Evaluating the Effectiveness of Zero Trust Architecture in Protecting Against Advanced Persistent Threats by Pushpendra Kumar Verma, Bharat Singh, Preety, Shubham Kumar Sharma, Rakesh Prasad Joshi

“…As a paradigm shift in network security, the idea of Zero Trust Architecture has attracted a lot of attention recently. …”
Get full text

Research on network risk assessment based on attack graph of expected benefits-rate by Wenfu LIU, Jianmin PANG, Xin ZHOU, Nan LI, Feng YUE

“…As Internet applications and services become more and more extensive, the endless network attacks lead to great risks and challenges to the security of information systems.As a model-based network security risk analysis technology, attack graph is helpful to find the vulnerability between network nodes and the harm of being attacked.It has been proved to be an effective method to find and prevent network security risks.Attack graph is mainly divided into state-based attack graph and attribute-based attack graph.Due to the problem of state explosion in state-based attack graph, most researchers prefer the attribute-based attack graph for network risk assessment.In view of the existing researches on attribute-based attack graph, they excessively rely on the vulnerability of network nodes and the essential attributes of atomic attack.However, they ignore that rational attackers usually choose specific attack paths by maximizing attack benefits.Then, a network risk assessment framework and a quantification method of attack benefits-rate based on expected benefits-rate attack graph were proposed.The network risk assessment framework took the open vulnerability resource database, the new vulnerabilities found by the vulnerability mining system and the big data related to network attack and defense as the basic data source.The network risk assessment framework also took the open source big data platform as the analysis tool to mine and calculate the elements related to attack cost and attack benefit.Using the concepts of cost, benefit and benefit-rate in economics, the calculation model of expected benefit-rate of atomic attack was constructed.By constructing the attribute-based attack graph of the target network, the expected benefit-rate of atomic attack on the attack path was calculated, and the expected benefit-rate list of all possible attack paths was generated.Furthermore, taking the expected goal as the starting point, the search was carried out according to the specific optimization strategy (backtracking method, greedy algorithm, dynamic programming).And the complete attack path with the maximum benefit-rate was obtained, which provided the basis for network risk assessment.The simulation results show the effectiveness and rationality of the proposed expected benefit-rate attack graph network risk assessment method, which can provide support for discovering and preventing network security problems.…”
Get full text

Construction of DDoS attacks malicious behavior knowledge base construction by Feiyang LIU, Kun LI, Fei SONG, Huachun ZHOU

“…Aiming at the problem of insufficient research on the knowledge base of distributed denial of service (DDoS) network attacks, a method for constructing a knowledge base of DDoS attacks malicious behavior was proposed.The knowledge base was constructed based on the knowledge graph, and contains two parts: a malicious traffic detection database and a network security knowledge base.The malicious traffic detection database detects and classifies malicious traffic caused by DDoS attacks, the network security knowledge base detects DDoS attacks from traffic characteristics and attack frameworks model malicious behaviors, and perform inference, tracing and feedback on malicious behaviors.On this basis, a distributed knowledge base was built based on the DDoS open threat signaling (DOTS) protocol to realize the functions of data transmission between distributed nodes, DDoS attack defense, and malicious traffic mitigation.The experimental results show that the DDoS attack malicious behavior knowledge base can effectively detect and mitigate the malicious traffic caused by DDoS attacks at multiple gateways, and has the knowledge update and reasoning function between the distributed knowledge bases, showing good scalability.…”
Get full text

Research on the trusted environment of container cloud based on the TPCM by Guojie LIU, Jianbiao ZHANG, Ping YANG, Zheng LI

“…Container technology is a lightweight operating system virtualization technology that is widely used in cloud computing environments and is a research hotspot in the field of cloud computing.The security of container technology has attracted much attention.A method for constructing a trusted environment of container cloud using active immune trusted computing was proposed, and its security meet the requirements of network security level protection standards.First, container cloud servers were measured through the TPCM and a trust chain from the TPCM to the container's operating environment was established.Then, by adding the trusted measurement agent of the container to the TSB, the trusted measurement and trusted remote attestation of the running process of the container were realized.Finally, an experimental prototype based on Docker and Kubernetes and conduct experiments were built.The experimental results show that the proposed method can ensure the credibility of the boot process of the cloud server and the running process of the container and meet the requirements of the network security level protection standard evaluation.…”
Get full text

Application of blockchain in urban rail traffic edge computing network by Gaochang XIE, Hua LU, Qinqin TANG, Han ZHU, Chenghao LIANG, Wen WEN, Renchao XIE

