Visible to the public Biblio

Filters: Keyword is Communication networks  [Clear All Filters]
2020-07-24
CUI, A-jun, Fu, Jia-yu, Wang, Wei, Zhang, Hua-feng.  2019.  Construction of Network Active Security Threat Model Based on Offensive and Defensive Differential Game. 2019 12th International Conference on Intelligent Computation Technology and Automation (ICICTA). :289—294.
Aiming at the shortcomings of the traditional network active security threat model that cannot continuously control the threat process, a network active security threat model based on offensive and defensive differential game is constructed. The attack and defense differential game theory is used to define the parameters of the network active security threat model, on this basis, the network security target is determined, the network active security threat is identified by the attack defense differential equation, and finally the network active security threat is quantitatively evaluated, thus construction of network active security threat model based on offensive and defensive differential game is completed. The experimental results show that compared with the traditional network active security threat model, the proposed model is more feasible in the attack and defense control of the network active security threat process, and can achieve the ideal application effect.
2020-07-20
Huang, Rui, Wang, Panbao, Zaery, Mohamed, Wei, Wang, Xu, Dianguo.  2019.  A Distributed Fixed-Time Secondary Controller for DC Microgrids. 2019 22nd International Conference on Electrical Machines and Systems (ICEMS). :1–6.

This paper proposes a distributed fixed-time based secondary controller for the DC microgrids (MGs) to overcome the drawbacks of conventional droop control. The controller, based on a distributed fixed-time control approach, can remove the DC voltage deviation and provide proportional current sharing simultaneously within a fixed-time. Comparing with the conventional centralized secondary controller, the controller, using the dynamic consensus, on each converter communicates only with its neighbors on a communication graph which increases the convergence speed and gets an improved performance. The proposed control strategy is simulated in PLECS to test the controller performance, link-failure resiliency, plug and play capability and the feasibility under different time delays.

