Haifeng Zhou,Chunming Wu,Ming Jiang,Boyang Zhou,Wen Gao,Tingting Pan,Min Huang

DOI: https://doi.org/10.1109/mcom.2015.7081074

IF: 9.03

2015-01-01

IEEE Communications Magazine

Abstract:The past few years have witnessed revolutionary advances in network technology. Along with new techniques such as SDN come lots of new network security challenges. Conventional network security mechanisms are incompetent to overcome these challenges, since they are built on a static network configuration that facilitates attackers in finding the weaknesses of a network. In this article, we conceive a novel conceptual network security mechanism, the evolving defense mechanism (EDM), to resolve current and future security problems. EDM is based on a bio-inspired idea of network configuration variations. According to the security requirements of the system, the user, and the network security state, EDM selects an efficient network configuration variation strategy to prevent corresponding security threats. Combined with SDN implementation, EDM resolves security problems from a new angle and is capable of evolving with new network security technology. We sketch a way to implement EDM and present its reference framework, which serves as an ecosystem and coexisting environment for various kinds of network configuration variations. The proposed mechanism avoids the deficiency of conventional mechanisms and has potential to cope with emerging security threats.

WUChunming

DOI: https://doi.org/10.3969/j.issn.1009-6868.2016.01.009

2016-01-01

Abstract:Dynamic network proactive security defence is an effective method for solving the unknown vulnerabilities and back door attacks in the information system. In this paper, the evolution defense mechanism (EDM) is proposed. According to the security status, network system security needs, EDM can select the best network configuration change elements to deal with potential attacks and ensure the safety requirements of a specific level. Dynamic reconfiguration and changes of the network need to be considered in accordance with the security situation of the system and the possible network attacks. The key is how to detect and the security situation and network attacks. It proposes that study on dynamic network proactive security defense in China is in the initial stage, and there is stil much work to do.

Ming Wan,Minglei Hao,Yang Li,Jianming Zhao,Ying Li

DOI: https://doi.org/10.1145/3586102.3586127

2022-01-01

Abstract:Due to the rapid development of industrial automation, ICSs (Industrial Control Systems) gradually expose their potential security vulnerabilities, and are facing more and more serious security risks. Although different industrial security technologies have been developed to strengthen industrial security protection, they always struggle for their own because of their standalone and non-related functions, and their actual defense effects are not encouraging. This paper first summarizes some intrinsic security vulnerabilities in ICSs, and analyzes the main causes to generate each class of vulnerabilities. Furthermore, five popular security technologies which have been successfully applied in today's ICSs are introduced, and their advantages and shortages are also compared by explaining each working mechanism. In order to take full advantage of various industrial security technologies, this paper proposes one novel cooperative defense model based P2DR (Policy, Protection, Detection and Response), which establishes the dynamical defense process to integrate five different industrial security technologies. Under the guidance of security policies, this model can comprehensively utilize the resources of various industrial security technologies to learn and judge current security status of the whole system, and effectively adjust the optimum deployment to provide the strongest protection with the lowest risk. Finally, one applicable case based on the proposed model is designed to verify the feasibility of cooperative defense in ICSs.

Gang Chen,Shang Xiang,GuanQun Ji,YiLong Jia

DOI: https://doi.org/10.1109/iccms.2009.52

2009-01-01

Abstract:Soldiers possessing of network attack-defense ability are the key factor for future information war. Aiming at the problem of lacking daily training and drilling environment, a method of building Network Attack-Defense Simulation Training System (NADSTS) based on HLA is put forward. With the method, attack and defense training are designed as different federation member. The system is divided to presentation, application and adapter layer clearly. Key technologies involves network attack-defense, network simulation and simulation driving are also presented. Software is developed based on plug-in framework. Its simulation examples show greatest traits on building similar large-scale simulation system.

