Shumian Yang,Lianhai Wang,Dawei Zhao,Xiaohui Han,Shuhui Zhang

DOI: https://doi.org/10.22323/1.300.0033

2018-01-01

Abstract:Software definition networking is a revolutionary network architecture, which realizes the separation of the control plane and data plane of a network. While providing the centralized controllability and the software programmability, the network itself is encountering many security problems. In order to solve the problem of security threats in SDN networks, there are different layers of unique security challenges and the relevant research on SDN security problems. This paper introduces the depth learning technology into the field of security threat detection in SDN, and propose a security threat detection framework based on depth learning.The framework is based on the research on model establishment, abnormal behavior recognition and decision algorithm design. The software system based on physical memory analysis is under development in SDN. The system verifies the feasibility of this framework, and to finally generate the work plan on SDN infrastructure.

L Cai,Xh Yang

DOI: https://doi.org/10.1109/ICSMC.2005.1571196

2005-01-01

Abstract:More and more network attacks are focusing on application level vulnerabilities. Recently, several examples of this trend have been highly publicized such as the SQL Slammer and SQL Snake attacks. Traditional firewalls, used for protecting the database, only prevent attacks searching for vulnerabilities. Database firewalls take defense deep into the organization by providing full syntax control and audit of the SQL AN stream before it reaches the database, and enforcing content-driven access to database. This paper proposes a layered reference model for database firewalls by enhancing the capability of COAST Laboratory's model. It separates a database firewall into three layers (network layer, schematic layer and semantic layer) according to the knowledge, computation target, and the control granularity of each layer. Based on this model, a database firewall product had been prototyped It can greatly improve the database security by introducing self-controlled authentication principal mapping, object mapping, and mandatory access control modules.

Feng Wang,Baoshan Ge,Li Zhang,Yong Chen,Yang Xin,Xiayuan Li

DOI: https://doi.org/10.1002/sres.2184

2013-04-04

Systems Research and Behavioral Science

Abstract:After analysing the security conditions in current Enterprise Systems (ES), this paper proposes a systematic framework that is based on the Secure Sockets Layer Virtual Private Network (SSL‐VPN) for improving security management. This framework takes account of several key aspects such as channel strategy, network pattern, workstation authentication, identity authentication, security workflow, etc. The proposed framework has the following advantages: low cost, high performance, easy to implement, and strong security control pattern. In addition, this paper proposes a dynamic security strategy that is about authorizing user ID and roles dynamically and conducting real‐time mapping via agent or proxy technologies. Copyright © 2013 John Wiley & Sons, Ltd.

management,social sciences, interdisciplinary

顾国飞,沈建莉,王鹏,张世永

DOI: https://doi.org/10.3969/j.issn.1000-3428.2002.z1.060

2002-01-01

Abstract:Campus network security is an important problem now, and it comprises many different security levels. This paper presents a six-layer network security architecture, which consists of physical security, link security, network level security, information security, application security and user security. Then a multi-layer, comprehensive and distributed campus network security solution is presented based on it. This solution covers comprehensive aspects from low level to high level, from static passive prevention to dynamic active prevention ,from before ,between to after the intrusion ,from system to desktop and from host to network. It can give max security to the campus network and can also be used in other kind of LANs.

Guihai Chen,Victoria C. Yan,Qing Li,Zengzhi,Liao,Zhigang

2005-01-01

Abstract:The wide application of network technology in power systems brings not only convenience and flexibility but also security threats. An architecture of network security for power system was proposed in this study,which protected data and facilities from being attacked by outside users by means of firewall, security monitor and control system. Firewall was basically the first line of defense for the intranet; the security monitoring system was a kind of IDS (Intrusion Detection System), while security control system provided authentication, authorization,data-encrypted transmission and security management. This architecture provides various security services, such as identification, authentication, authorization, data integrity and confidentiality.