2020-06-15
Chen, JiaYou, Guo, Hong, Hu, Wei.  2019.  Research on Improving Network Security of Embedded System. 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/ 2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom). :136–138.
With the continuous development of information technology, our country has achieved great progress and development in Electronic Science and technology. Nowadays mobile embedded systems are gradually coming into people's vision. Mobile embedded system is a brand-new computer technology in the current computer technology. Now it has been widely used in enterprises. Mobile embedded system extends its functions mainly by combining the access capability of the Internet. Nowadays, embedded system network is widely welcomed by people. But for the embedded system network, there are also a variety of network attacks. Therefore, in the research process of this paper, we mainly start with the way of embedded network security and network attack, and then carry out the countermeasures to improve the network security of embedded system, which is to provide a good reference for improving the security and stability of embedded system.
2020-06-08
Huang, Jiamin, Lu, Yueming, Guo, Kun.  2019.  A Hybrid Packet Classification Algorithm Based on Hash Table and Geometric Space Partition. 2019 IEEE Fourth International Conference on Data Science in Cyberspace (DSC). :587–592.
The emergence of integrated space-ground network (ISGN), with more complex network conditions compared with tradition network, requires packet classification to achieve high performance. Packet classification plays an important role in the field of network security. Although several existing classification schemes have been proposed recently to improve classification performance, the performance of these schemes is unable to meet the high-speed packet classification requirement in ISGN. To tackle this problem, a hybrid packet classification algorithm based on hash table and geometric space partition (HGSP) is proposed in this paper. HGSP falls into two sections: geometric space partition and hash matching. To improve the classification speed under the same accuracy, a parallel structure of hash table is designed to match the huge packets for classifying. The experimental results demonstrate that the matching time of HGSP algorithm is reduced by 40%-70% compared with traditional Hicuts algorithm. Particularly, with the growth of ruleset, the advantage of HGSP algorithm will become more obvious.
2020-06-01
Mohd Ariffin, Noor Afiza, Mohd Sani, Noor Fazlida.  2018.  A Multi-factor Biometric Authentication Scheme Using Attack Recognition and Key Generator Technique for Security Vulnerabilities to Withstand Attacks. 2018 IEEE Conference on Application, Information and Network Security (AINS). :43–48.
Security plays an important role in many authentication applications. Modern era information sharing is boundless and becoming much easier to access with the introduction of the Internet and the World Wide Web. Although this can be considered as a good point, issues such as privacy and data integrity arise due to the lack of control and authority. For this reason, the concept of data security was introduced. Data security can be categorized into two which are secrecy and authentication. In particular, this research was focused on the authentication of data security. There have been substantial research which discusses on multi-factor authentication scheme but most of those research do not entirely protect data against all types of attacks. Most current research only focuses on improving the security part of authentication while neglecting other important parts such as the accuracy and efficiency of the system. Current multifactor authentication schemes were simply not designed to have security, accuracy, and efficiency as their main focus. To overcome the above issue, this research will propose a new multi-factor authentication scheme which is capable to withstand external attacks which are known security vulnerabilities and attacks which are based on user behavior. On the other hand, the proposed scheme still needs to maintain an optimum level of accuracy and efficiency. From the result of the experiments, the proposed scheme was proven to be able to withstand the attacks. This is due to the implementation of the attack recognition and key generator technique together with the use of multi-factor in the proposed scheme.
2020-05-08
Su, Chunmei, Li, Yonggang, Mao, Wen, Hu, Shangcheng.  2018.  Information Network Risk Assessment Based on AHP and Neural Network. 2018 10th International Conference on Communication Software and Networks (ICCSN). :227—231.
This paper analyzes information network security risk assessment methods and models. Firstly an improved AHP method is proposed to assign the value of assets for solving the problem of risk judgment matrix consistency effectively. And then the neural network technology is proposed to construct the neural network model corresponding to the risk judgment matrix for evaluating the individual risk of assets objectively, the methods for calculating the asset risk value and system risk value are given. Finally some application results are given. Practice proves that the methods are correct and effective, which has been used in information network security risk assessment application and offers a good foundation for the implementation of the automatic assessment.
Zhang, Xu, Ye, Zhiwei, Yan, Lingyu, Wang, Chunzhi, Wang, Ruoxi.  2018.  Security Situation Prediction based on Hybrid Rice Optimization Algorithm and Back Propagation Neural Network. 2018 IEEE 4th International Symposium on Wireless Systems within the International Conferences on Intelligent Data Acquisition and Advanced Computing Systems (IDAACS-SWS). :73—77.
Research on network security situation awareness is currently a research hotspot in the field of network security. It is one of the easiest and most effective methods to use the BP neural network for security situation prediction. However, there are still some problems in BP neural network, such as slow convergence rate, easy to fall into local extremum, etc. On the other hand, some common used evolutionary algorithms, such as genetic algorithm (GA) and particle swarm optimization (PSO), easily fall into local optimum. Hybrid rice optimization algorithm is a newly proposed algorithm with strong search ability, so the method of this paper is proposed. This article describes in detail the use of BP network security posture prediction method. In the proposed method, HRO is used to train the connection weights of the BP network. Through the advantages of HRO global search and fast convergence, the future security situation of the network is predicted, and the accuracy of the situation prediction is effectively improved.
Zhang, Shaobo, Shen, Yongjun, Zhang, Guidong.  2018.  Network Security Situation Prediction Model Based on Multi-Swarm Chaotic Particle Optimization and Optimized Grey Neural Network. 2018 IEEE 9th International Conference on Software Engineering and Service Science (ICSESS). :426—429.
