网络安全主动管理模型研究与实现

随着网络应用业务的扩展,网络安全问题刻不容缓,首先分析了目前在网络安全管理方面存在的不足,即安全管理软件在突发事件中的滞后性。在此基础提出网络安全主动管理模型,该模型引入主动理念,结合智能移动代理技术,针对目前存在的问题实现对重要网络安全事件及其设备的安全监控;并采用了基于短信服务（SMS）的消息收发机制,实现基于信息传送的网络安全主动管理模型,详细介绍了该模型的功能模块及其实现算法。     

基于安全基片的可重构网络安全管控机制

对下一代互联网安全体系架构进行了分析探讨,重点研究了已有网络体系架构的特点及面临的安全挑战,界定了可重构网络体系的安全目标,并提出了基于安全基片的可重构网络安全管控机制。同时,给出了安全基片定义以及基于安全基片的可重构网络安全模型,并对多级安全等级的安全服务构造、基于安全基片动态构建安全服务等可重构网络安全管控的关键环节进行了深入阐述。     

网络安全与防范

随着计算机网络技术的发展,网络安全成为一个突出的问题。介绍了计算机网络安全的概念和现状,从分析网络安全的缺陷入手,介绍了网络安全的防范技术;着重探讨了入侵检测技术。入侵检测是网络和信息系统安全中的重要技术手段。对该技术的概念、功能与标准、分类、主要方法及特点进行了综述,对目前一些结合计算智能的入侵检测方法做了概括性的分析,并探讨了一种基于人体免疫原理的分布式智能入侵检测系统模型并描述了其工作流程。人工免疫系统作为新型的计算智能系统,在计算机安全领域得到了广泛应用。从生物免疫机制入手,分析了目前人工免疫系统在计算机安全领域的应用及常用免疫算法应用于安全领域具有的主要优点和存在的不足。     

基于大数据分析的智能电网安全态势感知

先进的通信和数据处理技术为智能电网带来了巨大的好处,但是也将网络安全威胁从信息系统扩展到智能电网。很多网络安全威胁会对智能电网产生巨大影响扰乱其正常运行,且难以被及时发现。为解决这一问题,文中提出了一种基于智能电网大数据分析的安全态势感知机制。该机制采用模糊聚类的分析方法、博弈论和机器学习算法,实现对智能电网的安全态势的智能分析。实验结果表明了该机制能够较为准确地量化评估智能电网的安全风险值。     

基于改进BiLSTM-CRF模型的网络安全知识图谱构建

针对网络安全领域的图谱构建任务,基于BiLSTM-CRF模型引入了外部网络安全词典来加强网络安全文本的特征,并结合多头注意力机制提取多层特征,最终在网络安全数据集取得了更优异的结果。利用企业内部的日常网络运维数据,设计并构建了一个面向企业网络安全运维管理的知识图谱,为后续进一步研究基于图谱的企业网络安全智能决策等应用奠定基础。     

基于定量安全风险评估模型的网络安全管理平台

分析了当前主要网络安全产品的局限性,阐述了建设网络安全管理平台的必要性,在此基础上介绍了一种基于定量安全风险评估模型的网络安全管理平台;讨论了系统架构、定量安全风险模型和系统安全机制等系统实现中的关键技术问题及其解决方法.     

混合密码算法在水利信息传输中的应用

对称密码和非对称密码相结合的混合密码算法以其较快的速度和较高的强度提供了信息的完整性和保密性等功能,在基于VPN的网络安全中起着重要的作用.研究讨论该混合加密算法的实现机制,并在VC+ +6.0平台下进行编程已实现该算法.通过系统安全性分析和工程实践检验,基于AES和ECC的混和加密算法比传统的DES算法和RSA 算法具有更高的安全性,可有效地满足VPN网络对数据传输的安全需求.     