Haixin Duan,Jianping Wu

DOI: https://doi.org/10.1109/APCC.1999.820481

1999-01-01

Abstract:Security management is one of the five management functions defined by ISO/OSI, which covers two aspects: security of management and management of security. As to management of network security, we give security management requirements for large computer networks, combined with our management experience of managing CERNET. From our experience, the widely used firewalls in the Internet are lacking in the capability to be remotely managed on a large scale, especially multi-vendor network environment. Addressing these problems, the concept of high level security policy management is proposed for large networks. To support high level policy management and collaborative management of multi-vendor firewalls, a definition for a common firewall MIB (CFWMIB) and a common format for the TRAP events record are proposed. For the aspect of security of network management, we present a security architecture which is implemented in our web-based network management system. Flexible authentication and role-based access control mechanisms of the architecture are described. Our ongoing and future research is also outlined.

YANG Xin,LI Hui,QUE Jianming,MA Zhentai,LI Gengxin,YAO Yao,WANG Bin,JIANG Fuli

DOI: https://doi.org/10.11896/jsjkx.220600265

2023-01-01

Abstract:Traditional IP-based Internet offers an end-to-end data transport service and has developed rapidly in the past half-century.However,serious security incidents emerged from attacks based on traditional networks.Traditional security mechanisms(e.g.,firewalls,intrusion detection systems) enhance security.However,most of them only provide some remedial strategies rather than solve the address-security problem radically due to the lack of change in network design.The overall in-depth security of the networked system cannot be guaranteed without a fundamental change.In order to meet the development requirements of the next generation of an endogenous security network,one of the future networks,the multi-identifier network(MIN),is introduced as our research background.This paper proposes an efficient scheme in hieratical architecture that provides comprehensive protection by addressing the security aspects pertaining to the network and application layers.At the network layer,the proposed architecture develops a multi-identifier routing scheme with embedded identity-based authentication and packet signature mechanisms to provide data tamper-resistance and traceability.At the application layer,the proposed architecture designs a mimic defensive scheme combined with weighted network centrality measures.This scheme focuses on protecting the core components of the whole network to improve the service's robustness and efficiently resist potential attacks.This paper tests and evaluates the proposed scheme from a theoretical and practical perspective.An analytical model is built based on the random walk for theoretical evaluation.In experiments,the proposed scheme is developed in MIN as MIN-VPN.Then considering IP-VPN as a baseline,anti-attack tests are conducted on IP-VPN and MIN-VPN.The results of theoretical evaluations and experiments show that the proposed scheme provides excellent transmission performance and successful defense against various TCP/IP-based attacks with acceptable defensive cost,demonstrating this security mechanism's effectiveness.In addition,after long-period penetration testing in three international elite security contests,the proposed method is effectively immune to all TCP/IP-based attacks from thousands of professional teams,thus verifying its strong security.

SHAN Linwei,SHAN Xiuming,REN Yong

DOI: https://doi.org/10.3969/j.issn.1000-3428.2006.14.047

2006-01-01

Abstract:Multimedia network conference is an important network application.The security support of implementing the network conference is necessary.Tiffs article firstly introduces the session initiation protocol and the inter-domain network conference model;then,it analyzes the security framework principles and presents the full design;finally,it combines the security framework with the network conference management functions and presents an example of signaling flow.

Yan Li,Guang-qiu Huang,Chun-zi Wang,Ying-chao Li,Yan Li,Guang-qiu Huang,Chun-zi Wang,Ying-chao Li