楼润瑜,王备战,王伟

2010-01-01

Abstract:In order to defend the attacks caused by DDOS and worms(or vicious codes) in large scale network,a general,solid,in-depth and distributed active cooperation defense model is presented.A set of achievable methods ranging from systemic architecture,function mechanisms and algorithm descriptions are given.The model,which is demonstrated by the system architecture,function modules and active cooperation defense to stop the attacks,is the integrated and systemic model.It integrates several role security technologies,such as IDS,firework and honeynet,and achieves a complete set of functional mechanisms for active cooperation defense.By the cooperation from the security components within inside and outside the autonomous system(AS),we realize the active cooperation defense which involves the multi-level defense range from network boundary level,kernel level,sub-network level to host level.As a result,the presented model not only can achieve effectively security defense in the large scale network,but also can have the good generality and scalability.

Dandan Wu,Jie Chen,Ruiyun Xie,Ke Chen

DOI: https://doi.org/10.1631/fitee.2300662

IF: 2.526

2024-10-01

Frontiers of Information Technology & Electronic Engineering

Abstract:The construction of an integrated solution for cyberspace defense with dynamic, flexible, and intelligent features is a new idea. To solve the problem whereby traditional static protection methods cannot respond to various network attacks or security demands in an adversarial network environment in time, and to form a complete integrated solution from "threat discovery" to "decision-making generation," we propose an ontology-based security model, OntoCSD, for an integrated solution of cyberspace defense that uses Web ontology language (OWL) to represent the ontology classes and relationships of threat monitoring, decision-making, response, and defense in cyberspace, and uses semantic Web rule language (SWRL) to design the defensive reasoning rules. OntoCSD can discover potential relationships among network attacks, vulnerabilities, the security state, and defense strategies. Further, an artificial intelligence (AI) expert system based on case-based reasoning (CBR) is used to quickly generate a detailed and comprehensive decision-making scheme. Finally, through Kendall's coefficient of concordance ( W ) and four experimental cases in a typical computer network defense (CND) system, which reasons on represented facts and the ontology, OntoCSD's consistency and its feasibility to solve the issues in the field of cyberspace defense are validated. OntoCSD supports automatic association and reasoning, and provides an integrated solution framework of cyberspace defense.

engineering, electrical & electronic,computer science, information systems, software engineering

Boren He,Futai Zou,Yue Wu

DOI: https://doi.org/10.1109/ssic.2018.8556830

2018-01-01

Abstract:Distributed Denial of Service (DDoS) attack is one of the most severe threat in current internet. Software Defined Network (SDN) is novel network structure based on the idea of separation of control plane and data plane. SDN allows us to program and monitor networks, and decide how to forward a packet, so it provides a new solution to defend DDoS attack. This paper proposes a multi-SDN Based cooperation scheme to defend DDoS attack. We adopt machine learning to detect DDoS attack, and design a protocol to enable communication among controllers. This protocol can achieve two goals, one is to build and maintain an independent network among controllers of different SDN, and the other is to enable attack information exchange among controllers, so they can find attacker and mitigate DDoS attack. The experimental results show that the proposed protocol can achieve high detection accuracy, find attackers accurately and mitigate DDoS attack traffic effectively with a relatively low cost and latency.

WM Li,ZT Li

DOI: https://doi.org/10.1117/12.572744

2005-01-01

Abstract:The wide use of network improves security risks, but the traditional network security tools are single-functional and they are difficult to extend and manage. These security tools can't fulfill the need of users. The paper presents a network security oriented language: NSL (Network Security Language). The language provides a common abstract layer of all kinds of security application. It can be used to construct multifunctional, distributed and extendable security applications, satisfying various and emergent security requirements. The paper describes its network oriented structures, features and three security mechanisms. The NSL interpreter implementation is also analyzed by the performance test. At last, the paper puts forward improving work which will be done in the future.