扩展的基于STAT的网络安全监控系统

针对目前网络安全工具孤立使用，缺乏协调统一的网络安全监控机制的现状，论文提出了一个基于STAT的网络安全监控平台。它采用统一的事件格式，使用数据聚合技术减少冗余报警，多因素风险评估算法计算单事件的威胁，基于统计的风险评估算法评估网络安全态势，使管理者了解网络的安全状况及薄弱环节，进而及时采取有效的防护措施。     

基于信任度权衡的无线传感器网络安全研究

在其他人的研究基础上,总结出了无线传感器网络当前存在的安全问题,并根据自身的研究成果,提出了一种基于信任度权衡的无线传感器网络访问机制模型,详细阐述了该模型的相关原理、实验方法及结论,为无线传感器网络安全研究提供了一种新思路。     

基于MSEM的工业网络安全防护系统研究

文章提出基于MSEM(Manager,Security and Entity Mode)的工业网络安全防护模型,它在传统纵深防御理论的基础上,将工业网络划分为实体对象、安全对象和管理对象,并增加了对象间的协同防御机制;同时依托该模型,实现基于协同防御架构的工业网络安全防护系统,提升了工业网络安全防护能力。     

基于贝叶斯攻击图的SDN安全预测方法

现有研究者采用威胁建模和安全分析系统的方法评估和预测软件定义网络（software defined network, SDN）安全威胁,但该方法未考虑SDN控制器的漏洞利用概率以及设备在网络中的位置,安全评估不准确。针对以上问题,根据设备漏洞利用概率和设备关键度结合PageRank算法,设计了一种计算SDN中各设备重要性的算法;根据SDN攻击图和贝叶斯理论设计了一种度量设备被攻击成功概率的方法。在此基础上设计了一种基于贝叶斯攻击图的SDN安全预测算法,预测攻击者的攻击路径。实验结果显示,该方法能够准确预测攻击者的攻击路径,为安全防御提供更准确的依据。     

DDoS attack detection and defense based on hybrid deep learning model in SDN

Software defined network (SDN) is a new kind of network technology,and the security problems are the hot topics in SDN field,such as SDN control channel security,forged service deployment and external distributed denial of service (DDoS) attacks.Aiming at DDoS attack problem of security in SDN,a DDoS attack detection method called DCNN-DSAE based on deep learning hybrid model in SDN was proposed.In this method,when a deep learning model was constructed,the input feature included 21 different types of fields extracted from the data plane and 5 extra self-designed features of distinguishing flow types.The experimental results show that the method has high accuracy,it’s better than the traditional support vector machine (SVM) and deep neural network (DNN) and other machine learning methods.At the same time,the proposed method can also shorten the processing time of classification detection.The detection model is deployed in SDN controller,and the new security policy is sent to the OpenFlow switch to achieve the defense against specific DDoS attack.     

SeC‐SDWSN: Secure cluster‐based SDWSN environment for QoS guaranteed routing in three‐tier architecture

Software defined wireless sensor network (SDWSN) is a recent evolution in networking that improves network performance and scalability. However, Quality of Service (QoS) and security are major the issues in SDWSN due to inefficient route selection (traffic load minimization algorithm) and insecure cryptography scheme (homomorphic algorithm). This paper proposes novel three‐tier architecture for secure cluster‐based SDWSN (SeC‐SDWSN) environment to ensure QoS and security for WSN using SDN. In the first tier, sensor nodes are segregated into multiple clusters by secure hash tree‐based clustering (SHTC) algorithm. Within each secure cluster, data transmission is performed through optimal route selected by adaptive spider monkey optimization (ASMO) algorithm in which two new fitness factors (F₁, F₂ ) are formulated by multiple QoS metrics. For data security, parallel advanced encryption standard with cipher block chaining (PAES‐CBC) algorithm is proposed. Aggregated ciphertext is transmitted to optimal switch in the second tier by using fuzzy weighted technique for order preference by similarity to ideal solution (FW‐TOPSIS) algorithm according to selection criteria. Switches forward the data to sink node based on flow rules deployed by SDN controllers in the third tier. SDN controllers provide global view on the entire network and deploy flow rules on switches in accordance to network status and security level. Extensive simulation in ns‐3 shows that the proposed three‐tier architecture achieves 5% throughput improvement, 7.8% PDR improvement, and 16% energy consumption improvement.     

