Over the past few years, wireless local area networks (WLANs) have gained an increased attention and a large number of WLANs are being deployed in universities, companies, airports etc. Majority of the IEEE 802.11 bas...
详细信息
Over the past few years, wireless local area networks (WLANs) have gained an increased attention and a large number of WLANs are being deployed in universities, companies, airports etc. Majority of the IEEE 802.11 based WLANs employ distributed coordination function (DCF) in wireless access points (AP) to arbitrate the wireless channel among Wireless Stations (STAs). However, DCF poses serious unfairness problem between uplink and downlink flows. To overcome this unfairness problem, we propose a simple enhancement to the IEEE 802.11 DCF which provides priority to the AP and thus enables it to acquire a larger share of the channel when required. We have demonstrated the unfairness problem through systematic measurements in an experimental test bed of WLAN using the legacy 802.11 DCF. We also developed analytical models to calculate the throughput of AP and the STAs and verify these results through thorough simulations in ns-2. We observe that our simulation results find in good agreement with our analytical models. Results show that our proposed enhancement achieves a fair distribution of bandwidth and improves the throughput (by nearly 300%) for the downlink flows as compared to the DCF, without severely affecting the performance of uplink flows
Network moving target defense technology can effectively defend against attacker monitoring of the service. The technology makes it more difficult for attackers to attack and can ensure secure communication for servic...
详细信息
Existing routing algorithms in Flying Ad-Hoc Net- works (FANETs) lack the optimization consideration of destruction resistance cost caused by routing recovery when some nodes fail suddenly. In this paper, we propose a...
详细信息
作者:
Yu HaoXu ZhangDongbin WangSchool of Cyberspace Security
Beijing University of Posts and Telecommunications Beijing China School of Cyberspace Security
Beijing University of Posts and Telecommunications National Engineering Research Center for Mobile Internet Security Beijing China School of Cyberspace Security
Beijing University of Posts and Telecommunications Key Laboratory of Ministry of Education and Trustworthy Distributed Computing and Service Beijing China
Container escape detection is a critical research topic in the field of cloud security. Among the challenges faced in modern cloud security, the issue of container escape poses a significant threat due to its direct i...
详细信息
ISBN:
(数字)9798331506209
ISBN:
(纸本)9798331506216
Container escape detection is a critical research topic in the field of cloud security. Among the challenges faced in modern cloud security, the issue of container escape poses a significant threat due to its direct impact on the security of the host machine. Although recent research has proposed various methods to address such issue, they have shortcomings in terms of real-time capabilities and deployment in multinode environments. Meanwhile, container network interface (CNI) plugins provide network functionality for container management systems such as Kubernetes, offering ease of use and scalability. Therefore, we propose CPCED, a real-time container escape detection system running on a generic CNI plugin, and implement the prototype. The system defines the container namespace event that is used to detect insecure interactions by monitoring its changes in the permissions of the process namespace. To detect the events, an algorithm is proposed to extract suspicious process paths and command context in Kubernetes and Docker environments. The experimental results show that this system detects nine container escape vulnerabilities successfully. Compared to PACED, one of the real-time container escape attack detection systems, the memory usage of CPCED is reduced by 7.6% on average, and the average detection time of single vulnerability is 18.6% of PACED’s.
Existing routing algorithms in Flying Ad-Hoc Net- works (FANETs) lack the optimization consideration of destruction resistance cost caused by routing recovery when some nodes fail suddenly. In this paper, we propose a...
详细信息
ISBN:
(纸本)9781665409513
Existing routing algorithms in Flying Ad-Hoc Net- works (FANETs) lack the optimization consideration of destruction resistance cost caused by routing recovery when some nodes fail suddenly. In this paper, we propose a hybrid routing algorithm based on destruction resistance cost and reliability. Based on the real-time network topology and network state, the algorithm can provide a multi-parameters-based routing path with low destruction resistance cost for communication transmission. It can ensure that the main routing path can be quickly recovered after interruption and reduce the process of discovering new routing paths. We have constructed a variety of simulation scenarios to analyze the proposed algorithm and the existing algorithms. The simulation results show that the pro- posed algorithm has good performance in reducing destruction resistance cost.
暂无评论