“…Multi-access edge computing (MEC) can provide high-quality service capabilities for computing-intensive services and delay-sensitive services in urban rail traffic.However, many edge facilities in rail traffic edge computing network are exposed to an open environment, and their privacy protection and transmission security are facing great challenges.Blockchain has functional characteristics such as distributed ledger, consensus mechanism, smart contract, and decentralized application.Therefore, the use of blockchain can build a systematic security protection mechanism for the distributed rail traffic edge computing network to ensure network security and data security and realize high-quality urban rail traffic services.Firstly, the basic concept of the blockchain and the urban rail traffic edge computing network architecture were introduced.Then, the structure and application content of the rail traffic edge computing network security protection mechanism integrated with the blockchain was discussed in detail.Finally, the open research issues and challenges of the security protection mechanism were analyzed.…”
Get full text

Survey on network topology visualization by Song WANG, Ye ZHANG, Yadong WU

“…As the basis of network monitoring,network management,and network security situation awareness,network topology visualization plays an underlying role in reflecting the whole state of the network and discovering the potential rules in the network topology.The basic content of network topology visualization was introduced and the main challenges in the research of network topology visualization were summarized from two aspects:the internal characteristics of network data and the point of the applied demand angle of the users.A top-down VPI model for network topology visualization and analysis drawing from the experience of domain experts by analyzing and understanding the nodes and connection status of network topology,having an insight into the potential laws of topological information like performance bottleneck,network security,time-varying characteristics and so on.This model includes vision,procedure,and interaction.According to the VPI model,visualization methods based on perception enhance were summarized from three aspects:enhancement of visual perception,enhancement of time-varied procedure and enhancement of exploratory interaction.Finally,future development trend of those topics were discussed combined with application demand.…”
Get full text

Using statistical traffic analysis to calculate the confidential means of information transmission by Нух Таха Насіф

“…Honeypot is an activity-based network security system that can be a logical addition to the passive detection policies used by the IDS. …”
Get full text

ASD-YOLO: a lightweight network for coffee fruit ripening detection in complex scenarios by Baofeng Ye, Baofeng Ye, Renzheng Xue, Renzheng Xue, Haiqiang Xu, Haiqiang Xu

Get full text

Effectiveness Evaluation of Random Forest, Naive Bayes, and Support Vector Machine Models for KDDCUP99 Anomaly Detection Based on K-means Clustering by Zhang Majun

“…K-means clustering technique is applied as a preprocessing step to enhance the overall quality of network intrusion detection and maximize the accuracy of the network security measures. The goal is to identify anomalies with high accuracy. …”
Get full text

Anomaly Detection in Network Traffic Using Advanced Machine Learning Techniques by Stephanie Ness, Vishwanath Eswarakrishnan, Harish Sridharan, Varun Shinde, Naga Venkata Prasad Janapareddy, Vineet Dhanawat

“…Anomaly detection in network traffic is a critical aspect of network security, particularly in defending against the increasing sophistication of cyber threats. …”
Get full text

Multiple redundant flow fingerprint model based on time slots by Kexian LIU, Jianfeng GUAN, Wancheng ZHANG, Zhikai HE, Dijia YAN

“…With the increasingly widespread use of the Internet, various network security problems are frequently exposed, while the “patching” style security enhancement mechanisms cannot effectively prevent the growing security risks.The researchers in the field of network security believe that the future Internet architecture should take security as a basic attribute to provide the native security support which is also called as endogenous safety and security.In order to support the data trustworthiness of endogenous security, a time-slot based multiple redundant flow fingerprint model was designed and implemented based on the research of the watermark (or fingerprint) mechanism.The proposed model used only three time slot intervals and operated the packets within the specified time slots, so that the fingerprint can be embedded without conflicting with the adjacent bit operations.Redundant coding was introduced to improve the fingerprint robustness, and the behaviors such as jitter or malicious disruptions by attackers in the network were considered.Furthermore, the impacts of delayed interference, spam packet interference and packet loss interference were analyzed.The analytical results show that the robustness of the fingerprint model improves with increasing redundant bits when the packet distribution in the network stream is given.Besides, in order to reduce the consumption of time and space and improve the efficiency and accuracy of packet operations, a flow fingerprinting prototype system was designed and implemented based on the kernel, and its efficiency and robustness were evaluated.The experimental result show that the model has high robustness.Additionally, the application scenario of the model was elaborated, which can effectively detect man-in-the-middle attacks and prevent network identity spoofing with the help of the flow fingerprinting model.…”
Get full text

Java deserialization vulnerability defense technologybased on run-time detection by LI Yulin, CHEN Libo, LIU Yujiang, DU Wenlong, XUE Zhi

“…Consequently, developing strategies to counter Java deserialization vulnerability attacks has become a critical aspect of network security. Following an examination of numerous publicly known Java deserialization vulnerabilities, a runtime detection-based defense technology solution for Java deserialization vulnerabilities was proposed. …”
Get full text

Survey of software anomaly detection based on deception by Jianming FU, Chang LIU, Mengfei XIE, Chenke LUO