Dezhang Kong,Yi Shen,Xiang Chen,Qiumei Cheng,Hongyan Liu,Dong Zhang,Xuan Liu,Shuangxi Chen,Chunming Wu

DOI: https://doi.org/10.1109/tnet.2022.3203561

2023-01-01

IEEE/ACM Transactions on Networking

Abstract:The topology discovery service in Software-Defined Networking (SDN) provides the controller with a global view of the substrate network topology, allowing for central management of the entire network. Unfortunately, emerging topology attacks can poison the network topology and result in unforeseeable disasters. Although researchers have made great efforts to mitigate this problem, security hazards still exist. In this paper, we propose Invisible Assailant Attack (IAA), the first combination topology attack capable of injecting and maintaining fake links even when 12 existing defense strategies are deployed simultaneously. IAA consists of 14 attack phases that apply multiple attack strategies. Attackers skillfully disguise the attack traffic in each phase so that it looks like normal network traffic, and perform these phases in a well-planned sequence, thereby bypassing existing defenses step by step. To mitigate this attack, we propose a Route Path Verification (RPV) mechanism that orchestrates multiple defense strategies to identify fake links. According to the experiments, RPV can successfully detect IAA with low overhead: its detection completes within 1 ms while its per-flow storage consumption is only a few KB.

REN Gaoming,YANG Tong,QIAO Xiangdong

DOI: https://doi.org/10.3969/j.issn.1002-8692.2011.09.023

2011-01-01

Abstract:First, four existing network border protection detection structures are listed, and the analysis of their strengths and weaknesses are made.Then, a structure called firewall + intrusion detection + honeypot + linkage is proposed, which can improve the shortage of current security structure, and then the proposed structure is improved again and the last structure is known as dual network defense system.Finally, a feasibility analysis of the dual-network defense is carried out, and it is concluded that the expected double defense system can effectively reduce false alarm and leakage alarm, and it has relatively low cost, practical, and has a strong and broad prospects for application.

Zhengwei Zhu,Miaojie Chen,Chenyang Zhu,Yanping Zhu

DOI: https://doi.org/10.1016/j.cose.2023.103578

IF: 5.105

2024-01-01

Computers & Security

Abstract:Network security is a critical discipline in the contemporary digital world, encompassing diverse technologies and strategies aimed at safeguarding computer systems, networks, and data resources against malicious activities. The attackers and defenders are vital components in the context of network security and defense. Attackers employ various means to steal sensitive information, compromise system functionality, and potentially lead to substantial economic and societal damages. To address these challenges, various network attack and defense scenarios were constructed within the CybORG framework in this paper. In various scenarios, attacks were carried out by different attackers. This was done to investigate the diverse strategies employed by defenders in response to network intrusions across different scenarios. Additionally, real-time assessments of the effectiveness of defensive measures were conducted. To assess the efficacy of defense strategies, we propose DDQN-Dueling-Noisy-Experience Replay (DDQN-DNER), a deep reinforcement learning algorithm that trains the defense agent to take appropriate actions to protect the network as it transitions into various states of being under attack. Built upon the Deep Q-Network (DQN) algorithm, the DDQN-DNER method incorporates noise networks, additional experience replay, and distinguishes outputs into value functions and advantage functions, enabling the proactive updating of Q-network parameters based on optimal actions. Simultaneously, Gaussian noise is incorporated into the actions undertaken by the agents. Research findings indicate that as network complexity increases, it becomes more challenging for agents to formulate effective strategies, while lower network security enhances agent capability in strategic decision-making. Compared to the DDQN algorithm, the DDQN-DNER algorithm accelerates the convergence of the model. In all scenarios, this algorithm consistently achieves the highest scores, indicating that the defensive strategies and measures generated by the blue agent are highly effective. The blue agent can promptly detect potential threats and attacks and take appropriate actions to address and mitigate these attacks, thereby ensuring network security.

Hao YIN,Dongchao GUO,Yongqiang LYU,Peng YANG,Zhiwei ZHAO,Yaoxue ZHANG

DOI: https://doi.org/10.1360/n112017-00171

2019-01-01

Abstract:Cyberspace security is vital to state interest. Recently, there are some challenges in cyber security. In architecture for instance, although protection mechanisms are introduced and applied everywhere, the modern network architecture (well connected and open) still has difficulty in completely ensuring cyber security. It is also observed that contemporary cyber security protection mechanism highly depends on the priori information of security threats and thus will hardly address unknown potential threats. In this paper, a novel cyberspace security protection framework is proposed. A dual-structural Internet scheme that integrates the current Internet architecture with a redundant secondary structure network characterized by its broad-storage scheme, heterogeneous structure, and dynamic protection mechanism is introduced. Also, a novel active defense mechanism that is knowledge-data driven and thus independent of the priori information of the security threat is proposed. Furthermore, some key techniques such as transparent access and prepositive active defense are introduced. The theoretical and technical work proposed in this paper offers a comprehensively evolutionary solution to constructing a cyberspace in which the protection mechanism is more independent and active.

