当前,分布式拒绝服务(Distributed Denial of Service,DDoS)攻击是互联网面临的十分严峻的安全威胁之一.IPv6网络考虑了IPv4网络中的诸多安全问题,但它对DDoS攻击仍未能起到很好的防护作用.针对IPv6网络中DDoS攻击的防御问题,本文设计...当前,分布式拒绝服务(Distributed Denial of Service,DDoS)攻击是互联网面临的十分严峻的安全威胁之一.IPv6网络考虑了IPv4网络中的诸多安全问题,但它对DDoS攻击仍未能起到很好的防护作用.针对IPv6网络中DDoS攻击的防御问题,本文设计了一种基于MF-DL(Membership Function and Deep Learning)的DDoS快速防御机制.该防御机制以MF-DL检测机制为核心,辅以响应机制等实现对DDoS攻击的防御功能.在检测机制中,首先使用基于隶属度函数的预检测方法,实现对网络流量数据的轻量级异常检测;接着通过基于深度学习方法中神经网络模型的深度检测,实现在异常发生后对流量进行高精度分类.在响应机制中,利用Anti-Fre响应算法实现对请求访问的IP地址进行信誉等级划分,进而实现流量定向阻断并恢复系统性能.最后,分别基于经典入侵检测数据集和校园网的模拟攻击数据集对本文提出的防御机制进行了实验.结果显示,本文提出的防御机制相比于三种对比算法,检测准确率可提高6.2%,误报率和漏报率可降低6.75%、8.46%,且能够有效处理攻击并恢复部分系统性能.展开更多
Aiming at the industry cyber-physical system(ICPS)where Denial-of-Service(DoS)attacks and actuator failure coexist,the integrated security control problem of ICPS under multi-objective constraints was studied.First,fr...Aiming at the industry cyber-physical system(ICPS)where Denial-of-Service(DoS)attacks and actuator failure coexist,the integrated security control problem of ICPS under multi-objective constraints was studied.First,from the perspective of the defender,according to the differential impact of the system under DoS attacks of different energies,the DoS attacks energy grading detection standard was formulated,and the ICPS comprehensive security control framework was constructed.Secondly,a security transmission strategy based on event triggering was designed.Under the DoS attack energy classification detection mechanism,for large-energy attacks,the method based on time series analysis was considered to predict and compensate for lost data.Therefore,on the basis of passive and elastic response to small energy attacks,the active defense capability against DoS attacks was increased.Then by introducing the conecomplement linearization algorithm,the calculation methods of the state and fault estimation observer and the integrated safety controller were deduced,the goal of DoS attack active and passive hybrid intrusion tolerance and actuator failure active fault tolerance were realized.Finally,a simulation example of a four-capacity water tank system was given to verify the validity of the obtained conclusions.展开更多
A discussion is devoted to the design of an adaptive flight control system of the armed helicopter using wavelet neural network method. Firstly, the control loop of the attitude angle is designed with a dynamic invers...A discussion is devoted to the design of an adaptive flight control system of the armed helicopter using wavelet neural network method. Firstly, the control loop of the attitude angle is designed with a dynamic inversion scheme in a quick loop and a slow loop. respectively. Then, in order to compensate the error caused by dynamic inversion, the adaptive flight control system of the armed helicopter using wavelet neural network method is put forward, so the BP wavelet neural network and the Lyapunov stable wavelet neural network are used to design the helicopter flight control system. Finally, the typical maneuver flight is simulated to demonstrate its validity and effectiveness. Result proves that the wavelet neural network has an engineering practical value and the effect of WNN is good.展开更多
The low-rate denial of service attack is more applicable to the network in recent years as a means of attack, which is different from the traditional field type DoS attacks at the network end system or network using a...The low-rate denial of service attack is more applicable to the network in recent years as a means of attack, which is different from the traditional field type DoS attacks at the network end system or network using adaptive mechanisms exist loopholes flow through the low-rate periodic attacks on the implementation of high-efficiency attacked by an intruder and not be found, resulting in loss of user data or a computer deadlock. LDos attack since there has been extensive attention of researchers, the attack signature analysis and detection methods to prevent network security have become an important research topic. Some have been proposed for the current attacks were classified LDoS describe and model, and then in NS-2 platform for experimental verification, and then LDoS attack detection to prevent difficulties are discussed and summarized for the future such attacks detection method research work to provide a reference.展开更多
With the sharp increase of hacking attacks over the last couple of years, web application security has become a key concern. SQL injection is one of the most common types of web hacking and has been widely written and...With the sharp increase of hacking attacks over the last couple of years, web application security has become a key concern. SQL injection is one of the most common types of web hacking and has been widely written and used in the wild. This paper analyzes the principle of SQL injection attacks on Web sites, presents methods available to prevent IIS + ASP + MSSQL web applications from these kinds of attacks, including secure coding within the web application, proper database configuration, deployment of IIS. The result is verified by WVS report.展开更多
We study the attack vulnerability of network with duplication-divergence mechanism. Numerical results have shown that the duplication-divergence network with larger retention probability a is more robust against targe...We study the attack vulnerability of network with duplication-divergence mechanism. Numerical results have shown that the duplication-divergence network with larger retention probability a is more robust against target attack relatively. Furthermore, duplication-divergence network is broken down more quickly than its counterpart BA network under target attack. Such result is consistent with the fact of WWW and Internet networks under target attack. So duplication-divergence model is a more realistic one for us to investigate the characteristics of the world wide web in future. We also observe that the exponent γ of degree distribution and average degree are important parameters of networks, reflecting the performance of networks under target attack. Our results are helpful to the research on the security of network.展开更多
