Yuxiang Han,Shengli Liu,Xiaoyan Su,Zongli Hu

DOI: https://doi.org/10.1109/mines.2011.21

2011-01-01

Abstract:It is difficult to analyze and debug Cisco IOS with traditional debugging and disassembler tools such as GDB and IDA pro. These tools can't debug Cisco IOS in single step mode. This paper describes a dynamic analysis system based on a modification hardware emulator called Dynamips. Then, a new solution of inserting breakpoint with network events will be provided to analyze network communication procedures.

Peng Jiang,Hongyi Wu,Cong Wang,Chunsheng Xin

DOI: https://doi.org/10.1109/ICC.2018.8422830

2018-01-01

Abstract:Identity-based attacks such as MAC spoofing are common in wireless networks. The recently developed virtualization technologies bring a new type of MAC spoofing attack, virtual MAC spoofing. This makes it even more challenging to detect such attacks, especially in a tight environment with spatial similarities. In this paper, we design, implement and evaluate a system to effectively detect virtual MAC spoofing attacks via deep learning. A deep convolutional neural network is constructed to extract physical features from CSI obtained from packet transmissions, to detect virtual MAC spoofing attacks. An important merit of the proposed detection system is that this system can distinguish two devices even at the same location, which was not well addressed by previous approaches. Our extensive experimental results demonstrate the effectiveness of the system with an average detection accuracy of 95%, even when devices are co-located.

Yan Shen,Qi-fei Zhang,Ling-di Ping,Yan-Fei Wang,Wen-juan Li

DOI: https://doi.org/10.1109/trustcom.2012.41

2012-01-01

Abstract:In the existing large-scale performance test of IPsec tunnel, it often needs special software and hardware. To solve the problem, this article proposed a new method, in which packet was encapsulated in user space, and a multi-tunnel controller was designed and implemented with the method of FSM(finite state machine), which controlled the negotiation and establishment of multiple tunnel, including L2tp, IKEv1, IKEv2, IKEv2+EAP and L2tp Over IPsec. Libpcap was used as the bottom layer driver of package, and the application of zero copy technique had reduced system cost immensely. At last, the result of the experiment verified the performance of the IKEv1 tunnel on Tunnel-mode and Transport-mode.

LU Lianhao,PING Lingdi,PAN Xuezeng

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.21.054

2006-01-01

Abstract:The research of covert channel analysis on Tuling SecOS2.0/4 is reported.A new covert channel identification method--modified semantic information flow method is proposed.It has less workload,can directly analyze the source code and exclude the false result,also helps the covert channel handling.It uses this method to identify the cover channels of the Tuling SecOS,computes the bandwidths accurately,and handles the covert channels according to different security policies.The result shows conform to the requirement of Level 4 security operating system in relevant national standards.

Jia Guo-jun,DAI Lian-kui

DOI: https://doi.org/10.3969/j.issn.1004-731x.2005.05.027

2005-01-01

Abstract:A novel modeling method is proposed to analyze actual IP networks. This method decomposes an IP network into several basic units and constructs the mathematical model of the network by setting up the corresponding state equation for every unit. Based on the Bohacek’s model, we develop a first-order differential equation to describe queue change in an output port of a router, which reduces system complexity obviously without sacrificing simulation precision. The RED-marking strategy is introduced for the queue management of routers. Finally, we build a mathematical model for a simplified network. The model is well validated by comparing its analytical results with the NS simulation results.

Zou Xi,Gao Ming,Yining Wang,Chunming Wu

DOI: https://doi.org/10.1109/PAAP.2015.29

2015-01-01

Abstract:The emergence of network virtualization solves the problem of ossification. At the same time, it provides endless possibilities for the innovations of the network architecture. As a result, it has attracted the attention of the next generation Internet architecture. Therefore this paper based on the architecture of For CES to explore the implementation of the data plane virtualization and provide the framework for virtualization platform via the method. Meanwhile, in the premise of meeting the requirements which the virtual network packet has enough processing capacity. For the sake of solving the allocation of FE resource in virtual network (Forwarding Element, FE). To make the number of FE and the utilization of FE more reasonable. This paper puts forward a kind of FE resource allocation algorithm based on twice iteration subtraction. We use Click Modular Router as the data plane processing engine, then we give the virtual method to realize data plane and explain that supporting multiple virtual network and the virtualization of FE can provide more flexibility for processing data packets.

L Chen,XL Xu,GC Chen,C Chen

DOI: https://doi.org/10.1109/icct.2003.1209833

2003-01-01

Abstract:In collaborative virtual environment (CVE) systems, participants can freely join and share a virtual environment and do some collaborative works synchronously. And network communication architecture is very important for CVE systems to realize scalability, minimized delay and reliability. In this paper, the communication of CVE systems is categorized in three types: state update, command and event. Furthermore, this paper introduces the collaboration requests and interactive stream in CVE systems. Based on these introductions, a communication architecture for collaborative virtual environment systems is described. This architecture uses updatable queue abstraction in application layer to do message obsolescence and uses interactive stream transport protocol in transport layer to achieve efficient transmission of messages among a large number of participants.