DOI: https://doi.org/10.1186/s13638-019-1506-1

2019-08-13

EURASIP Journal on Wireless Communications and Networking

Abstract:Information technology has penetrated into all aspects of politics, economy, and culture of the whole society. The information revolution has changed the way of communication all over the world, promoted the giant development of human society, and also drawn unprecedented attention to network security issues. Studies, focusing on network security, have experienced four main stages: idealized design for ensuring security, auxiliary examination and passive defense, active analysis and strategy formulation, and overall perception and trend prediction. Under the background of the new strategic command for the digital control that all countries are scrambled for, the discussion of network security situational awareness presents new characteristics both in the academic study and industrialization. In this regard, a thorough investigation has been made in the present paper into the literature of network security situational awareness. Firstly, the research status both at home and abroad is introduced, and then, the logical analysis framework is put forward concerning the network security situational awareness from the perspective of the data value chain. The whole process is composed of five successive stages: factor acquisition, model representation, measurement establishment, solution analysis, and situation prediction. Subsequently, the role of each stage and the mainstream methods are elaborated, and the application results on the experimental objects and the horizontal comparison between the methods are explained. In an attempt to provide a panoramic recognition of network security situational awareness, and auxiliary ideas for the industrialization of network security, this paper aims to provide some references for the scientific research and engineering personnel in this field.

telecommunications,engineering, electrical & electronic

Li Wei,Cai Zhongmin,Xiaohong Guan

DOI: https://doi.org/10.3321/j.issn:0253-987x.2006.10.001

2006-01-01

Abstract:An analysis method of Internet architecture security is presented by introducing the concept of access relations and access streams to show that the access control is a procedure to reduce access relations according to certain security policies in the traditional network access control. On the basis of the concept, a new scheme of data classification is proposed based on real and anonymous addresses and network addresses of the control and application data. A set of the corresponding global access control rules is established under the conditions of the openness and manageability of the uniform network, security and user privacy. The analysis of the scheme shows that the proposed method reduces access relations significantly, and the level of the Internet architecture security is increased wholly.

LI Yufeng,LAN Julong,XUE Xiangyang

DOI: https://doi.org/10.3969/j.issn.1009-6868.2011.04.007

2011-01-01

Abstract:This paper proposes a Common Security and Control Framework(CSCF) for application security,network security,information security,and behavioral security in tri-network convergence.CSCF has an independent architecture and can be operated transparently across the whole network.It treats the network link as the control object and can perform functions such as link traffic identification and link traffic analysis.It can also check and control a security problem at one point and initiate a whole-system response.CSCF is based on a distributed security and control platform with high scalability.This paper discusses the development of techniques used to establish a security system that proactively defends against threats,flexibly reacts to and blocks threats as they occur,and traces threats.

Christophe Guyeux,Abdallah Makhoul,Jacques M. Bahi

DOI: https://doi.org/10.48550/arXiv.1706.08133

2017-06-25

Distributed, Parallel, and Cluster Computing

Abstract:Wireless sensor networks are often deployed in public or otherwise untrusted and even hostile environments, which prompts a number of security issues. Although security is a necessity in other types of networks, it is much more so in sensor networks due to the resource-constraint, susceptibility to physical capture, and wireless nature. In this work we emphasize two security issues: (1) secure communication infrastructure and (2) secure nodes scheduling algorithm. Due to resource constraints, specific strategies are often necessary to preserve the network's lifetime and its quality of service. For instance, to reduce communication costs nodes can go to sleep mode periodically (nodes scheduling). These strategies must be proven as secure, but protocols used to guarantee this security must be compatible with the resource preservation requirement. To achieve this goal, secure communications in such networks will be defined, together with the notions of secure scheduling. Finally, some of these security properties will be evaluated in concrete case studies.

Xiruo Liu,Meiyuan Zhao,Sugang Li,Feixiong Zhang,Wade Trappe

DOI: https://doi.org/10.3390/fi9030027

2017-06-28

Future Internet

Abstract:The Internet of Things (IoT) is a recent trend that extends the boundary of the Internet to include a wide variety of computing devices. Connecting many stand-alone IoT systems through the Internet introduces many challenges, with security being front-and-center since much of the collected information will be exposed to a wide and often unknown audience. Unfortunately, due to the intrinsic capability limits of low-end IoT devices, which account for a majority of the IoT end hosts, many traditional security methods cannot be applied to secure IoT systems, which open a door for attacks and exploits directed both against IoT services and the broader Internet. This paper addresses this issue by introducing a unified IoT framework based on the MobilityFirst future Internet architecture that explicitly focuses on supporting security for the IoT. Our design integrates local IoT systems into the global Internet without losing usability, interoperability and security protection. Specifically, we introduced an IoT middleware layer that connects heterogeneous hardware in local IoT systems to the global MobilityFirst network. We propose an IoT name resolution service (IoT-NRS) as a core component of the middleware layer, and develop a lightweight keying protocol that establishes trust between an IoT device and the IoT-NRS.

