共查询到20条相似文献,搜索用时 20 毫秒
1.
随着移动自组织网络在各个领域内得到广泛的使用,其安全性研究显得越来越重要。DDoS攻击给有线网络造成了很大的威胁,同样也威胁到了移动自组织网络的安全性。由于移动自组织网络和有线网络存在着结构型差异,因此移动自组织网络中的DDoS攻击研究与有线网络中的DDoS攻击研究有较大的不同。论文首先描述了移动自组织网络的安全状况;然后从移动自组织网络的网络架构出发,分别分析移动自组织网络中针对物理层、MAC层、网络层以及传输层的DDoS攻击,同时总结针对不同网络层次的攻击所需要采取的防御措施;最后为移动自组织网络建设过程中就如何防范DDoS攻击提出参考意见。 相似文献
2.
随着Internet的发展,DDoS攻击成为了当今企业应用实实在在的威胁,更为严重的是现在尚无完全令人满意的防护手段;以典型的DDoS攻击为案例,针对运营商的网络安全现状,在系统分析现有的常规防御技术手段的基础上,结合相关安全管理策略,设计了一套涉及预防、监控/识别、安全加固调整和恢复等关键环节的综合抵御DDoS攻击安全解决方案;实际运行表明,按照本方案防护的系统在DDoS攻击实施时仍然能够提供正常的服务。 相似文献
3.
孔令飞 《网络安全技术与应用》2010,(7):8-10,13
本文针对网络安全风险控制的特点,系统的阐述了网络威胁中的分布式拒绝服务攻击(DDoS)的技术原理和分类,从风险控制的角度对构建DDoS攻击防御体系以及所使用的技术和方法进行了设计和分析。 相似文献
4.
分布式拒绝服务(DDoS)攻击一直是互联网的主要威胁之一,在软件定义网络(SDN)中会导致控制器资源耗尽,影响整个网络正常运行。针对SDN网络中的DDoS攻击问题,文章设计并实现了一种两级攻击检测与防御方法。基于控制器北向接口采集交换机流表数据并提取直接特征和派生特征,采用序贯概率比检验(Sequential Probability Ratio Test,SPRT)和轻量级梯度提升机(LightGBM)设计两级攻击检测算法,快速定位攻击端口和对攻击类型进行精准划分,通过下发流表规则对攻击流量进行实时过滤。实验结果表明,攻击检测模块能够快速定位攻击端口并对攻击类型进行精准划分,分类准确率达到98%,攻击防御模块能够在攻击发生后2 s内迅速下发防御规则,对攻击流量进行过滤,有效保护SDN网络的安全。 相似文献
5.
DDoS攻击是当今网络包括下一代网络IPv6中最严重的威胁之一,提出一种基于流量自相似的IPv6的实时检测方法。分别采用改进的WinPcap实现流数据的实时捕获和监测,和将Whittle ML方法首次应用于DDoS攻击检测。针对Hurst估值方法的选择和引入DDoS攻击流的网络进行对比仿真实验,结果表明:Hurst估值相对误差,Whittle ML方法比小波变换减少0.07%;检测到攻击的误差只有0.042%,准确性达99.6%;增强了DDoS攻击检测的成功率和敏感度。 相似文献
6.
7.
《Information Security Journal: A Global Perspective》2013,22(5-6):276-291
ABSTRACTRapid development in mobile devices and cloud computing technologies has increased the number of mobile services from different vendors on the cloud platform. However, users of these services are facing different security and access control challenges due to the nonexistence of security solutions capable of providing secure access to these services, which are from different vendors, using a single key. An effective security solution for heterogeneous Mobile Cloud Computing (MCC) services should be able to guarantee confidentiality and integrity through single key-based authentication scheme. Meanwhile, a few of the existing authentication schemes for MCC services require different keys to access different services from different vendors on a cloud platform, thus increases complexity and overhead incurred through generation and storage of different keys for different services.In this paper, an efficient mutual authentication scheme for accessing heterogeneous MCC services is proposed. The proposed scheme combines the user’s voice signature with cryptography operations to evolve efficient mutual authentication scheme devoid of key escrow problem and allows authorized users to use single key to access the heterogeneous MCC services at a reduced cost. 相似文献
8.
