Ting Wang,Min Lei,Jingjie Chen,Shiqi Deng,Yu Yang

DOI: https://doi.org/10.1007/978-3-319-68542-7_71

2017-01-01

Abstract:Current intelligent devices in Home Internet, such as routers and cameras, have suffered malicious attacks from hackers. Therefore, security for Home Internet appears particularly significant. In order to have a quantitative evaluation of security defense ability of Home Internet system, this paper proposes an improved vulnerability scoring method on Home Internet based on Information Security Technology Security Vulnerability Classification Guide. Compared to original scoring method which is mainly based on Internet, this improved scoring performs differently. It's aimed to have a quantitative evaluation on security defense effectiveness of Home Internet system: higher vulnerability score indicates higher threaten degree and relatively weak defense ability. In this paper, the Home Internet system takes dynamically-enabled defense technology (randomly changes system status) to make defense. Through calculating vulnerability scores before and after random changes of system status, this paper succeeds in making a quantitative evaluation on security defense ability of Home Internet system.

Chunru Zhou,Min Lei,Kunchang Li,Li Xu,Wei Bi

DOI: https://doi.org/10.1007/978-3-030-00018-9_27

2018-01-01

Abstract:Nowadays, home Internet has attracted a lot of interest. Dynamic-enabled Defense Strategy can reduce the possibility of being hacked to become the mining systems for blockchain. In order to reflect the status of the smart home system more accurately, this paper proposed a method to improve the common vulnerability scoring system (CVSS) and make CVSS more suitable for the smart home system. The proposed method can obtain vulnerabilities scores, reflecting the security status of the system accurately and providing strong support for system security defense and reinforcement. For dynamically-enabled defense with constantly changing state, it is hard for the attacker to obtain all the information in a short time, since it requires too many resources when the changing frequency is too high. Whereas the attacker has enough time to analyze the system with low changing frequency. Combining with the improved vulnerability scoring system, we propose a dynamic-enable defense strategy based on Markov chain and stochastic Petri net to calculate the attack detection probability and the vulnerability value of the system, and obtain the best dynamic switching interval to ensure the security of the system.

WUChunming

DOI: https://doi.org/10.3969/j.issn.1009-6868.2016.01.009

2016-01-01

Abstract:Dynamic network proactive security defence is an effective method for solving the unknown vulnerabilities and back door attacks in the information system. In this paper, the evolution defense mechanism (EDM) is proposed. According to the security status, network system security needs, EDM can select the best network configuration change elements to deal with potential attacks and ensure the safety requirements of a specific level. Dynamic reconfiguration and changes of the network need to be considered in accordance with the security situation of the system and the possible network attacks. The key is how to detect and the security situation and network attacks. It proposes that study on dynamic network proactive security defense in China is in the initial stage, and there is stil much work to do.

Chang-Ting Lin,Chunming Wu,Min Huang,Zhenyu Wen,Qiumei Cheng

DOI: https://doi.org/10.1109/SRDSW.2016.21

2016-01-01

Abstract:IP address mutation is a proactive defense method that is used to reduce the risk of network attacks, especially to deal with the worm propagation attacks. However, previous work did not give much consideration to the negative effects that IP address mutation could bring to network performance. To be specific, there is a trade-off between network performance and security, which implies that when a security mechanism is reinforced, network performance would be impaired and vice versa. Therefore, in order to achieve the optimal balance between performance and security, an optimal solution should be provided. In this paper, we propose an adaptive IP mutation defense method which is based on temporal-dimension, to dynamically control the mutation interval according to real-time measurable metrics, assurance and avoidance. This method leverages a genetic algorithm to achieve the optimization of performance-security trade-off. We then evaluate our method in a simulated computer cluster environment, including 1024 hosts, and demonstrate that our method can successfully find the optimal solution according to the experimental results. For example, it can reduce the worm propagation significantly, while maintaining the network performance in a predefined level.