Xin Lu,Ruochen Dong,Qing Wang,Lizhe Zhang

DOI: https://doi.org/10.3390/electronics12071665

IF: 2.9

2023-04-01

Electronics

Abstract:With the continuous expansion of air traffic flow, the increasingly serious aviation network security threats have a significant and far-reaching impact on the safe operation of the aviation industry. The networked air traffic management (ATM) system is an integrated space–air–ground network integrating communication, network, satellite, and data chain technology, which adopts a network-centric structure to provide network-enabled services and applications for the air transportation system. In view of the serious network threats faced by networked ATM, this paper studies the basic theories and key technologies of ATM information security assurance and designs a credible security architecture to provide comprehensive and systematic security assurance for networked ATM. Starting from the problems and development trend of ATM security assurance, this paper investigates the dynamic and complex data processing process of ATM system, analyzes the complex interaction between its cyber and physical system, and then constructs the networked ATM cyber–physical fusion system model and threat model. Furthermore, the causal relationship between ATM security threat alert information is mapped into a Bayesian network, and the game model of networked ATM is proposed using Bayesian Nash equilibrium strategy. At last, the information security assurance architecture of networked ATM system based on blockchain technology is formed by establishing a distributed co-trust mechanism and multi-chain storage structure. We expect this paper to bring some inspiration to the related research in academia and aviation so as to provide useful reference for the construction of ATM safety and security system and the development of technology.

engineering, electrical & electronic,computer science, information systems,physics, applied

Kalpana Sharma,M.K. Ghose,Kuldeep

DOI: https://doi.org/10.48550/arXiv.0908.0122

2009-08-02

Abstract:Security concern for a Sensor Networks and level of security desired may differ according to application specific needs where the sensor networks are deployed. Till now, most of the security solutions proposed for sensor networks are layer wise i.e a particular solution is applicable to single layer itself. So, to integrate them all is a new research challenge. In this paper we took up the challenge and have proposed an integrated comprehensive security framework that will provide security services for all services of sensor network. We have added one extra component i.e. Intelligent Security Agent (ISA) to assess level of security and cross layer interactions. This framework has many components like Intrusion Detection System, Trust Framework, Key Management scheme and Link layer communication protocol. We have also tested it on three different application scenarios in Castalia and Omnet++ simulator.

Cryptography and Security

Ahmed I. Al-Darwish,Pilsung Choe

DOI: https://doi.org/10.1007/978-3-030-22351-9_15

2019-01-01

Abstract: Information systems support organizations to achieve strategic competitiveness over other organizations and assist senior management in the decision-making process. In addition, they help organizations in timely implementation of projects and effective risk management. A reliable and coherent Information System requires a solid security framework that ensures Confidentiality, Integrity, Availability, Authenticity and Auditability of the critical information assets; therefore, managing security is essential for organizations doing business in a globally networked and competitive environment whilst seeking to achieve their objectives and goals and ensuring the continuity of business. This paper provides an integrated framework that classifies and holistic view of challenges in Information Security Systems, and their interrelationships. The framework is expected to provide a basis that can be used to evaluate individual organizational members’ behavior and the adequateness of existing security measures.

