基于攻击意图的复合攻击预测方法研究

入侵检测系统仅能检测到攻击,但不能预测攻击者下一步的攻击.分析了基于攻击行为预测方法的不足,提出了一种基于攻击意图的复合攻击预测方法.该方法使用抽象的攻击意图表示复合攻击,采用扩展的有向图表达攻击意图间的逻辑关系,建立了攻击匹配的攻击意图框架,在复合攻击预测算法中引入了攻击检测度和攻击匹配度两个概念.最后,通过实验验证了该方法的有效性.     

察打型无人机攻击航迹控制算法研究

固定翼无人机自身携带激光制导导弹进行对地攻击,需要自身携带的光电转台稳定跟踪目标并进行激光照射,指引导弹命中目标。为满足光电转台稳定跟踪目标的角速度限制及导弹可发射的限制条件,设计一种新型的航迹控制算法。利用基于李雅普诺夫向量场的导航算法,实现无人机从盘旋搜索到发现目标后转入导弹可攻击区并实施攻击的自动航迹控制,并保证无人机在调整姿态的同时光电转台稳定跟踪目标。利用某察打型无人机进行飞行验证,结果证明设计的算法能够较好完成无人机的攻击航迹控制,保证导弹发射。     

信任攻击建模方法

针对信任环境系统中存在的客观弱点和主观弱点,使用弱点利用规则和信任关系盗用规则来描述信任关系状态之间的转移过程,构建了信任攻击模型TAM。在该模型中,攻击者将客观弱点用于信任级别的提升,将主观弱点用于信任关系传递,将主、客观弱点的综合利用将导致信任关系的渗透与扩散,从而可导致攻击可达距离更大;提出了复杂度为多项式时间的TAM信任关系传递闭包生成算法,该算法可以给出当前弱点状态下的所有信任攻击路径。通过对真实弱点的建模,证明此模型可以对信任的安全性进行综合分析,生成信任攻击图、信任攻击路径等详细信息,展示攻击者和信任主体之间的交互过程,对攻击特征有更好的描述能力,帮助管理者预测所有可能的信任攻击,进而为相应的安全措施的制定提供依据。     

Internet attack mechanisms

Current media is filled with theoretical attacks, vulnerabilities and malicious activities, but the problems that make the news are rarely the ones that result in the common, day to day losses. A Mitnick might be able to mount an obscure sequencing attack against a perceived adversary, but such attacks will fall against virtually any firewall since it depends on a network finding nothing wrong with an internal machine suddenly appearing on the outside. Similarly, a SATAN/SANTA attack will quickly reveal holes but only if you happen to be running Unix with RPC and NFS active. This is not to say that such attacks are not common, just that they require a specific configuration to exist at the attackee's site.     

Blackhole attack: user identity and password seize attack using honeypot

Although the advance of ICT serves convenient lives, the adverse effect lies behind. Attacks such as spreading malicious code and luring users to fake websites via SMS or E-mail using social engineering have often occurred. Phishing, pharming, and smishing are getting diversified recently. The authentication of most websites is processed by simply using ID and password is the reason why the attack methods have been changing. Internet users are vulnerable in the process of authentication because they set and use an identical ID and similar password on different websites. This study discusses the length-related password vulnerability and introduces the method with which a hacker lures Internet users and seizes the users’ ID and password as well as password generation pattern. The paper also suggests that an additional and improved process is necessary to prevent various attacks like seizing account by the attacker.     

基于攻击描述语言的计算机网络攻击演练研究*

提出攻击描述语言(CNADL)面向攻击树建模,采用上下文无关文法设计,描述攻击企图、特征和步骤,由解释器生成相应操作的命令交互执行.基于CNADL在GTNets仿真平台上开发攻击演练系统.实验结果表明,基于CNADL的攻击演练系统能有效地刻画攻击特征,实现了拒绝服务、蠕虫、口令窃取和IP欺骗四种攻击仿真.     

When spammers attack!