“…Advanced persistent threats (APT) will use vulnerabilities to automatically load attack code and hide attack behavior, and exploits code reuse to bypass the non-executable stack ＆amp; heap protection, which is an essential threat to network security.Traditional control flow integrity and address space randomization technologies have effectively prevented the pace of APT.However, the complexity of the software and the evolution of attacks make the software still being vulnerable.For this reason, deception defense with resources as bait is an indispensable supplement for network security.The trapping mechanism consists of bait design and attack detection, which infer possible unauthorized access or malicious attacks by sensing the interaction behavior with the bait.According to the three types of bait, which are file, data and code, the automatic construction scheme of bait is designed and deployed, and the effectiveness of bait is measured from the aspects of believability, detectability and enticement, etc.Ransom ware detection based on deception defense focuses on the deployment location of bait files, and in the area of vulnerability detection, code reuse attacks are detected by injecting bait code.Research work related to the implementation of deception defense in each phase of APT attacks was introduced, and the mechanism of deception defense from bait type, bait generation, bait deployment, and bait measurement was described.Simultaneously, deception defense applications in ransom ware detection, vulnerability detection, and Web security were analyzed.In response to the shortcomings of existing ransom ware detection research in terms of bait file design and deployment, a dynamic update method of bait for ransom ware detection was proposed.The deception defense challenges were discussed and hoped that deception defense can provide theoretical and technical support for discovering unknown attacks and attack attribution.…”
Get full text

Identifying and Ranking Security Indicators in Online Social Networks with an MADM Technique by Hamed Fathi, Alireza Amini

“…Then, the relationship between the identified indicators and online social network security was investigated using the Spearman correlation test. …”
Get full text

Optimization of Rendering Parameters of Cesium 3DTiles Model Based on Differential Evolution Algorithm by Doujun Zhang, Yong Wu, Youcong Ni, Tinghuang Zhang, Chenxiang Gao

Get full text

An Adaptive Intrusion Detection System for Evolving IoT Threats: An Autoencoder-FNN Fusion by J. Jasmine Shirley, M. Priya

“…The AE-FNN model’s high accuracy, robustness, and scalability position it as a valuable tool in securing interconnected IoT ecosystems, making it an important advancement in network security.…”
Get full text

Connotation and practice of the integration of academic field based on Bourdieu’s theory——taking the cultivation of cyberspace security talents as an example by Qian ZHOU, Haiping HUANG, Le WANG, Yanchun ZHANG, Fu XIAO

“…The deployment of network security has become a crucial strategy for the development of modern nations, with skilled professionals serving as the core driving force behind cybersecurity efforts.Cultivating cybersecurity talents and fostering team building are essential for China's talent reserves and strategic capital accumulation.With economic globalization, 0-day vulnerabilities have constantly emerged in information systems, attack chains have become increasingly complex, threat targets were difficult to detect, and hidden viruses varied over time.Talents trained by traditional universities for network security were unable to adapt to innovative production and practical activities in the new fields, as it was confined to their training structure system.In order to break through the shackles of the internal administrative structure and traditional curriculum system of universities, and ease the contradiction between the uncertainty of cyberspace security situation and the standardization of talent cultivation, the talent cultivation models based on Bourdieu's theory were studied, the fusion meaning of cultural capital in the academic field was analyzed and three practical standards were put forward in terms of teaching content, cultivation model and teaching opportunity of cyberspace security talents in combination with the actual cases of the “Fang class”.In terms of education content, standards and open knowledge systems were established to meet the differentiated needs of students.The mentorship approach was employed to construct habitus, fostering students’ ability to adapt flexibly to problems by adopting different cognitive thinking modes.Favorable teaching opportunities were utilized by tutors in various roles to promote efficient integration of individuals and fields, helping students establish a valuable and stable mindset.By leveraging Bourdieu's theory to explore the integration path of academic fields, it has leveraged the advantages of independently cultivating high-quality talents, vigorously promoting technological innovation and the healthy ecological development of the industry.…”
Get full text

Detection and diagnosis of unknown threats in power equipment using machine learning and Spark technology by Li Di, Cen Chen, Zhuo Lv, Mingyan Li, Nuannuan Li, Hao Chang

“…This approach allows for more efficient and accurate detection of unknown threat attacks on power grid equipment, providing robust network security for power systems. Our findings offer a new theoretical perspective for the evolving field of network security.…”
Get full text

Research on key management scheme for military vehicle network by Junjie LIU, Jia ZHAO, Qiang ZHANG, Jiqiang LIU, Lei HAN

“…A scheme of military vehicle network security based on the hierarchical tree structure was proposed,which could improve communication efficiency and security of military vehicle network key management.The proposed scheme provides a good solution to solve the key management in military vehicle network communication.…”
Get full text

Review of domestic and international financial security by Lian-peng LI, Hong LUO

“…Based on financial informatization, financial information security concept, current major risks to financial information security in domestic and international were overviewed and summarized, including network security, data security and business & services continuity, etc. …”
Get full text