Abid Ali,Abdul Mateen,Abdul Hanan,Farhan Amin

DOI: https://doi.org/10.3390/technologies10030060

2022-05-12

Technologies

Abstract:The stimulus to carry out this research was to identify and propose a secure framework for the Internet of Things (IoT). Due to the massive accessibility and interconnection of IoT devices, systems are at risk of being exploited by hackers. Therefore, there is a need to find an advanced security framework that covers data security, data confidentiality, and data integrity issues. The study uses a systematic literature review (SLR) technique and complete substantive literature is reviewed to find out the constructs and themes in the existing literature. We performed it in four steps, which were inclusion, eligibility, screening, and identification. We reviewed around 568 articles from well-reputable journals, and after exclusion, 260 articles and 54 reports were analyzed. We performed an analysis using MAXQDA in which the nodes and themes were first identified. After the classification, a qualitative model was generated using MAXQDA. The proposed model is supported by the literature so it will be useful for the IT managers, developers, and the users of IoT.

Yixin Jiang,Yunan Zhang,Jinchao Xiao,Weihan Wang,Dongying Feng

DOI: https://doi.org/10.1117/12.2680492

2023-01-01

Abstract:Under the background of "carbon peak and carbon neutrality", the scale of the power grid is increasingly expanding, the intelligence level of the power grid is continually improving, and the dependence of the power system on the communication network is increasingly increasing. The existing power communication network has numerous problems, such as network architecture, upper business support, network operation and maintenance management. This paper first introduces the development status and conceptual principles of SDN (Software Defined Network), based on the advantages and disadvantages of SDN architecture, the common attack types and defense methods are introduced. By combining the advantages of SDN architecture and traditional power communication network, a new security defense framework of power communication network is designed. Finally, a new power communication scheme with open, numerical control separation and controller centralized management is constructed, and the new power communication scheme is summarized and prospected.

Hao YIN,Dongchao GUO,Yongqiang LYU,Peng YANG,Zhiwei ZHAO,Yaoxue ZHANG

DOI: https://doi.org/10.1360/n112017-00171

2019-01-01

Abstract:Cyberspace security is vital to state interest. Recently, there are some challenges in cyber security. In architecture for instance, although protection mechanisms are introduced and applied everywhere, the modern network architecture (well connected and open) still has difficulty in completely ensuring cyber security. It is also observed that contemporary cyber security protection mechanism highly depends on the priori information of security threats and thus will hardly address unknown potential threats. In this paper, a novel cyberspace security protection framework is proposed. A dual-structural Internet scheme that integrates the current Internet architecture with a redundant secondary structure network characterized by its broad-storage scheme, heterogeneous structure, and dynamic protection mechanism is introduced. Also, a novel active defense mechanism that is knowledge-data driven and thus independent of the priori information of the security threat is proposed. Furthermore, some key techniques such as transparent access and prepositive active defense are introduced. The theoretical and technical work proposed in this paper offers a comprehensively evolutionary solution to constructing a cyberspace in which the protection mechanism is more independent and active.

Ali Nadim Alhaj,Narottam Das Patel,Ajeet Singh,Rohit Kumar Bondugula,Mohsin Furkh Dar,Jameel Ahamed

DOI: https://doi.org/10.1504/ijsnet.2024.141613

2024-09-28

International Journal of Sensor Networks

Abstract:The rapid expansion of networks has given rise to numerous challenges and issues. In recent years, one idea that has captivated researchers is segregating the forwarding and control levels, which emerged with software-defined networking (SDN) frameworks. Despite centralised management and network administration advantages, SDN networks have encountered several issues, with safety and reliability being the most prominent. This paper proposes a comprehensive robust security architecture for SDN networks that consists of modular components. Each module addresses a specific security challenge, and by integrating these security solutions, we aim to establish a cohesive security framework for SDN. Furthermore, we propose a robust security algorithm capable of effectively mitigating critical security attacks such as DDoS, ARP, and MITM. Our approach involves developing a multi-level security algorithm to counteract most DDoS attacks, while also devising a real-time algorithm specifically designed to handle ARP attacks, including request-replay-ARP DoS attacks.

computer science, information systems,telecommunications