Yunlong Tang,Jing Sun,Huan Wang,Junyi Deng,Liang Tong,Wenhong Xu

DOI: https://doi.org/10.1016/j.cose.2024.103871

IF: 5.105

2024-04-01

Computers & Security

Abstract:Faced with the challenges of security strategy design brought about by the complexity of attack behavior and the dynamism of network structure, dynamic hierarchical intelligent defense methods have shown their effectiveness. However, in complex network environments, their application requires a higher level of coordination mechanisms. Therefore, this paper proposes a hierarchical multi-agent reinforcement learning network attack and defense game and cooperative defense decision-making method, which autonomously and efficiently completes the formulation of defense strategies and defense behavior responses. Firstly, we construct a Stackelberg hypergame model of cyberspace conflicts, and under the condition of information loss, characterize the multi-layer dynamic defense coordination response mechanism. Secondly, By utilizing a hierarchical multi-agent reinforcement learning method as the driving force for game evolution, we sequentially solve the Nash equilibrium of the game, and form a dynamic autonomous defense strategy. Finally, we construct a hierarchical multi-agent reinforcement learning framework, which decouples the defense decision problem, reduces the dimension of the defense action space and the exploration difficulty of the strategy space, and learns coordinated defense strategies more efficiently. We used the CybORG (Cyber Operations Research Gym) environment for simulation. We compared and analyzed the autonomously generated cyber defense strategies with other related works, verifying the superior coordination performance of our method in defense strategy generation and control.

computer science, information systems

F Zhang,Zg Qin,Sj Zhou

DOI: https://doi.org/10.1007/978-3-540-30207-0_55

2004-01-01

Abstract:In-depth defense for network security offers promotion on robusticity and survivability of information system. It prevents attacker from damaging system even he has already broken through one or several but not all layers of the system. Proactive defense integrates in-depth defense and shows the activeness greatly in contrast with traditional defense. It predicts intrusion trend and obtains attacker's information, dynamically evaluates and responds to intrusion. This reflects the counteracting property of security. Formally defined in Z language, policy-tree model for proactive defense is proposed in this paper. Moreover, completeness, correctness and consistency are analyzed. A completely building method, an abstract for correctness validating and an auto consistency checking method on security policy are designed. Policy-tree model gives theoretical and methodological support for proactive defense.

CHEN Yulai,SHAN Rongsheng,BAI Yingcai

DOI: https://doi.org/10.3969/j.issn.1009-8054.2007.02.062

2007-01-01

Abstract:This paper presents a dynamic defense model of network security, based on which a prototype system is implemented. The system integrates the mechanisms of detection and access control, and has close loop response to the results of attack detection. The system obtains some changes of the service port by network service discrimination and active scan technologies, and then dynamically adjusts and loads the detection module according to these changes, so that the accuracy and efficiency of detection are improved. The experimental results show that the system has a closed-loop dynamic protection mechanism.