Sheng-li Liu,Xiang Gao,Cheng Zeng,Li-gen Chen

DOI: https://doi.org/10.11591/telkomnika.v12i3.4561

2014-01-01

TELKOMNIKA Indonesian Journal of Electrical Engineering

Abstract:Aiming at the problem of current analysis and detection techniques against Cisco IOS security are not suitable for IOS integrality attack, this paper focuses on the Cisco IOS security detection techniques based on Control Flow Graph. First, the constructing method of Control Flow Graph is introduced. Then, a method to extract non-executed malicious code is proposed, which improves the effectiveness and accuracy of the analysis of malicious code. It provides support for rapid and effective detection of IOS integrality attack. DOI : http://dx.doi.org/10.11591/telkomnika.v12i3.4561 Full Text: PDF

Jian Chu,Dongqin Feng,Shilong Liu,Jianxiang Jin

2006-01-01

Abstract:The intelligent bridge includes processor, memory, same number of network interfaces and network communication modules. The processor also includes a configuration control module. Based on received information of configuration, the configuration control module controls communication between network segment through connected interface corresponding to network communication module and other devices. Receiving all messages from network segment the network communication module located, the module sends out messages and receives communication scheduling under control of the configuration control module. The intelligent bridge can monitor, process and transmit all messages from different network segments; based on configuration information controls forwarding message, and insulates invalid message to be forwarded so as to raise performance for transferring message in real time. The configured bridge can be added to communication scheduling of the network segment the bridge located at.

WANG Li-na,HE Jun,HOU Jian-min,LI Lei

DOI: https://doi.org/10.3969/j.issn.1006-7167.2010.06.020

2010-01-01

Abstract:Based on the method of dynamic routing protocol configuration and the simulation software DynamipsGUI,the virtual communication process of multi-routers was realized. The network topology graph was designed. The ports of routers were set up,and IP addresses were distributed. The configuration commands of routing information protocol and Open shortest path first protocol on different areas are analyzed. With the help of different show commands,it can analyze whether the configuration result is correct. The effectiveness of simulational communication is tested by applying virtual PCs. It shows that the design of the virtual network is feasible.

JingZheng Wu,Liping Ding,Yongji Wang,Wei Han

DOI: https://doi.org/10.1109/CLOUD.2011.10

2011-01-01

Abstract:Virtualization technology is the basis of cloud computing, and the most important property of virtualization is isolation. Isolation guarantees security between virtual machines. However, covert channel breaks the isolation and leaks sensitive message covertly. In this paper, we formally model the isolation into noninterference, and define that all the transmission channels violating noninterference are covert channels. With this definition, we present an identification method based on information flow. This method first compiles the source code into a more structured equivalent code with LLVM. And then a search algorithm is proposed to obtain the shared resources and the operational processes in the equivalent code. A new covert channel termed sharing memory covert timing channel (SMCTC) is identified from Xen source code. We construct channel scenario for SMCTC, and evaluate its threat with the metrics of channel capacity and transmission accuracy. The results show that SMCTC is much more threatened than CPU load based and cache based covert channels etc.

CHEN Hong-chang,LI Hai-tao,HUANG Hai,HE Zan-yuan

DOI: https://doi.org/10.3969/j.issn.1671-0673.2011.05.019

2011-01-01

Abstract:The parallel access mode to restrict spam call of soft switch is poor in real-time performance and security.To deal with this problem,this paper takes the serial access mode to soft switch signaling system and designs a virtual access technique for soft switch signaling,which is based on analyses and improvements of address binding and input output routing of TCP/IP protocol stack on the Linux platform.Experiment results indicate that the technique can implement transparent access and secure restriction based on TCP/UDP signaling.And the improvements of protocol stacks have no negative influence on normal communication processing.

Xiaowei Li,Hongxiang Sun,Qiaoyan Wen

DOI: https://doi.org/10.1109/ccis.2012.6664413

2012-01-01

Abstract:Numerous virtual machines have been designed to make full use of the adequate resources and facilitate people's lives. In turn, it results in the necessity of communication between the virtual machines. As we know, the data of communication between the virtual machines which located on the different hosts, could potentially be altered or intercepted during transport. To solve the problem, we design and operation of the transparent encryption-decryption communication mechanism (TEDCM) in the privilege virtual machine, the result suggests that the TEDCM in our paper is a good choice to solve the problem of information leakage.

Weichong Xie,Zhengmin Li,Kaikun Dong,Yinghong Shen

DOI: https://doi.org/10.3772/j.issn.1002-0470.2016.12.006

2016-01-01

Abstract:The analysis of network attack and defense was conducted,and aiming at the traditional background traffic simulation technology's problems in generation and deployment of traffic nodes such as size limitation of background traffic,authenticity limitation of background traffic,and number and position limitations of the tools for background traffic generation and deployment,an algorithm for generation and deployment of lightweight background traffic nodes based on virtualization was proposed.This is a three-phase algorithm that consists of the target traffic mapping based on resource amount,the adding of background traffic application based on the shortest route,and the node mapping based on the least communication cost,aiming to solve the problems of massive,rapid generation of background traffic nodes and flexible deployment of them in network attack and defense experiments.The experimental results show that using the proposed lightweight background traffic nodes to generate the background traffic can satisfy the self-similarity of networks,the small consumption of resource,the fast starting speed,and the massive,flexible and quick deployment according to the actual network attack and defense experiment.