Network situation value is an important index to measure network security. Establishing an effective network situation prediction model can prevent the occurrence of network security incidents, and plays an important role in network security protection. Through the understanding and analysis of the network security situation, we can see that there are many factors affecting the network security situation, and the relationship between these factors is complex., it is difficult to establish more accurate mathematical expressions to describe the network situation. Therefore, this paper uses the grey neural network as the prediction model, but because the convergence speed of the grey neural network is very fast, the network is easy to fall into local optimum, and the parameters can not be further modified, so the Multi-Swarm Chaotic Particle Optimization (MSCPO)is used to optimize the key parameters of the grey neural network. By establishing the nonlinear mapping relationship between the influencing factors and the network security situation, the network situation can be predicted and protected.
CUI, A-jun, Li, Chen, WANG, Xiao-ming.  2019.  Real-Time Early Warning of Network Security Threats Based on Improved Ant Colony Algorithm. 2019 12th International Conference on Intelligent Computation Technology and Automation (ICICTA). :309—316.
In order to better ensure the operation safety of the network, the real-time early warning of network security threats is studied based on the improved ant colony algorithm. Firstly, the network security threat perception algorithm is optimized based on the principle of neural network, and the network security threat detection process is standardized according to the optimized algorithm. Finally, the real-time early warning of network security threats is realized. Finally, the experiment proves that the network security threat real-time warning based on the improved ant colony algorithm has better security and stability than the traditional warning methods, and fully meets the research requirements.
Wang, Dongqi, Shuai, Xuanyue, Hu, Xueqiong, Zhu, Li.  2019.  Research on Computer Network Security Evaluation Method Based on Levenberg-Marquardt Algorithms. 2019 International Conference on Communications, Information System and Computer Engineering (CISCE). :399—402.
As we all know, computer network security evaluation is an important link in the field of network security. Traditional computer network security evaluation methods use BP neural network combined with network security standards to train and simulate. However, because BP neural network is easy to fall into local minimum point in the training process, the evalu-ation results are often inaccurate. In this paper, the LM (Levenberg-Marquard) algorithm is used to optimize the BP neural network. The LM-BP algorithm is constructed and applied to the computer network security evaluation. The results show that compared with the traditional evaluation algorithm, the optimized neural network has the advantages of fast running speed and accurate evaluation results.
Guan, Chengli, Yang, Yue.  2019.  Research of Computer Network Security Evaluation Based on Backpropagation Neural Network. 2019 IEEE International Conference on Power, Intelligent Computing and Systems (ICPICS). :181—184.
In recent years, due to the invasion of virus and loopholes, computer networks in colleges and universities have caused great adverse effects on schools, teachers and students. In order to improve the accuracy of computer network security evaluation, Back Propagation (BP) neural network was trained and built. The evaluation index and target expectations have been determined based on the expert system, with 15 secondary evaluation index values taken as input layer parameters, and the computer network security evaluation level values taken as output layer parameter. All data were divided into learning sample sets and forecasting sample sets. The results showed that the designed BP neural network exhibited a fast convergence speed and the system error was 0.000999654. Furthermore, the predictive values of the network were in good agreement with the experimental results, and the correlation coefficient was 0.98723. These results indicated that the network had an excellent training accuracy and generalization ability, which effectively reflected the performance of the system for the computer network security evaluation.
2020-05-04
de Sá, Alan Oliveira, Carmo, Luiz Fernando Rust da C., Santos Machado, Raphael C..  2019.  Countermeasure for Identification of Controlled Data Injection Attacks in Networked Control Systems. 2019 II Workshop on Metrology for Industry 4.0 and IoT (MetroInd4.0 IoT). :455–459.
Networked Control Systems (NCS) are widely used in Industry 4.0 to obtain better management and operational capabilities, as well as to reduce costs. However, despite the benefits provided by NCSs, the integration of communication networks with physical plants can also expose these systems to cyber threats. This work proposes a link monitoring strategy to identify linear time-invariant transfer functions performed by a Man-in-the-Middle during controlled data injection attacks in NCSs. The results demonstrate that the proposed identification scheme provides adequate accuracy when estimating the attack function, and does not interfere in the plant behavior when the system is not under attack.
Zou, Zhenwan, Chen, Jia, Hou, Yingsa, Song, Panpan, He, Ling, Yang, Huiting, Wang, Bin.  2019.  Design and Implementation of a New Intelligent Substation Network Security Defense System. 2019 IEEE 4th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC). 1:2709–2713.
In order to enhance the network security protection level of intelligent substation, this paper puts forward a model of intelligent substation network security defense system through the analysis of intelligent substation network security risk and protection demand, and using example proved the feasibility and effectiveness of the defense system. It is intelligent substation network security protection provides a new solution.
Jie, Bao, Liu, Jingju, Wang, Yongjie, Zhou, Xuan.  2019.  Digital Ant Mechanism and Its Application in Network Security. 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). :710–714.
Digital ant technology is a new distributed and self-organization cyberspace defense paradigm. This paper describes digital ants system's developing process, characteristics, system architecture and mechanisms to illustrate its superiority, searches the possible applications of digital ants system. The summary of the paper and the trends of digital ants system are pointed out.
2020-04-03
Luo, Xueting, Lu, Yueming.  2019.  A Method of Conflict Detection for Security Policy Based on B+ Tree. 2019 IEEE Fourth International Conference on Data Science in Cyberspace (DSC). :466-472.