文摘当前,分布式拒绝服务(Distributed Denial of Service,DDoS)攻击是互联网面临的十分严峻的安全威胁之一.IPv6网络考虑了IPv4网络中的诸多安全问题,但它对DDoS攻击仍未能起到很好的防护作用.针对IPv6网络中DDoS攻击的防御问题,本文设计了一种基于MF-DL(Membership Function and Deep Learning)的DDoS快速防御机制.该防御机制以MF-DL检测机制为核心,辅以响应机制等实现对DDoS攻击的防御功能.在检测机制中,首先使用基于隶属度函数的预检测方法,实现对网络流量数据的轻量级异常检测;接着通过基于深度学习方法中神经网络模型的深度检测,实现在异常发生后对流量进行高精度分类.在响应机制中,利用Anti-Fre响应算法实现对请求访问的IP地址进行信誉等级划分,进而实现流量定向阻断并恢复系统性能.最后,分别基于经典入侵检测数据集和校园网的模拟攻击数据集对本文提出的防御机制进行了实验.结果显示,本文提出的防御机制相比于三种对比算法,检测准确率可提高6.2%,误报率和漏报率可降低6.75%、8.46%,且能够有效处理攻击并恢复部分系统性能.
基金supported by Gansu Higher Education Innovation Fund Project(No.2023B-439)。
文摘Aiming at the industry cyber-physical system(ICPS)where Denial-of-Service(DoS)attacks and actuator failure coexist,the integrated security control problem of ICPS under multi-objective constraints was studied.First,from the perspective of the defender,according to the differential impact of the system under DoS attacks of different energies,the DoS attacks energy grading detection standard was formulated,and the ICPS comprehensive security control framework was constructed.Secondly,a security transmission strategy based on event triggering was designed.Under the DoS attack energy classification detection mechanism,for large-energy attacks,the method based on time series analysis was considered to predict and compensate for lost data.Therefore,on the basis of passive and elastic response to small energy attacks,the active defense capability against DoS attacks was increased.Then by introducing the conecomplement linearization algorithm,the calculation methods of the state and fault estimation observer and the integrated safety controller were deduced,the goal of DoS attack active and passive hybrid intrusion tolerance and actuator failure active fault tolerance were realized.Finally,a simulation example of a four-capacity water tank system was given to verify the validity of the obtained conclusions.
文摘A discussion is devoted to the design of an adaptive flight control system of the armed helicopter using wavelet neural network method. Firstly, the control loop of the attitude angle is designed with a dynamic inversion scheme in a quick loop and a slow loop. respectively. Then, in order to compensate the error caused by dynamic inversion, the adaptive flight control system of the armed helicopter using wavelet neural network method is put forward, so the BP wavelet neural network and the Lyapunov stable wavelet neural network are used to design the helicopter flight control system. Finally, the typical maneuver flight is simulated to demonstrate its validity and effectiveness. Result proves that the wavelet neural network has an engineering practical value and the effect of WNN is good.
文摘The low-rate denial of service attack is more applicable to the network in recent years as a means of attack, which is different from the traditional field type DoS attacks at the network end system or network using adaptive mechanisms exist loopholes flow through the low-rate periodic attacks on the implementation of high-efficiency attacked by an intruder and not be found, resulting in loss of user data or a computer deadlock. LDos attack since there has been extensive attention of researchers, the attack signature analysis and detection methods to prevent network security have become an important research topic. Some have been proposed for the current attacks were classified LDoS describe and model, and then in NS-2 platform for experimental verification, and then LDoS attack detection to prevent difficulties are discussed and summarized for the future such attacks detection method research work to provide a reference.
文摘With the sharp increase of hacking attacks over the last couple of years, web application security has become a key concern. SQL injection is one of the most common types of web hacking and has been widely written and used in the wild. This paper analyzes the principle of SQL injection attacks on Web sites, presents methods available to prevent IIS + ASP + MSSQL web applications from these kinds of attacks, including secure coding within the web application, proper database configuration, deployment of IIS. The result is verified by WVS report.
基金The project supported by National Natural Science Foundation of China under Grant No. 10375022Acknowledgment We thank Prof. Tang Yi for helpful discussions.
文摘We study the attack vulnerability of network with duplication-divergence mechanism. Numerical results have shown that the duplication-divergence network with larger retention probability a is more robust against target attack relatively. Furthermore, duplication-divergence network is broken down more quickly than its counterpart BA network under target attack. Such result is consistent with the fact of WWW and Internet networks under target attack. So duplication-divergence model is a more realistic one for us to investigate the characteristics of the world wide web in future. We also observe that the exponent γ of degree distribution and average degree are important parameters of networks, reflecting the performance of networks under target attack. Our results are helpful to the research on the security of network.