Haifeng Zhou,Chunming Wu,Ming Jiang,Boyang Zhou,Wen Gao,Tingting Pan,Min Huang

DOI: https://doi.org/10.1109/mcom.2015.7081074

IF: 9.03

2015-01-01

IEEE Communications Magazine

Abstract:The past few years have witnessed revolutionary advances in network technology. Along with new techniques such as SDN come lots of new network security challenges. Conventional network security mechanisms are incompetent to overcome these challenges, since they are built on a static network configuration that facilitates attackers in finding the weaknesses of a network. In this article, we conceive a novel conceptual network security mechanism, the evolving defense mechanism (EDM), to resolve current and future security problems. EDM is based on a bio-inspired idea of network configuration variations. According to the security requirements of the system, the user, and the network security state, EDM selects an efficient network configuration variation strategy to prevent corresponding security threats. Combined with SDN implementation, EDM resolves security problems from a new angle and is capable of evolving with new network security technology. We sketch a way to implement EDM and present its reference framework, which serves as an ecosystem and coexisting environment for various kinds of network configuration variations. The proposed mechanism avoids the deficiency of conventional mechanisms and has potential to cope with emerging security threats.

QIN Junning,HAN Jiajia,ZHOU Sheng,WU Chunming,CHEN Shuangxi,ZHAO Ruoyan,ZHANG Jiangyu

DOI: https://doi.org/10.11959/j.issn.1000-0801.2020143

2020-01-01

Abstract:The unbalanced development status of network security was introduced.The main hazards and the mechanism model of penetration testing were described,and the inherent shortcomings of many existing traditional defense methods were analyzed.However,new method of the mimic defense model makes the attack information obtained invalid by dynamically selecting the executive set and adaptively changing the system composition.The same attack mode is difficult to be maintained or reproduced.Based on the attack chain model,the traditional defensetechnology and mimic defense technology were analyzed and compared,and it was demonstrated that it had a protective role in multiple stages of the attack chain.Finally,the effectiveness and superiority of the mimic defense was verified by experiments,and the model was summarized and prospected.

Feng Zhao,Heqing Huang,Hai Jin,Qin Zhang

DOI: https://doi.org/10.1016/j.camwa.2011.09.031

IF: 3.218

2011-01-01

Computers & Mathematics with Applications

Abstract:To enhance security in dynamic networks, it is important to evaluate the vulnerabilities and offer economic and practical patching strategy since vulnerability is the major driving force for attacks. In this paper, a hybrid ranking approach is presented to estimate vulnerabilities under the dynamic scenarios, which is a combination of low-level rating for vulnerability instances and high-level evaluation for the security level of the network system. Moreover, a novel quantitative model, an adapted attack graph, is also proposed to escaping isolated scoring, which takes the dynamic and logic relations among exploits into account, and significantly benefits to vulnerability analysis. To validate applicability and performance of our approach, a hybrid ranking case is implemented as experimental platform. The ranking results show that our approach differentiates the influential levels among vulnerabilities under dynamic attacking scenarios and economically enhances the security of network system.

Jinxin Zuo,Ziyu Guo,Tong An,Zhongwei Xu,Yueming Lu

DOI: https://doi.org/10.1109/jiot.2023.3274205

IF: 10.6

2023-01-01

IEEE Internet of Things Journal

Abstract:The frequent attacks show that no information system is absolutely safe and the security capabilities are relative. Security resilience becomes a complementary priority for improving information systems’ continuous service and security capabilities in the face of attacks, such as unknown vulnerabilities and backdoors. Endogenous security defense technology has become an important research aspect to improve the security resilience of information systems. However, there are some limitations in the research of the information system security resilience evaluation model, such as lacking indexes to characterize the system security resilience under an attack environment. In this article, a security resilience enhancement strategy based on dynamic defense is constructed to improve the security performance of the system through IP port hopping and attack surface conversion. For the adversarial behaviors of attackers and defenders, we propose a security resilience metric framework based on the evolution of attack and defense scenarios, which is evaluated using a resilient security evaluation model based on the fuzzy Choquet integral. In the model, the weights of evaluation indicators are calculated based on the decision-making trial and evaluation laboratory method. The 2-addable fuzzy measures of each indicator are calculated secondarily. Then the security performance of the system is calculated using the fuzzy Choquet integral. Absorptive capacity, adaptive capacity, and resilience factor are proposed to better supervise the metric framework’s validity. Finally, four groups of control cases were created by building the Web service system after the endogenous security transformation as the experimental simulation scenario. Experimental simulation results show the superiority of the proposed metric model.