基于元能力的SDN功能组合机制

软件定义网络（SDN, software-defined network）促进了控制逻辑的快速创新,使控制逻辑模块化和模块组合机制成为SDN的热点研究方向之一。为了在功能模块统一定义和规范划分的基础上实现网络功能组合,首先,从可重构网络引入“元能力”作为SDN控制功能模块划分的原子要素,提出一种基于元能力建模的统一资源描述方法;其次,针对网络功能灵活组合问题,提出了一种基于二级映射的元能力组合模型并给出其启发式算法;最后,为实现元能力组合,设计了作为SDN应用层扩展结构的元能力编排层,并给出基于NetFPGA-10G平台的原型实现。仿真实验与结果表明所提功能组合机制提高了组合效率及节点资源利用率。     

SDN based network resource selection multi-objective optimization algorithm

For the problem of coexistence of different resource utility objectives and mutual influence of resource selection strategies in the complex structure of software-defined network (SDN),an SDN based network resource selection multi-objective optimization algorithm was proposed.The optimization goals of resource providers and clients were taken into account in the algorithm,and a resource selection multi-objective optimization model was constructed.The model was further solved by the reference vector based multi-objective optimization algorithm.Simulation results show that compared with other algorithms,the proposed algorithm could quickly converge to the uniformly distributed non-inferior solution set,and balance the optimization objects of multi-party in SDN based resource access management.     

一种基于SDN的开放SaaS平台网络安全体系设计

为解决开放软件即服务（SaaS）平台下的网络安全问题,将软件定义网络（SDN）与开放SaaS平台建设相结合,提出了一种基于SDN的开放SaaS平台网络安全体系设计思路。在对系统物理模型、功能模型与协同模型进行分析的基础上,设计了系统体系结构,分析了体系构成关键要素,给出了系统典型应用示例。基于SDN开展SaaS平台网络安全系统建设,对提高系统的安全性与开放性、构建满足用户个性化需求的网络安全体系具有重要意义。     

Efficient distributed traffic offloading algorithm based on SDN architecture

For addressing the problem of mobile data traffic offloading,network service cost minimization problem model was proposed,which considered the cost of base stations and the consumption of access points under the SDN architecture.Due to the defects of convergence speed and privacy security in the traffic offloading algorithm based on dual decomposition,the traffic offloading algorithm based on proximal Jacobian ADMM was proposed and an implementation scheme to ensure the privacy and security was designed.Meanwhile,the simulation results show that the algorithm based on the proximal Jacobian ADMM is superior to the dual decomposition algorithm in terms of convergence speed.     

SR架构下的软件定义信息中心网络概率路由策略

传统的TCP/IP路由以IP地址为中心,信息传输效率低下,难以满足网络用户需求.信息中心网络(Information-Centric Network,ICN)开始成为研究热点,ICN以内容为中心,可以高效传输信息.为了利用软件定义网络(Software Defined Network,SDN)和分段路由技术的优势,提高...     

Pluggable SDN framework for managing heterogeneous SDN networks

Software‐defined networking (SDN) is a new network paradigm that is separating the data plane and the control plane of the network, making one or more centralized controllers to supervise the behaviour of the entire network. Different types of SDN controller software exist, and research dealing with the difficulties of consistently integrating these different controller types has mostly been declared future work. In this paper, the Domino framework is proposed, a pluggable SDN framework for managing heterogeneous SDN networks. In contrast to related work, the proposed framework allows research into SDN networks controlled by different types of SDN controllers attempting to standardize the northbound API of them. Domino implements a microservice plugin architecture where users can link different SDN networks to a processing algorithm. Such an algorithm allows for, eg, adapting the flows by building a pipeline using plugins that either invoke other SDN operations or generic data processing algorithms. The Domino framework is evaluated by implementing a proof‐of‐concept implementation, which is tested on the initial requirements. It achieves the modifiability and the interoperability with an average successful exchange ratio of 99.99%. The performance requirements are met for the frequently used commands with an average response time of 0.26 seconds, and the framework can handle at least 72 plugins simultaneously depending on the available amount of RAM. The proposed framework is evaluated by means of the implementation of a shortest path routing algorithm between heterogeneous SDN networks.     

软件定义网络安全研究

软件定义网络（SDN）采用控制和转发的分离架构,使研究者可以通过软件实现任意的网络控制逻辑,而不需对网络设备本身进行修改,具备极强的灵活性,已经在路由决策、网络虚拟化、无线接入、云计算数据中心网络等领域得到研究和应用,成为一项热点技术。但SDN在蓬勃发展的同时,也引入了新的安全风险,带来新的安全问题。另一方面,SDN也给传统安全技术以冲击,带来创新的网络安全应用发展的机会。鉴于此,结合SDN网络架构的特点综述了SDN安全的研究现状,包括SDN安全风险分析和安全技术及应用,并思考了SDN对信息安全的意义。