Ming Liu,Lu Ma,Chao Li,Weiling Chang,Yuanjie Wang,Jianming Cui,Yingying Ji

DOI: https://doi.org/10.1109/MSN50589.2020.00110

2020-01-01

Abstract:Since the current cyberspace is becoming changeable and complex over times, the situation of cyber security is becoming increasingly severe, and one of the important issues is that there is still lack of a general applicability defense model for open and dynamic networks. Recent research suggests that the evolutionary game methods have the advantage of improving the defensive capabilities based on the internal decision and learning mechanisms. In this paper, by exploiting the advantage of collaborative decision-making in multi-agent system, we constructed the dynamic cyber defense problem into a decentralized multi-agent cooperative decision framework, whose core idea is the initiative decentralized interactions among defense agents. Then, we contributed a heuristic imprecise probabilistic based interaction decision algorithm, HIDS, that is, which utilizes the multidimensional semantic relevance among observation, tasks and agents, so that agents can continuously improve cognition and optimize decision-making by learning interactive records. In addition, we analyzed the equivalence and the transformation conditions between the proposed model and the existing decision models, and combined the evolutionary game with the nonlinear stochastic theory, then the evolution process of the defense policies are analyzed. Finally, the performance comparison of the proposed algorithm and the influence of different intensity random disturbances on the evolution process are analyzed.

Yonghui Huang,Yan Ma,Zhaowen Lin,Shuyue Wang,Bowen Xie

DOI: https://doi.org/10.1142/s0218126622500426

2021-01-01

Abstract:By endowing network with the ability of reliable scheduling of security resources, it can realize the dynamic deployment of security resources as well as the efficient configuration of protection resources, and further can quickly respond to network security threats and emergencies timely. Furthermore, due to the network is increasingly complex, it is of great importance to make it reliable by invoking appropriate security resources. However, the security mechanism and response speed of traditional network based on security domain division, network boundary protection are hard to meet the requirements of the virtual network. In this paper, we propose the SDN-empowered reliable and dynamic scheduling scheme for security resources. In the scheme, we use network security resource virtualization technology to virtualize and modularize network security software and hardware resources; at the SDN control layer, we propose meta-security function combination technology to provide on-demand customization for various security applications’ security service; by using role-based conflict detection and conflict resolution technology, we can detect and handle security rule conflicts. The experiments show that the scheme is reliable and efficient with low latency and great throughput.

Zhang Nai-tong

Abstract:According to the requirement,the military network orgainizes node devices to form TDL to aclomplish the operational mission.The Dynamic Combination(DC) is introduced in order to obtain fast organization and reaction.This paper gives a model for Tactical Data Link(TDL) based on set theory.With the TDL model,the influence of DC in agility and damage resistance of the system are discussed.Implementation scheme of DC is described briefly.

Computer Science,Engineering

Sung -Do Chi,Jong Sou Park,Ki -Chan Jung,Jang -Se Lee

DOI: https://doi.org/10.1007/3-540-47719-5_26

2001-01-01

Abstract:The major objective of this paper is to develop the network security modeling and cyber attack simulation that is able to classify threats, specify attack mechanisms, verify protection mechanisms, and evaluate consequences. To do this, we have employed the advanced modeling and simulation concepts such as System Entity Structure / Model Base framework, DEVS (Discrete Event System Specification) formalism, and experimental frame concept underlying the object-oriented S/W environment. Our approach is to show the difference from others in that (i) it supports a hierarchical and modular modeling environment, (ii) it generates the command-level behavior of cyber attack scenario, (iii) it provides an efficient model building environment based on the experimental frame concept, and (iv) it supports the vulnerability analysis of given node on the network. Simulation test performed on sample network system will illustrate our techniques.

Ming Liu,Ruiguang Li,Weiling Chang,Jieming Gu,Shouying Bai,Jia Cui,Lu Ma

DOI: https://doi.org/10.23919/jcc.2022.00.033

2022-01-01

China Communications

Abstract:Powered by the Internet and the ever-increasing level of informatization, the cyberspace has become increasingly complex and its security situation has become increasingly grim, which requires new adaptive and collaborative defense technologies. In this paper, we introduced an extended interactive multi-agent decision model for decentralized cyber defense. Based on the significant advantages of the cooperative multi-agent decision-making, the decentralized interactive decision model DI-MDPs and the corresponding interaction and retrieval algorithms are pro-posed. Then, we analyzed the interactive decision by the calculation and update processes of three matrices, the stability and evolutionary equilibrium of the pro-posed model are also analyzed. Finally, we evaluated the performance of the proposed algorithms based on open data sets and standard test environments, the experimental results shown that the proposed work will be more applicable in cyber defense.