Di Li,Yikun Hu,Guoqing Xiao,Mingxing Duan,Kenli Li

DOI: https://doi.org/10.1002/cpe.7577

2023-01-01

Concurrency and Computation Practice and Experience

Abstract:SummaryWith the rapid development of the internet, cyberspace security issues have become increasingly prominent. The importance of constructing a cyberspace security system is self‐evident, but compared with attackers, defenders in cyberspace are in a castle‐like passive defense state in most cases. Therefore, building a reliable, accurate, timely, and active defense system is challenging. The key is to accurately focus on defense priorities, the anticipation of attackers who will likely succeed, and blocking attacks in a timely manner. In this article, we propose an active defense model based on the interaction of situational awareness and firewalls. First, by biasing the integrity, confidentiality, and availability of assets to get the score of assets, and using the Common Vulnerability Scoring System to assess the threat level of assets, we combine the two to determine the maximum system damage that the asset will suffer if it is lost, and then focus on defense. Meanwhile, log analysis of the network situational awareness platform can predict successful attackers, and then the linked firewall strategy can block these attacks in time before the attackers obtain attack gains. After that, we force the attackers to give up their attacks on the target by increasing the attack cost. We compared our model with iptables auto‐blocking and nginx auto‐blocking, and our model excelled them across the board in terms of comprehensiveness and false positive rate. The experimental results verify thar our active defense model proposed in this article can better reduce the defense cost and increase the attack cost, thus achieving the relatively defense goal.

CHEN Yulai,SHAN Rongsheng,BAI Yingcai

DOI: https://doi.org/10.3969/j.issn.1009-8054.2007.02.062

2007-01-01

Abstract:This paper presents a dynamic defense model of network security, based on which a prototype system is implemented. The system integrates the mechanisms of detection and access control, and has close loop response to the results of attack detection. The system obtains some changes of the service port by network service discrimination and active scan technologies, and then dynamically adjusts and loads the detection module according to these changes, so that the accuracy and efficiency of detection are improved. The experimental results show that the system has a closed-loop dynamic protection mechanism.

Xin-Li Xiong,Lin Yang,Guang-Sheng Zhao

DOI: https://doi.org/10.1109/access.2019.2891613

IF: 3.9

2019-01-01

IEEE Access

Abstract:Evaluation of moving target defense (MTD) effectiveness has become one of the fundamental problems in current studies. In this paper, an evaluation model of MTD effectiveness based on system attack surface (SAS) is proposed to extend this model covering enterprise-class topology and multi-layered moving target (MT) techniques. The model is focused on the problem of incorrect performance assessment caused by inaccurately characterizing the process of attacking and defending. Existing evaluation models often fail to describe MTD dynamically in a process. To deal with this static view, offensive and defensive process based on a player’s move is presented. Besides, it converts all the attack and defense actions into the process, and interactivities are evaluated by system view extended attack surface model. Previously, the proposed attack surface models are not concerned about the links between nodes and vulnerabilities affected by topologies. After comprehensively analyzing the impact of interactions in the system, a SAS model is proposed to demonstrate how resources of the system are affected by the actions of attackers and defenders, thus ensuring the correctness of parameters for SAS in measuring MT technology. Moreover, by generating a sequence of those shifting parameters, a nonhomogeneous hierarchical hidden Markov model is used to find the possible sequence of attacking states by introducing the partial Viterbi algorithm. Also, a sequence of attacking states is defined to illustrate how adversaries are handled by MT technologies and how much additional consumption costs are increased by the system resource reconfiguration. Finally, the simulation of the proposed approach is given in a case study to demonstrate the feasibility and validity of the proposed effectiveness evaluation model in a systematic and dynamic view.

computer science, information systems,telecommunications,engineering, electrical & electronic

Xin YANG,Hui LI,Jiangxing WU,Peng YI

DOI: https://doi.org/10.1360/ssi-2019-0224

2020-01-01

Abstract:Cyber mimic defenses have recently emerged as a dynamic heterogeneity redundancy architecture, which adjust the asymmetry between defenders and attackers by reconfiguring the system according to the network scenario. Some studies have investigated the effectiveness of security models, however, there is still a lack of convincing and practical methods to assess CMD networks quantitatively. Thus, in this paper, we propose a two-dimension model that calculates those details as a digital result to compare different CMD networks. In addition, the proposed method demonstrates good scalability in different networks. Specifically, in the first dimension, i.e., attacking a single node, we elaborate on system configurations and employ the Generalized Stochastic Petri net model to capture the effectiveness of different behaviors from gamers. To quantify the impacts of those behaviors, we parameterized them using a Poisson process, common vulnerabilities and exposures, and the common vulnerability scoring system. In the second dimension, we adopt Markov chains and the Martingale theory to analyze the attack process along the attack chain. Finally, security metrics and countermeasures under different scenarios are presented to verify the effectiveness of CMD, which provides some guidance for designing future systems with acceptable cost.

