The application of Distributed Intrusion Detection System (DIDS) in campus network is a security technology which aims at monitoring and analyzing network attacks. With the increasing number of campus network users an...
详细信息
Radio frequency fingerprint (RFF) identification as a physical layer authentication technique by leveraging devices' unique hardware-level imperfections in transmitted signals has been considered as a potential co...
详细信息
ISBN:
(纸本)9798350381993;9798350382006
Radio frequency fingerprint (RFF) identification as a physical layer authentication technique by leveraging devices' unique hardware-level imperfections in transmitted signals has been considered as a potential complement to combat spoofing attacks. In this paper, we develop a lightweight framework to identify long-term evolution (LTE) devices with intrinsic features extracted from Msg3. Channel-robust fingerprints from channel state information (CSI) in demodulation reference signal (DMRS) associated with physical uplink shared channel (PUSCH) are obtained. These modulation features are combined with transient-on features that are obtained from the cyclic prefix (CP). A hybrid feature matrix is constructed and fed into a shallow long shortterm memory (LSTM) network, which improves the identification accuracy compared to using single feature representation. We carry out extensive experiments with five LTE devices in realworld environment via a pseudo base station. The robustness of our proposed scheme is evaluated by cross-scenario training and testing. Thanks to the hybrid information-rich feature matrix as input of network, the classification accuracy 90.90% obtained at 25 dB when training in static but testing in dynamic scenarios demonstrates that our scheme is channel-robust in the presence of channel variations.
With the increasing popularity of containers for deploying microservices, ensuring the security of container networks has become a vital concern. However, current security solutions rely on a host's operating syst...
详细信息
ISBN:
(纸本)9798350386066;9798350386059
With the increasing popularity of containers for deploying microservices, ensuring the security of container networks has become a vital concern. However, current security solutions rely on a host's operating system (OS) to enforce network policies for container traffic. This design incurs severe overhead and cannot guarantee container networksecurity when attackers gain access to the host's OS. Therefore, we propose HardWhale, a hardware-isolated networksecurity enforcement system for containers that delivers high-performance and robust networksecurity without depending on the host's OS. HardWhale leverages a smartNIC, physically isolating the entire container traffic inspection stack from the host and accelerating inspection tasks. Inspection policies securely reside within the smartNIC and are updated in runtime without involving the host, due to our isolated policy management mechanism. This design ensures robust networksecurity for containers, even if the host is exposed to attackers. Evaluations show that HardWhale protects containers against various network attacks in compromised environments and improves HTTP throughput threefold and HTTP latency 2.3fold compared to state-of-the-art solutions.
Aiming at the problems of incomplete monitoring, slow response speed and low accuracy of the existing networkinformationsecurity automatic monitoring system, the paper designs an automatic networkinformation securi...
详细信息
Aiming at the problems of incomplete monitoring, slow response speed and low accuracy of the existing networkinformationsecurity automatic monitoring system, the paper designs an automatic networkinformationsecurity monitoring system in a cloud computing environment. Based on the overall system architecture, the design of information collection, information transmission and informationsecurity early warning modules has realised the acquisition of networkinformation changes, the transmission and integration of networkinformation, and the risk warning of network abnormalities. Using relative protection entropy as the theoretical basis, the networkinformationsecurity threshold under the cloud computing environment is further set, and the automatic monitoring of networkinformationsecurity is realised by judging the threshold risk coefficient. Experimental results show that the system has a high comprehensive monitoring capability, the response speed is within 0.5s, and the accuracy of information monitoring is as high as 99%.
network protocol specification is essential in analyzing and evaluating network functionality, performance, and security. However, increasing private protocols become a hindrance to these features. The existing works ...
详细信息
ISBN:
(纸本)9798350381993;9798350382006
network protocol specification is essential in analyzing and evaluating network functionality, performance, and security. However, increasing private protocols become a hindrance to these features. The existing works study how to extract protocol keyword fields rather than infer the semantics of the fields, such as the length field, which can indicate the length associated with a message and is fundamental for deep analysis of network protocols. In this paper, we propose a nonparametric and unsupervised method, ROSE, to extract the length field of unknown binary network protocols from static traces. It segments the fields from the raw network trace and gets the inferred length of a subset of messages by clustering similar fields with k-means. Then, it generates candidate fields using n-gram and builds a multidimensional equation based on the length of the clustered messages and the candidate length fields. Finally, ROSE extracts the inferred length fields through linear regression. As far as we know, it is the first study on extracting length field from the static trace. The evaluation experiments using raw network traces exhibit high precision and recall in extracting the length field or identifying protocols without the length field.
Trusted computing technology represents a significant element of cyber security systems, serving to guarantee the integrity and accessibility of data and systems. The incorporation of Trusted computing introduces a se...
详细信息
Delay Tolerant network (DTN) is a network model designed for special environments. It is designed to be used in challenging network environments with high latency levels, bandwidth constraints, and unstable data trans...
详细信息
ISBN:
(纸本)9798350381993;9798350382006
Delay Tolerant network (DTN) is a network model designed for special environments. It is designed to be used in challenging network environments with high latency levels, bandwidth constraints, and unstable data transmission. It plays an important role in extremely special environments such as disaster rescue, maritime communication, and remote areas. Currently, research on DTN mainly focuses on innovative routing protocols, with limited research of the security issues and solutions. In response to the above problems, this paper analyzes and compares the security problems faced by delay tolerance networks and their solutions and security schemes
The rapid popularization of cloud computing has put forward higher requirements for networksecurity, and the traditional network architecture is difficult to cope with the complex security requirements in the cloud c...
详细信息
networksecurity is a continuously evolving procedure now present in every aspect of communications. 5G and 6G networks are examples of networks that can suffer from networksecurity problems and become critical asset...
详细信息
ISBN:
(纸本)9798350377774;9798350377767
networksecurity is a continuously evolving procedure now present in every aspect of communications. 5G and 6G networks are examples of networks that can suffer from networksecurity problems and become critical assets for every operation. While the security of the infrastructure is operated at lower layers of the ISO-OSI stack and dedicated protocols or by specific researches on network slicing and Service Management and Orchestration [1], services such as Multiaccess Edge computing, Virtual network Functions, and network assets need to be secured. We propose a security tool enabled by MEC: MECHATRON, which covers the security of Assets, Services, and Continuous Monitoring through an integrated platform.
Insider threats present a formidable challenge to cybersecurity, as insiders possess the privileges and information necessary to execute diverse attacks. A comprehensive analysis of user behavior, including behavioral...
详细信息
ISBN:
(纸本)9798350381993;9798350382006
Insider threats present a formidable challenge to cybersecurity, as insiders possess the privileges and information necessary to execute diverse attacks. A comprehensive analysis of user behavior, including behavioral features, sequences, and inter-user relationships, is required for effective insider threat detection. However, few existing methods consider these features in an integrated manner, which could result in high false positives. To further improve the accuracy of insider threat detection, we propose a novel framework for insider threat detection based on a temporal graph convolutional network with data augmentation (referred to as TGCN-DA), which integrates the exploration of structural information among users and simultaneously captures the behavior temporal dependencies. In particular, we introduce an edge predictor to encode user structural information and strengthen intra-class edges among users based on the representation of users' behavior. Additionally, the GCN with temporal feature mechanism is leveraged to learn dynamic changes in users' behavior to capture behavior temporal dependence. Extensive experiments demonstrate that our proposed TGCN-DA outperforms other state-of-the-art methods and achieves higher accuracy in the task of insider threat detection.
暂无评论