Jianxin LiAuthor Vitae Bo LiAuthor Vitae K.P. LamAuthor Vitae 《Future Generation Computer Systems》2012,28(2):379-390
As the sizes of IT infrastructure continue to grow, cloud computing is a natural extension of virtualisation technologies that enable scalable management of virtual machines over a plethora of physically connected systems. The so-called virtualisation-based cloud computing paradigm offers a practical approach to green IT/clouds, which emphasise the construction and deployment of scalable, energy-efficient network software applications (NetApp) by virtue of improved utilisation of the underlying resources. The latter is typically achieved through increased sharing of hardware and data in a multi-tenant cloud architecture/environment and, as such, accentuates the critical requirement for enhanced security services as an integrated component of the virtual infrastructure management strategy. This paper analyses the key security challenges faced by contemporary green cloud computing environments, and proposes a virtualisation security assurance architecture, CyberGuarder, which is designed to address several key security problems within the ‘green’ cloud computing context. In particular, CyberGuarder provides three different kinds of services; namely, a virtual machine security service, a virtual network security service and a policy based trust management service. Specifically, the proposed virtual machine security service incorporates a number of new techniques which include (1) a VMM-based integrity measurement approach for NetApp trusted loading, (2) a multi-granularity NetApp isolation mechanism to enable OS user isolation, and (3) a dynamic approach to virtual machine and network isolation for multiple NetApp’s based on energy-efficiency and security requirements. Secondly, a virtual network security service has been developed successfully to provide an adaptive virtual security appliance deployment in a NetApp execution environment, whereby traditional security services such as IDS and firewalls can be encapsulated as VM images and deployed over a virtual security network in accordance with the practical configuration of the virtualised infrastructure. Thirdly, a security service providing policy based trust management is proposed to facilitate access control to the resources pool and a trust federation mechanism to support/optimise task privacy and cost requirements across multiple resource pools. Preliminary studies of these services have been carried out on our iVIC platform, with promising results. As part of our ongoing research in large-scale, energy-efficient/green cloud computing, we are currently developing a virtual laboratory for our campus courses using the virtualisation infrastructure of iVIC, which incorporates the important results and experience of CyberGuarder in a practical context. 相似文献
9.
Multimedia Tools and Applications - Multimedia computing has evolved as a remarkable technology which provides services to view, create, edit, process, and search multimedia contents. All these... 相似文献
10.
11.
WAPM:适合广域分布式计算的并行编程模型 总被引:1,自引:0,他引:1
早期的MPI与OpenMP等编程模型由于扩展性限制或并行粒度的差异而不适合于大规模的广域动态Internet环境.提出了一个用于广域网络范围内的并行编程模型(WAPM),为应用的分布式计算的编程提供了一个新的可行解决方案.WAPM由通信库、通信协议和应用编程接口组成,并且具有通用编程、自适应并行、容错性等特点,通过选择合适的编程语言,就可形成一个广域范围内的并行程序设计环境.以分布式计算平台P2HP为工作平台,描述了WAPM分布式计算的实施过程.实验结果表明,WAPM是一个通用的、可行的、性能较好的编程模型. 相似文献
12.
RRM: An incentive reputation model for promoting good behaviors in distributed systems 总被引:1,自引:0,他引:1
Reputation systems represent soft security mechanisms that complement traditional information security mechanisms. They are now widely used in online e-commerce markets and communities in order to stimulate good behaviors as well as to restrain adverse behaviors. This paper analyzes the limitations of the conversational reputation models and proposes an incentive reputation model called the resilient reputation model (RRM) for the distributed reputation systems. The objective of this reputation model is not only to encourage the users to provide good services and, therefore, to maximize the probability of good transaction outcomes, but also to punish those adverse users who are trying to manipulate the application systems. The simulation results indicate that the proposed reputation model (RRM) could effectively resist against the common adverse behaviors, while protecting the profits of sincere users from being blemished by those adversaries. 相似文献
13.