Security policy is widely used in network management systems to ensure network security. It is necessary to detect and resolve conflicts in security policies. This paper analyzes the shortcomings of existing security policy conflict detection methods and proposes a B+ tree-based security policy conflict detection method. First, the security policy is dimensioned to make each attribute corresponds to one dimension. Then, a layer of B+ tree index is constructed at each dimension level. Each rule will be uniquely mapped by multiple layers of nested indexes. This method can greatly improve the efficiency of conflict detection. The experimental results show that the method has very stable performance which can effectively prevent conflicts, the type of policy conflict can be detected quickly and accurately.

2020-03-23
Kern, Alexander, Anderl, Reiner.  2019.  Securing Industrial Remote Maintenance Sessions using Software-Defined Networking. 2019 Sixth International Conference on Software Defined Systems (SDS). :72–79.
Many modern business models of the manufacturing industry use the possibilities of digitization. In particular, the idea of connecting machines to networks and communication infrastructure is gaining momentum. However, in addition to the considerable economic advantages, this development also brings decisive disadvantages. By connecting previously encapsulated industrial networks with untrustworthy external networks such as the Internet, machines and systems are suddenly exposed to the same threats as conventional IT systems. A key problem today is the typical network paradigm with static routers and switches that cannot meet the dynamic requirements of a modern industrial network. Current security solutions often only threat symptoms instead of tackling the cause. In this paper we will therefore analyze the weaknesses of current networks and security solutions using the example of industrial remote maintenance. We will then present a novel concept of how Software-Defined Networking (SDN) in combination with a policy framework that supports attribute-based access control can be used to meet current and future security requirements in dynamic industrial networks. Furthermore, we will introduce an examplary implementation of this novel security framework for the use case of industrial remote maintenance and evaluate the solution. Our results show that SDN in combination with an Attribute-based Access Control (ABAC) policy framework is perfectly suited to increase flexibility and security of modern industrial networks at the same time.
2020-03-18
Zhang, Ruipeng, Xu, Chen, Xie, Mengjun.  2019.  Powering Hands-on Cybersecurity Practices with Cloud Computing. 2019 IEEE 27th International Conference on Network Protocols (ICNP). :1–2.
Cybersecurity education and training have gained increasing attention in all sectors due to the prevalence and quick evolution of cyberattacks. A variety of platforms and systems have been proposed and developed to accommodate the growing needs of hands-on cybersecurity practice. However, those systems are either lacking sufficient flexibility (e.g., tied to a specific virtual computing service provider, little customization support) or difficult to scale. In this work, we present a cloud-based platform named EZSetup for hands-on cybersecurity practice at scale and our experience of using it in class. EZSetup is customizable and cloud-agnostic. Users can create labs through an intuitive Web interface and deploy them onto one or multiple clouds. We have used NSF funded Chameleon cloud and our private OpenStack cloud to develop, test and deploy EZSetup. We have developed 14 network and security labs using the tool and included six labs in an undergraduate network security course in spring 2019. Our survey results show that students have very positive feedback on using EZSetup and computing clouds for hands-on cybersecurity practice.
2020-03-09
López-Vizcaíno, Manuel, Cacheda, Fidel, Novoa, Franciso J., Carneiro, Víctor.  2019.  Metrics and Techniques for Early Detection in Communication Networks. 2019 14th Iberian Conference on Information Systems and Technologies (CISTI). :1–3.

Nowadays, communication networks have a high relevance in any field. Because of this, it is necessary to maintain them working properly and with an adequate security level. In many fields, and in anomaly detection in communication networks in particular, it results really convenient the use of early detection methods. Therefore, adequate metrics must be defined to allow the correct evaluation of methods applied in relation to time delay in the detection. In this thesis the definition of time-aware metrics for early detection anomaly techniques evaluation.