Rui Yu,Xiaohua Zhang,Minyuan Zhang

DOI: https://doi.org/10.1109/icbaie52039.2021.9389849

2021-01-01

Abstract:In recent years, the Internet of Things technology has developed rapidly and has a wide range of applications in the fields of smart home, Internet of Vehicles, and Industrial Internet of Things. Most of the emerging smart devices have relatively simple architectures, and security vulnerabilities may exist in the perception layer, transport layer, and application layer. At present, most of the security analysis frameworks for IoT devices require additional high-performance devices. At the same time, the emerging “mining” malware and other attack methods that directly plunder the computing resources of the device have not received attention. In response to the above problems, this paper designs and implements a smart home security analysis system. Our experiments show that the system can effectively detect and defend against contactless attacks that smart homes may suffer, and has a small impact on home network performance. The system can better solve the contradiction between smart home network security requirements and device performance limitations.

Cheng Liu

DOI: https://doi.org/10.2478/amns.2023.1.00049

2023-04-28

Applied Mathematics and Nonlinear Sciences

Abstract:Abstract With the rapid development of the Internet, security issues are becoming more and more prominent, and since most information is transmitted through the Internet today, Internet security is particularly important. When the Internet was designed, only mutual compatibility and interoperability between networks were considered, and security issues were not fully considered. As a result, as the Internet continues to grow, security issues are becoming more and more serious. One of the more difficult attacks is the Distributed Denial of Service (DDoS) attack, which has many forms of attacks, is harmful, and is difficult to identify and defend. Therefore, building a global Internet security protection system to achieve effective protection against DDoS attacks is the main work of this research paper. In this paper, we propose an artificial intelligence DDoS attack protection system, which implements a controller and switch auto-detection model by extending the protocol and establishing an optimization model to realize a low-load and low-latency traffic monitoring scheme; for DDoS attacks. We propose the attack inspection algorithm SCVAE based on Variational Encoder (VAE) and Spectral Clustering. in order to mitigate DDoS attack traffic, the protection system uses the QoS traffic control method, builds the application flow hierarchy model, and filters the attack traffic endured by the system by setting the application flow bandwidth limit as well as the traffic priority dual policy. Finally, a Mininet-based simulation test environment is built to evaluate the model, and different test indexes are set for different system modules to evaluate their actual performance. The results of this paper show that in the network traffic monitoring test, the artificial intelligence DDoS attack protection algorithm can respond to the attack more quickly by reducing the average 73ms per sampling compared with other algorithms; in the attack traffic identification test, the comparison accuracy (P) is improved by 15.14%, the accuracy (AC) is improved by 13.26%, the recall (R) is reduced by 9.23%, and the F1 measurement criteria improved by 23%. The test verifies that the artificial intelligence DDoS attack protection system can achieve real-time monitoring of each performance parameter and also illustrates the feasibility and practicality of the research content of this paper, which strengthens the construction of the technical means of Internet security protection and further enhances the Internet security defense capability.

Huo Chengyi,Wu Zhenqiang,Jian Xiaochun,Zhang Jie

DOI: https://doi.org/10.3969/j.issn.1009-8054.2006.12.051

2006-01-01

Abstract:Depending on the PPDR dynamic defense model, synthesize the firewall, intrusion detection system and honeypot, this paper proposed a network security of dynamic defense model. It focused on discovering attackers early, study attackers and product new rules, so that always make network defense instrusion to be placed in the active position.