《Information Security Journal: A Global Perspective》2013,22(4):213-225
ABSTRACT As business systems are getting interconnected, the importance of security is growing at an unprecedented pace. To protect information, strong security measures need to be implemented and continuously updated and monitored to ensure their promise against present and future security breaches. However, the growth of networked systems and the increasing availability of sophisticated hacking tools make the task of securing business systems challenging. To enhance the security strength and to justify any investment in security-related products, it becomes mandatory to assess the security measures in place and estimate the level of security provided by them. The existing standards to certify the strength of a security system are qualitative, lack consideration of the countermeasures and do not consider the impact of security breaches. Consequently, there is a need for an alternative approach to estimate the security strength of a system in a quantitative manner. This paper aims to provide an extensible framework called iMeasure Security (iMS) that quantifies the security strength of an enterprise system by considering the countermeasures deployed in its network, analyzes the business impact of the security breaches, and provides insights as to how the level of security can be improved from current levels. 相似文献
14.
15.
为了提高移动网络中心云计算存储数据访问和安全监测能力,提出一种基于深度学习和交叉编译控制的移动网络中心云计算存储数据访问安全自动监测系统设计方法。采用混合属性数据模糊加权聚类方法进行移动网络中心云计算存储数据的优化访问控制模型设计,根据云计算存储数据之间的属性相似度进行离散化数值属性分解,提取移动网络中心云计算存储数据的混合属性特征量,根据最小化云存储数据访问成本为代价进行移动网络中心云计算存储数据访问的安全监测。结合深度学习方法进行数据访问的自适应控制,在交叉编译环境下实现云计算存储数据访问安全自动监测系统开发设计。测试结果表明,采用该方法进行移动网络中心云计算存储数据访问的安全性较好,自动化控制能力较强。 相似文献
16.
Content-Centric Networking (CCN) is an emerging paradigm being considered as a possible replacement for the current IP-based host-centric Internet infrastructure. In CCN, named content – rather than addressable hosts – becomes a first-class entity. Content is therefore decoupled from its location. This allows, among other things, the implementation of ubiquitous caching. 相似文献
17.
As the Internet flourishes, online advertising becomes essential for marketing campaigns for business applications. To perform a marketing campaign, advertisers provide their advertisements to Internet publishers and commissions are paid to the publishers of the advertisements based on the clicks made for the posted advertisements or the purchases of the products of which advertisements posted. Since the payment given to a publisher is proportional to the amount of clicks received for the advertisements posted by the publisher, dishonest publishers are motivated to inflate the number of clicks on the advertisements hosted on their web sites. Since the click frauds are critical for online advertising to be reliable, the online advertisers make the efforts to prevent them effectively. However, the methods used for click frauds are also becoming more complex and sophisticated. 相似文献
18.
19.
In this paper, we define a new homomorphic signature for identity management in mobile cloud computing. A mobile user firstly computes a full signature on all his sensitive personal information (SPI), and stores it in a trusted third party (TTP). During the valid period of his full signature, if the user wants to call a cloud service, he should authenticate him to the cloud service provider (CSP) through TTP. In our scheme, the mobile user only needs to send a {0,1}n vector to the access controlling server (TTP). The access controlling server who doesn?t know the secret key can compute a partial signature on a small part of user?s SPI, and then sends it to the CSP. We give a formal secure definition of this homomorphic signature, and construct a scheme from GHR signature. We prove that our scheme is secure under GHR signature. 相似文献
20.
N. R. Esfahani 《International journal of control》2016,89(5):960-983
In this paper, an active distributed (also referred to as semi-decentralised) fault recovery control scheme is proposed that employs inaccurate and unreliable fault information into a model-predictive-control-based design. The objective is to compensate for the identified actuator faults that are subject to uncertainties and detection time delays, in the attitude control subsystems of formation flying satellites. The proposed distributed fault recovery scheme is developed through a two-level hierarchical framework. In the first level, or the agent level, the fault is recovered locally to maintain as much as possible the design specifications, feasibility, and tracking performance of all the agents. In the second level, or the formation level, the recovery is carried out by enhancing the entire team performance. The fault recovery performance of our proposed distributed (semi-decentralised) scheme is compared with two other alternative schemes, namely the centralised and the decentralised fault recovery schemes. It is shown that the distributed (semi-decentralised) fault recovery scheme satisfies the recovery design specifications and also imposes lower fault compensation control effort cost and communication bandwidth requirements as compared to the centralised scheme. Our proposed distributed (semi-decentralised) scheme also outperforms the achievable performance capabilities of the decentralised scheme. Simulation results corresponding to a network of four precision formation flight satellites are also provided to demonstrate and illustrate the advantages of our proposed distributed (semi-decentralised) fault recovery strategy. 相似文献