2020-03-02
Tootaghaj, Diman Zad, La Porta, Thomas, He, Ting.  2019.  Modeling, Monitoring and Scheduling Techniques for Network Recovery from Massive Failures. 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM). :695–700.

Large-scale failures in communication networks due to natural disasters or malicious attacks can severely affect critical communications and threaten lives of people in the affected area. In the absence of a proper communication infrastructure, rescue operation becomes extremely difficult. Progressive and timely network recovery is, therefore, a key to minimizing losses and facilitating rescue missions. To this end, we focus on network recovery assuming partial and uncertain knowledge of the failure locations. We proposed a progressive multi-stage recovery approach that uses the incomplete knowledge of failure to find a feasible recovery schedule. Next, we focused on failure recovery of multiple interconnected networks. In particular, we focused on the interaction between a power grid and a communication network. Then, we focused on network monitoring techniques that can be used for diagnosing the performance of individual links for localizing soft failures (e.g. highly congested links) in a communication network. We studied the optimal selection of the monitoring paths to balance identifiability and probing cost. Finally, we addressed, a minimum disruptive routing framework in software defined networks. Extensive experimental and simulation results show that our proposed recovery approaches have a lower disruption cost compared to the state-of-the-art while we can configure our choice of trade-off between the identifiability, execution time, the repair/probing cost, congestion and the demand loss.

2020-02-18
Lin, Gengshen, Dong, Mianxiong, Ota, Kaoru, Li, Jianhua, Yang, Wu, Wu, Jun.  2019.  Security Function Virtualization Based Moving Target Defense of SDN-Enabled Smart Grid. ICC 2019 - 2019 IEEE International Conference on Communications (ICC). :1–6.

Software-defined networking (SDN) allows the smart grid to be centrally controlled and managed by decoupling the control plane from the data plane, but it also expands attack surface for attackers. Existing studies about the security of SDN-enabled smart grid (SDSG) mainly focused on static methods such as access control and identity authentication, which is vulnerable to attackers that carefully probe the system. As the attacks become more variable and complex, there is an urgent need for dynamic defense methods. In this paper, we propose a security function virtualization (SFV) based moving target defense of SDSG which makes the attack surface constantly changing. First, we design a dynamic defense mechanism by migrating virtual security function (VSF) instances as the traffic state changes. The centralized SDN controller is re-designed for global status monitoring and migration management. Moreover, we formalize the VSF instances migration problem as an integer nonlinear programming problem with multiple constraints and design a pre-migration algorithm to prevent VSF instances' resources from being exhausted. Simulation results indicate the feasibility of the proposed scheme.

