a P2P networks for higher efficiency. To guarantee identity trustworthy and information exchange secure, PKI infrastructure is deployed in CNSMS. Finally experiments are conducted to test the computing and communication cost.

Zhen Chen,Fa-Chao Deng,An-An Luo,Xin Jiang,Guo-Dong Li,Run-hua Zhang,Chuang Lin

DOI: https://doi.org/10.1109/wcins.2010.5541863

2010-01-01

Abstract:Traditional NAC system in enterprise network is in coarse granularity (e.g. IP or MAC address) and lack of flexibility. Recently the demand in tight control of the enterprise network to defense the misuse and security issues become more and more urgent. Based on the TCG TNC standard, an application level network access control mechanism is proposed and implemented. With TNC client/server model in hand, a client is designed to enhance TNC client with the function of host flow controller (HFC), and intercepts each application network access request(ANAR) and transfer it to PDP server to authorize the access request. When a sensor (i.e. intrusion detection system) detects any malicious traffic, host flow controller and network flow controller can identify the application that origins this traffic by querying Metadata Access Point (MAP) server and block this application's network access. A prototype system is implemented to demonstrate the design and can be used to defense the anomaly network behaviors. The prototype system demonstrates that the hosts, switches, firewalls and IDS can work together to detect, diagnose and protect enterprise network from the malicious applications attack initiated inside or outside of an enterprise network, quarantine unhealthy hosts and make the enterprise network more reliable and trustworthy.

Xin Liu,Xianmin Song,Zhe Wang,Dianhai Wang,De M. Wang

2010-01-01

Abstract:In order to ensure the safety of Metro intelligent transport network and the reasonable utilization of resources, AAA (Authentication, Authorization, Accounting) mechanism was introduced to the intelligent transportation system, which is used to design the operation mode for the managent of Tansportaion. A plan was proposed, including the security access to the Metro intelligent transport network for the moving vehicles, seamless connection between access points, the accounting for the information of both network and intelligent transportation system, with the algorithm for authentication, authorization and accounting between realms. AAA algorithm was composed with C language, and tested by the data coming from the simulation using Vissim4.20.

MA Yang-ming,LI Zhi-tang,LEI Jie,PAN An-qun

DOI: https://doi.org/10.3969/j.issn.1002-2279.2006.06.012

2006-01-01

Microprocessors

Abstract:A personified network security intelligent centralized management mechanism is proposed in this paper,and a system model using the mechanism and the analysis of the performance and realization are presented.In this mechanism,each agent which behaves like a human worker deals with security events separately and communicates with other agents if necessary and it reports to Security Intelligent Management Center unauthorized or unidentified security events.The Security Intelligent Management Center makes a correlative analysis in received security events(combining relevant information in its memory),setting up a whole view according to emergency degrees of alarms,which is followed by relevant responses and report systems.It helps to reduce system wastage,eliminate error reports and find out missing reports which benefits security administrators with security events management easily.

LIU Wu,DUAN Hai-Xin,ZHANG Hong,WU Jian-Ping

2008-01-01

Periodical of Ocean University of China

Abstract:In traditional network security management systems,system administrators could not prevent malicious users from illegal actions in time.This paper introduces the trust mechanism to dynamically evaluate user's reputation which is correlated with the user's privilege in the network and based on which we proposed and implemented the key algorithm of trust based access control in P2P Network.

Guihai Chen,Victoria C. Yan,Qing Li,Zengzhi,Liao,Zhigang

2005-01-01

Abstract:The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which protected data and facilities from being attacked by outside users by means of firewall, security monitor and control system. Firewall was basically the first line of defense for the intranet; the security monitoring system was a kind of IDS (Intrusion Detection System), while security control system provided authentication, authorization,data-encrypted transmission and security management. This architecture provides various security services, such as identification, authentication, authorization, data integrity and confidentiality.

LIU Sheng-li,WANG Wen-bing,FEI Jin-long,ZHu Yue-fei

DOI: https://doi.org/10.3969/j.issn.1671-0673.2010.01.019

2010-01-01

Abstract:This paper designs and realizes a data security system for LAN based on Trusted Network Connection(TNC) Specifications.According to TNC mechanism,the new system enforces the network access control method and employs the file system filter driver to monitor and protect sensitive data.In terms of these means,the system can prevent sensitive data from being divulged or stolen and to implement all the files are controlled into the trusted network environment.

ZHOU Chang-ling,CUI Jian,SHANG Qun,ZHANG Bei

DOI: https://doi.org/10.3969/j.issn.1672-9781.2007.02.008

2007-01-01

Abstract:In order to improve the campus network management efficiency, whenever a security event occurs, network operators can easily trace those users who abused the network or did illegal things, auto-logging campus network user information and relate things are required. This paper presents a way combining the IP, MAC, user profile, switch port data to trace user location. A system using this method is designed and implemented in our campus network that shows our solution is valuable.