Jinyu Wu,Lihua Yin,Binxing Fang

DOI: https://doi.org/10.1007/978-3-642-35795-4_76

2013-01-01

Abstract:Evaluating network security is vital step in risk management. However, existing evaluating methods such as using tools like attack graphs or attack trees to compute risk probabilities did not consider the concrete running environment of the target network, which may make the obtained results deviate from the true situation. In this paper, we propose a novel dynamic self-adaptive framework for network security evaluation. In addition to using Scan Tool and Attack Graph Generator to generate attack graphs, we design Audit Processor and Property Evaluator to get key information in the running environment of the target network. The major evaluation computing will be performed in Security Evaluator. We show how to use our framework to the real network. Experiment results show that our framework which capture the concrete running environment information of the network get closer result to the true situation and can dynamically adapt to changing environment. © Springer-Verlag Berlin Heidelberg 2013.

Qianmu Li,Youhui Tian,Qiang Wu,Qi Cao,Haiyuan Shen,Huaqiu Long

DOI: https://doi.org/10.1109/access.2020.2972032

IF: 3.9

2020-01-01

IEEE Access

Abstract:In recent years, with the opening of the “smart age” curtain, smart devices dominated by technologies such as robots, drones, and intelligent perception have gradually moved to the center of the Intelligent CPSS stage. However, the new security risks of the Intelligent CPSS have also become increasingly prominent. Especially in recent years, in Ukraine and Venezuela's power attack incidents, a series of related attacks always occur simultaneously. This is a multi-task compound attack. This paper designs a set of Cloud-Fog-Edge closed-loop feedback security risk prediction strategies for multi-task compound attacks based on the offensive and defensive ideas of intelligent games, combining classified deep Boltzmann machines and Markov time-varying models. This strategy can be used for various types of power intelligent system terminals, and realizes security risk prediction with modularity, interoperability, open interfaces and compliance with open standards. Interoperability with other safety equipment can also be achieved through standardized interfaces to form system security protection capabilities to meet the actual needs of the industry Internet system. Experimental results show that the method is superior to the typical traditional method.

Zhi Chen,Xiaolin Chang,Jelena Misic,Vojislav B. Misic,Yang,Zhen Han

DOI: https://doi.org/10.1109/globecom42002.2020.9322609

2020-01-01

Abstract:Moving target defense (MTD), emerging as a game-changer in the cyber defense area, has got a lot of attention and development recently. As a proactive defense technique, MTD dynamically changes system attributes in order to create more uncertainties of the system and has been proved to be effective against cyber attacks. Beyond this, there is still a lack of researches with respect to the quantitative analysis of the effect of MTD on system performance. This paper aims to quantitatively investigate how MTD affects system performance while bringing security. We develop Markov process-based models for two different MTD strategies and derive the formulas for metrics of interest. We carry out simulation experiments to validate our proposed models with Mininet. Furthermore, numerical analysis is conducted for comparing these two different strategies in terms of system performance. The numerical results also show how different parameters affect the evaluation metrics. Our models can help defenders conFigure the MTD system in the most suitable way.

Yong-jie WANG,Ming XIAN,Guo-yu WANG,Shun-ping XIAO

DOI: https://doi.org/10.16208/j.issn1000-7024.2005.11.002

2005-01-01

Abstract:Effectiveness evaluation study of computer network attack is an important and urgent task in the field of computer network at-tack and defensecountermine.Status quo,main problem and newestdirection of weapon system effectivenessevaluation were introduced.A method based on mechanism,rule and index were studied to set up index system of computer network attack effectiveness evaluation.Specialties of computernetwork attack effectiveness evaluation were analyzed.Network entropy evaluation model,index analyses evalu-ation model and fuzzy estimating evaluation model were brought forward.

Wei Liu,Yiyang Yao,Baohua Zhao,Weiyong Yang,Longyun Qi,Xiaoliang Lv

DOI: https://doi.org/10.1109/access.2018.2870116

IF: 3.9

2018-01-01

IEEE Access

Abstract:Internet of Things has found a lot of applications in power systems. However, with the increased the sensing, networking, and control capabilities, the security issues have become even more urgent at the same time. In this paper, a TMAC model based on trusted mandatory access control is proposed by studying the security situation of a power monitoring system. The model has self-learning characteristic and can realize the automatic escalation of the global security strategy based on intelligent agent, so as to build the safe immune ability and active defense system for the power monitoring. This paper introduces the key technology of the TMAC security model, formalizes some of the work, and finally tests its credibility and effectiveness for the typical application scenario of the power monitoring system. Through the study of this technology, the power monitoring system is further equipped with an immune ability against virus Trojan and hacker attacks, especially for application scenarios, such as substation, power plant, and master station.