2020-02-17
Zhao, Guowei, Zhao, Rui, Wang, Qiang, Xue, Hui, Luo, Fang.  2019.  Virtual Network Mapping Algorithm for Self-Healing of Distribution Network. 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). :1442–1445.
This paper focuses on how to provide virtual network (VN) with the survivability of node failure. In the SVNE that responds to node failures, the backup mechanism provided by the VN initial mapping method should be as flexible as possible, so that backup resources can be shared among the VNs, thereby providing survivability support for the most VNs with the least backup overhead, which can improve The utilization of backup resources can also improve the survivability of VN to deal with multi-node failures. For the remapping method of virtual networks, it needs to be higher because it involves both remapping of virtual nodes and remapping of related virtual links. The remapping efficiency, so as to restore the affected VN to a normal state as soon as possible, to avoid affecting the user's business experience. Considering that the SVNE method that actively responds to node failures always has a certain degree of backup resource-specific phenomenon, this section provides a SVNE method that passively responds to node failures. This paper mainly introduces the survivability virtual network initial mapping method based on physical node recoverability in this method.
Liu, Xiaobao, Wu, Qinfang, Sun, Jinhua, Xu, Xia, Wen, Yifan.  2019.  Research on Self-Healing Technology for Faults of Intelligent Distribution Network Communication System. 2019 IEEE 3rd Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). :1404–1408.
The intelligent power communication network is closely connected with the power system, and carries the data transmission and intelligent decision in a series of key services in the power system, which is an important guarantee for the smart power service. The self-healing control (SHC) of the distribution network monitors the data of each device and node in the distribution network in real time, simulates and analyzes the data, and predicts the hidden dangers in the normal operation of the distribution network. Control, control strategies such as correcting recovery and troubleshooting when abnormal or fault conditions occur, reducing human intervention, enabling the distribution network to change from abnormal operating state to normal operating state in time, preventing event expansion and reducing the impact of faults on the grid and users.
Chen, Lu, Ma, Yuanyuan, SHAO, Zhipeng, CHEN, Mu.  2019.  Research on Mobile Application Local Denial of Service Vulnerability Detection Technology Based on Rule Matching. 2019 IEEE International Conference on Energy Internet (ICEI). :585–590.
Aiming at malicious application flooding in mobile application market, this paper proposed a method based on rule matching for mobile application local denial of service vulnerability detection. By combining the advantages of static detection and dynamic detection, static detection adopts smali abstract syntax tree as rule matching object. This static detection method has higher code coverage and better guarantees the integrity of mobile application information. The dynamic detection performs targeted hook verification on the static detection result, which improves the accuracy of the detection result and saves the test workload at the same time. This dynamic detection method has good scalability, can be upgraded with discovery and variants of the vulnerability. Through experiments, it is verified that the mobile application with this vulnerability can be accurately found in a large number of mobile applications, and the effectiveness of the system is verified.
2020-02-10
Neema, Himanshu, Vardhan, Harsh, Barreto, Carlos, Koutsoukos, Xenofon.  2019.  Web-Based Platform for Evaluation of Resilient and Transactive Smart-Grids. 2019 7th Workshop on Modeling and Simulation of Cyber-Physical Energy Systems (MSCPES). :1–6.
Today's smart-grids have seen a clear rise in new ways of energy generation, transmission, and storage. This has not only introduced a huge degree of variability, but also a continual shift away from traditionally centralized generation and storage to distributed energy resources (DERs). In addition, the distributed sensors, energy generators and storage devices, and networking have led to a huge increase in attack vectors that make the grid vulnerable to a variety of attacks. The interconnection between computational and physical components through a largely open, IP-based communication network enables an attacker to cause physical damage through remote cyber-attacks or attack on software-controlled grid operations via physical- or cyber-attacks. Transactive Energy (TE) is an emerging approach for managing increasing DERs in the smart-grids through economic and control techniques. Transactive Smart-Grids use the TE approach to improve grid reliability and efficiency. However, skepticism remains in their full-scale viability for ensuring grid reliability. In addition, different TE approaches, in specific situations, can lead to very different outcomes in grid operations. In this paper, we present a comprehensive web-based platform for evaluating resilience of smart-grids against a variety of cyber- and physical-attacks and evaluating impact of various TE approaches on grid performance. We also provide several case-studies demonstrating evaluation of TE approaches as well as grid resilience against cyber and physical attacks.
2020-01-21
Dong, Xiao, Li, Qianmu, Hou, Jun, Zhang, Jing, Liu, Yaozong.  2019.  Security Risk Control of Water Power Generation Industrial Control Network Based on Attack and Defense Map. 2019 IEEE Fifth International Conference on Big Data Computing Service and Applications (BigDataService). :232–236.

With the latest development of hydroelectric power generation system, the industrial control network system of hydroelectric power generation has undergone the transformation from the dedicated network, using proprietary protocols to an increasingly open network, adopting standard protocols, and increasing integration with hydroelectric power generation system. It generally believed that with the improvement of the smart grid, the future hydroelectric power generation system will rely more on the powerful network system. The general application of standardized communication protocol and intelligent electronic equipment in industrial control network provides a technical guarantee for realizing the intellectualization of hydroelectric power generation system but also brings about the network security problems that cannot be ignored. In order to solve the vulnerability of the system, we analyze and quantitatively evaluate the industrial control network of hydropower generation as a whole, and propose a set of attack and defense strategies. The method of vulnerability assessment with high diversity score proposed by us avoids the indifference of different vulnerability score to the greatest extent. At the same time, we propose an optimal attack and defense decision algorithm, which generates the optimal attack and defense strategy. The work of this paper can distinguish the actual hazards of vulnerable points more effectively.