Why the convergence of viruses and spam gives security experts a big headache     

White-box attack context cryptovirology

This paper presents the use of cryptographic mechanisms that are suited to the white box attack context (the attacker is supposed to have full control of the target program’s execution environment) and as we will demonstrate, to a viral context. Use of symmetric and asymmetric cryptography by viruses has been popularized by polymorphic viruses and cryptoviruses. The latter are specialized in extorsion. New cryptographic mechanisms, corresponding to a particular implementation of traditional (black box) cryptography have been recently designed to ensure the deep protection of legitimate applications. These mechanisms can be misappropriated and used for the purpose of doing extorsion. We evaluate these new cryptographic primitives and discuss their (mis)use in a viral context.     

Attribution of attack trees

An attack tree is a useful analytical technique to model security threats and/or risks, and hence model attacks as actual realizations of the former. Research on attack trees have focused either on applying such trees to model various ranges of security systems, or on advancements to this technique in itself. In this paper, we revisit the notion of attack tree attribution, i.e. how explicit attribute values of child nodes are aggregated to form the attribute of the parent node, and propose a novel attribution approach. We then show using this approach within the context of analyzing the weakest links of security systems, how the weakest link may not necessarily always be so, but instead it depends on the existence of other stronger links within the system.     

AES的差分－代数攻击

差分－代数攻击是一种新的攻击方法,此方法结合了差分分析和代数攻击的思想。差分分析和代数攻击都是对高级加密标准（AES）最有效的攻击算法之一。对差分－代数如何在AES中应用进行了分析,并成功地应用此方法对5轮AES-256进行了攻击,使之比穷尽攻击更有效。     

Timing attack on NoC-based systems: Prime+Probe attack and NoC-based protection

Many authors have shown how to break the AES cryptographic algorithm with side channel attacks; specially the timing attacks oriented to caches, like Prime+Probe. In this paper, we present two practical timing attacks on NoC that improve Prime+Probe technique, the P+P Firecracker, and P+P Arrow. Our attacks target the communication between an ARM Cortex-A9 core and a shared cache memory. Furthermore, we evaluate a secure enhanced NoC as a countermeasure against the timing attack. Finally, we demonstrate that attacks on MPSoCs through the NoC are a real threat and need to be further explored.     

Risk-based attack strategies for mobile ad hoc networks under probabilistic attack modeling framework

In this paper, we introduce and design a modeling framework that allows for the study and analysis of attack propagation in mobile ad hoc networks. The choice of a statistical approach for the problem is motivated by the dynamic characteristics of the ad hoc topology and the stochastic nature of threat propagation. Based on this probabilistic modeling framework, we study the impact of topology and mobility in the propagation of software threats over ad hoc networks. We design topology control algorithms that indicate how to properly adjust an attacker’s transmission radius, according to the measured topological characteristics and availability of its resources, in the process of infecting a network more effectively. Then based on these topology control algorithms we develop different attack strategies that may range from independent attacks to cooperative scenarios in order to increase the negative impact of an attack on the network. Our performance evaluation results demonstrate that the proposed topology control algorithms and respective attack strategies effectively balance the tradeoffs between the potential network damage and the attackers’ lifetime, and as a result significantly outperform any other flat and threshold-based approaches.     

De-anonymization attack on geolocated data

With the advent of GPS-equipped devices, a massive amount of location data is being collected, raising the issue of the privacy risks incurred by the individuals whose movements are recorded. In this work, we focus on a specific inference attack called the de-anonymization attack, by which an adversary tries to infer the identity of a particular individual behind a set of mobility traces. More specifically, we propose an implementation of this attack based on a mobility model called Mobility Markov Chain (MMC). An MMC is built out from the mobility traces observed during the training phase and is used to perform the attack during the testing phase. We design several distance metrics quantifying the closeness between two MMCs and combine these distances to build de-anonymizers that can re-identify users. Experiments conducted on real datasets demonstrate that the attack is both accurate and resilient to sanitization mechanisms.     

对Py的一种改进的区分攻击

提出了对流密码算法的一种改进的区分攻击方法。首先利用隐Markov模型给出了有效计算的输出序列在一个特定的事件发生的情况下的条件分布的公式,并由此构造了一个“最优”区分器,在区分优势和目前最有效的区分攻击相同的情况下,所需密钥流长度缩短为原来的1/3.2。