JIANG Xueyuan,LI Minglu,WENG Chuliang

DOI: https://doi.org/10.3778/j.issn.1673-9418.2011.05.007

2011-01-01

Abstract:During the development of network computing and cloud computing,virtualization grows up quickly as the base technology.Virtualization live migration is an important feature for applications based on virtualization.Basic live migration protocol is too simple,and security hazard exists.Based on Xen virtualization platform,the performance of existed security solutions and the influence to live migration of these solutions are tested.The weakness of existed solutions is shown by attack based on sniffer and address resolution protocol(ARP) spoofing.The idea of solving the new problem is given.

H. H. Shi,X. Xu,Y. J. Wang

2015-01-01

Abstract:VLAN Trunk and IEEE802.1Q are the two teaching key and difficult points in LAN of the computer network education including Internet of Things (IoT), and need a lot of actual network equipment and special network analysis software in traditional class education. We introduce an education simulation technology such as Packet Tracer to replace the actual network equipments and special network analysis software. After analyzing VLAN Trunk protocol and IEEE 802.1Q frame tagging, we make some practices based on the education simulation technology for teaching VLAN Trunk and IEEE 802.1Q. The practical result show the teaching process is efficient and feasible.

Zun-ying QIN,Guo-dong LI,Wei LI,Xu-chang HUANG

2013-01-01

Abstract:A universal and multi-mode OSPF vulnerability detection system was designed based on analysis and research of OSPF vulnerability.The system implements denial of service attack model with the method of forging entity router and man-in-middle attack model with zero-copy technology.The method combining SNMP and bypass monitoring was adopted to achieve real-time monitoring of test results.Finally,the system proves the vulnerability of different types of routing equipments in the test environment and the vulnerability hazards were analyzed quantitatively.

JingZheng Wu,Liping Ding,Yongji Wang,Wei Han

DOI: https://doi.org/10.1109/ssiri.2011.17

2011-01-01

Abstract:Covert channel analysis is an important requirement when building secure information systems, and identification is the most difficult task. Although some approaches were presented, they are either experimental or constrained to some particular systems. This paper presents a practical approach based on directed information flow graph taking advantage of the source code analysis. The approach divides the whole system into serval independent modules and analyzes them respectively. All the shared variables and their caller functions are found out from the source codes and modeled into directed information flow graphs. When the information flow branches are visible and modifiable to the external interface, a potential covert channel exists. Contributions made in this paper are as follows: a modularized analysis scheme is proved and reduces the workloads of identifying, a directed information flow graph algorithm is presented and used to model the covert channels, more than 30 covert channels have been identified in Linux kernel source code using this scheme, and a typical channel scenario is constructed.

guofeng wang,chuanyi liu,jie lin

DOI: https://doi.org/10.1007/978-3-662-43908-1_4

2014-01-01

Abstract:Modern malware attacks are designed intricately, transport data encrypted, so monitoring network traffic can't solve such attacks completely. Therefore, network monitoring and analysis need to be combined with system behavior monitoring and memory analysis, and the latter is more important. In this article we propose a hardware-based virtualization prototype system, combined with memory analysis tools to monitor and counterwork malicious attacks actively. The system is based on Xen virtualization platform, which monitoring virtual machine behavior by capturing specific events. The events are triggered by some specific behaviors associated with malicious software monitoring, such as executing privileged instruction, system calls, memory writing, etc. When necessary, we can dump the memory of the virtual machine, use memory analysis tools for detailed analysis, so as to achieve the purpose of monitoring and counterworking.

He Song,Xiaofeng Wang,Mengdong Zhai,Guangjie Zhang

DOI: https://doi.org/10.3390/info11010047

2020-01-16

Information

Abstract:Virtualization has the advantages of strong scalability and high fidelity in host node emulation. It can effectively meet the requirements of network emulation, including large scale, high fidelity, and flexible construction. However, for router emulation, virtual routers built with virtualization and routing software use Linux Traffic Control to emulate bandwidth, delay, and packet loss rates, which results in serious distortions in congestion scenarios. Motivated by this deficiency, we propose a novel router emulation method that consists of virtualization plane, routing plane, and a traffic control method. We designed and implemented our traffic control module in multi-scale virtualization, including the kernel space of a KVM-based virtual router and the user space of a Docker-based virtual router. Experiments show not only that the proposed method achieves high-fidelity router emulation, but also that its performance is consistent with that of a physical router in congestion scenarios. These findings provide good support for network research into congestion scenarios on virtualization-based emulation platforms.