The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Traditional multi-step attack correlation approaches based on intrusion alerts face the challenge of recognizing attack scenarios because these approaches require complex pre-defined association rules as well as a high dependency on expert knowledge. Meanwhile, they barely consider the privacy issues. Under such circumstance, a novel algorithm is proposed to construct multi-step attack scenarios based...
Network security situation awareness provides the unique high level security view based upon the security alert events. But the complexities and diversities of security alert data on modern networks make such analysis extremely difficult. In this paper, we analyze the existing problems of network security situation awareness system and propose a framework for network security situation awareness based...
Channel assignment is the key problem in the research of the next-generation wireless mesh networks (WMN) in which each node may be equipped with multiple radio interfaces, each capable of running in one of several modes and one of several channels. Recent research indicates that the use of channel assignment technology could reduce the interference and increase the throughout of WMN effectively....
The modularization immunity neural network model is an intelligent solution to network security, but the function relationships among the neural network, immune algorithm and genetic algorithm in the model. By following biological mechanism, this paper builds up interaction functions and function systems among all the parts in the model, which leads to the organic combination among the neural network,...
Security audits and penetration testing exercises serve to determine the baseline of the security in a network/system and to identify possible avenues of exploitation. Red and Blue Team is the name given to the combined execution of these risk assessments that consist of various operational, managerial and technical activities. However, to successfully complete a combined Red and Blue Team Mission...
Attack graphs play important roles in analyzing network security vulnerabilities, and previous works have provided meaningful conclusions on the generation and security measurement of attack graphs. However, it is still hard for us to understand attack graphs in a large network, and few suggestions have been proposed to prevent inside malicious attackers from attacking networks. To address these problems,...
With increasing network security threats, the network vulnerability must consider exploits in the context of multistage, multi-host attack scenarios. The general approach to this problem is to construct an attack graph for a given network configuration. An attack graph consists of a number of attack paths which are essentially series of exploits which an attacker employs to reach the destination....
The lack of trust is one of the most important problems that affect supply chain cooperation. Selecting trustworthy members is an effectual way to solve this problem. Based on this, in this paper, we introduce the idea of trust management in network security and propose a searching model of trustworthy supply chain called TSFM aiming to choose trustworthy supplier in the setting up of supply chain...
Intrusion detection systems (IDS) as a part of today's networks raise millions of low-level alerts every day. Consequently, it is difficult for human to analyze them. Alert correlation techniques have been developed during recent years to decrease the number of alerts and provide a high-level abstraction of them for a network administrator. In this paper, we suggest a new method for correlating alerts...
As a reaction to the threat of network security, the appliance of virtual private network (VPN) has become more and more prevalent. In order to support IPSec VPN on ForTER, the paper proposes an implementation model by IPSec security policy LFB, which is the critical step to achieve IPSec VPN on ForTER. Experiment results show the feasibility and effectiveness of the model.
IPSec is a policy-driven security mechanism. How to react on the diversity of network security and quickly generate corresponding security policy is one of the core issues of IPSec. This article introduces the traditional IPSec security policy and demonstrates an improved mechanism of implementing the IPSec security policy. Secondly, it constructs the security policy model based on ID3 algorithm by...
Entropy based intrusion detection which recognizes the network behavior only depends on the packets themselves and do not need any security background knowledge or user interventions, shows great appealing in network security areas. In this paper, we compare two entropy methods, network entropy and normalized relative network entropy (NRNE), to classify different network behaviors. The experimental...
Since attack graphs provide practical attack context and relationships among vulnerabilities, researchers have been trying to evaluate network security based on attack graphs. However, previous works focus their attention on specific evaluations they concerned, and each does things in his own way. There is no explicit way telling network administrators how to measure network security in a general...
Computer networks are vulnerable to attacks, where the network infrastructure itself is targeted. Emerging router designs, which use software-programmable embedded processors, increase the vulnerability to such attacks. We present the design of a secure packet processing platform (SPPP) that can protect these router systems. We use an instruction-level monitoring system to detect deviations in processing...
Network vulnerability assessment has carried out a certain degree of research work in relative field. The common method for vulnerability assessment is hierarchical asset vulnerability assessment, in which vulnerability value is fixed and the weight of service is subjective. Thus the accuracy of calculation depends on experience and judgment. In this paper, according to CVSS (Common Vulnerability...
Firewalls are among the most important components in network security. Traditionally, the rules of the firewall are kept private under the assumption that privacy of the rule set makes attacks on the network more difficult. We posit that this assumption is no longer valid in the Internet of today due to two factors: the emergence of botnets reducing probing difficulty and second, the emergence of...
Communication via self-organization is a practical and most common model for wireless sensor network. Its security, efficiency and cost and corresponding key management are one of the key research topics on WSN security. This paper proposes a group key management scheme for WSN based on an original self-organized structure, grid-loop. The group which we called grid-loop is constructed on distributed...
With the rapid prevalence of botnet, Internet is facing growing threats. Botnet detection has recently become very important in the field of network security. Aiming at the weakness of the existing botnet detection architectures, we propose a hierarchical collaborative model, which shares information and cooperates in the three levels of information, feature, and decision-making. On the basis of the...
In this paper we have completed the analysis of intelligence mining system architecture framework and workflow, and showed the design frame of the web intelligence mining service system (IMSS). We have constructed and integrated intelligence experts brainpower supplemented by data mining technology, through the study on working mechanism of collection, analysis, services, counter-intelligence of the...
Network attack graphs are originally used to evaluate what the worst security state will be if a network is under attack. Along with observed intrusion evidences, we can further use attack graphs to extrapolate the current security state of a concerned network. Methods have been proposed in recent years to use observed intrusion evidences to compute the node belief metric of network attack graphs...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.