Kazuhiro Mishima,Takeshi Sakurada,Yoichi Hagiwara,Takahiko Tsujisawa

DOI: https://doi.org/10.1145/3235715.3235738

2018-09-11

Abstract:In recent years, there are many problems of network security such data breaches and unauthorized access due to targeted attacks on vulnerabilities. The campus network in a university is under various threats as well as corporate networks. In addition, many universities including the Tokyo University of Agriculture and Technology (TUAT) have taken Bring Your Own Device (BYOD), and the number and types of devices connected to our campus network are increasing. Since a campus network is used for wide range of education and research, there are many more types of connected devices than corporate network. Until now, we tried to reduce the security risk for our campus network by using the quarantine / authentication system, but it is not a sufficient system because some users bypass the quarantine using the system's loophole. Therefore, we designed a campus network security system based on automatic shutdown with network monitoring for brand-new security measures of our campus network. In our system, network traffic is monitored on the campus network side (e.g. core switch, edge switch), and a device considered as high security risk is automatically isolated from the campus network on the edge switch. A dedicated portal is also provided for presenting the reason for isolating to the user. This can make it possible to effectively implement high levels of security measures while reducing the management cost for an operation and a user support as much as possible. In this presentation, we introduce details of the design and actual architecture of our system.

Chuang Lin,Xue-Hai Peng

DOI: https://doi.org/10.1007/s11390-006-0732-2

IF: 1.871

2006-01-01

Journal of Computer Science and Technology

Abstract:In this paper, the architecture of trustworthy and controllable networks is discussed to meet arising application requirements. After reviewing the lessons and experiences of success and failure in the Internet and summarizing related work, we analyze the basic targets of providing trustworthiness and controllability. Then, the anticipant architecture is introduced. Based on the resulting design, several trustworthy and controllable mechanisms are also discussed.

Xue-hai Peng,Chuang Lin

DOI: https://doi.org/10.1109/DASC.2006.20

2006-01-01

Abstract:Existing isolated and add-on secure systems are rarely robust under attack, misoperation and internal faults. Secure communication only offers little protection if one ore more components are compromised, and are not sufficient for holistic and systemic security. This paper proposes the concept of trustworthy networks, which makes advances along these traditional researches on network security in combination. We outline the key challenges in constructing trustworthy networks, and define three properties, namely security, survivability and controllability. Consulting human interactions, the abstract architecture for trustworthy networks is proposed, depicting protocols layers, topology structure, entities and components, and protocol steps

Xi Chen

DOI: https://doi.org/10.54254/2755-2721/38/20230530

2024-02-07

Abstract:With the widespread application of computer network technology, computer network security defense capability has become a focus of attention in various industries. The extensive use of computer information systems in various sectors has significantly improved work efficiency but has also introduced security risks and management issues. The deployment of network security detection and control systems allows for effective security monitoring and management of computer operations and real-time network information. This paper presents a computer network security detection and control system based on human-computer interaction, which enables users to handle daily key business processes. The work principles and overall architecture of the network security detection and control system are analyzed and demonstrated. It offers functions such as filtering options, address rules, network security detection, network unreachability, overall traffic analysis, subnet definition, fault diagnosis, and security analysis. Testing and analysis indicate that the systems design achieves the intended goals. In the application of network security features, it can effectively combine various forces to enhance the quality and efficiency of network security, making it widely applicable in various industry units.

余冬梅,刘密霞,冯涛

DOI: https://doi.org/10.3969/j.issn.1673-629x.2004.02.041

2004-01-01

Abstract:The greater the availability of the network, the greater its vulnerability to threats from within and outside the organization. To an organization, an enterprise, constructing an appropriate network security system is very necessary. Based on a framework for network security system design put forwarded in, detailed analysis of the phase of network security design is made in this paper, and architecture model and policy management implemented model are given, which hangs security architecture, security policy implement and the enforced mechanism of network security together, and insures the transition between high-level security requirement analysis and the low-level system implementation smoothly.

Yuyang Lu,Xiang Zhang Chen,Wenjie Wang,Yong Yang

DOI: https://doi.org/10.11591/telkomnika.v12i4.4776

2014-01-01

Abstract:As the work of digital campus construction, the function of network become more and more important . The kernel of digital campus is fast speed, function formidable, resource widely. The campus network is a special network ,which face special user community ,it is thought ,technology of active, and it adopt access layer access ,so the network security is lower, Vulnerable to illegal users and virus attacks. This text use RADIUS and AAA authentication technology in the campus, through user authentication, strengthen the network access restrictions, the log service, campus network management more systematic and safe. DOI : http://dx.doi.org/10.11591/telkomnika.v12i4.4776