Please wait a minute...

����Ŀ¼

    15 September 2018, Volume 4 Issue 9
    Comprehensive Review
    Survey of attack graph based network security metric
    Hao HU, Yuling LIU, Yuchen ZHANG, Hongqi ZHANG
    2018, 4(9):  1-16.  doi:10.11959/j.issn.2096-109x.2018072
    Asbtract ( 960 )   HTML ( 22)   PDF (633KB) ( 2151 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    One of the main challenges of network security metrics is how to accurately identify the intrusion of the intruders exploiting the dependence between the vulnerabilities for threat propagation in the target network system as well as to quantify the potential impact on the network system.Because of its superior performance of visual display,the attack graph becomes one of the effective ways to solve the problem.Firstly,the concept,development and general metric models of security metrics were introduced.Secondly,the related researches with respect to attack graph construction,classification and application were discussed.Thirdly,a hierarchical framework for security metric using attack graph was proposed,and then existing methods of network security metric were summarized from three levels (key “point”,attack “line” and situation “plane”).Finally,the difficult issues and development trends for the current research were discussed.

    Papers
    QLearning based business differentiating routing mechanism in SDN architecture
    Zijin JIN,Julong LAN,Yiming JIANG,Penghao SUN,Peng WEI
    2018, 4(9):  17-22.  doi:10.11959/j.issn.2096-109x.2018073
    Asbtract ( 1222 )   HTML ( 8)   PDF (692KB) ( 781 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    With the diversified development of the current network,users’ demand grows as well which brings great challenge for its load ability.A QLearning based business differentiating routing mechanism in SDN architecture was proposed to guarantee users’ routing QoS.To do that,four modules (discovery of link,classification of link,intensive learning and Q-value table sending) were designed to assign different paths to data streams of different attributes.The experiment shows that the proposed algorithm can decrease the packet loss rate to less than 5% and for some of the data streams,this rate is almost 0,simultaneously,it also helps the delay problem.

    Blockchain-based key management scheme for distributed networks
    Qianyi DAI,Kaiyong XU,Song GUO,Guoming CAI,Zhicheng ZHOU
    2018, 4(9):  23-35.  doi:10.11959/j.issn.2096-109x.2018077
    Asbtract ( 1506 )   HTML ( 17)   PDF (822KB) ( 1575 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Regarding the difficult key management and excessive communication overhead in the distributed group networks,KMSBoB-Key management schemes based on blockchain was proposed,featuring key management and transmitting procedure based on blockchain in distributed group networks.Meanwhile,the all-member mining process of blockchain and the MTI/CO protocol process were combined to establish a protocol of dynamically generated session key,so as to streamline key management strategies in cross-heterogeneous autonomous domains.According to simulation testing and result analysis,KMSBoB is safe and effective,with less communication overhead and higher expansibility than traditional key management schemes.

    Blockchain-based ARP defense scheme
    Fanming LIU,Wei SHI
    2018, 4(9):  36-43.  doi:10.11959/j.issn.2096-109x.2018071
    Asbtract ( 1443 )   HTML ( 19)   PDF (694KB) ( 1129 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    In order to improve the difficulty of maintaining the static binding method when defending against ARP attacks,a defense method was designed with the features of low cost of defense and easy maintenance by using the idea of a blockchain technology.The blockchain structure had been improved,and the transaction index table structure had been designed to identify attacks and update data in a timely manner to prevent subsequent attacks.The content of the transaction index table was updated after the IP address was changed normally to ensure the correctness of the query.Analysis and experiments show that the blockchain-based defense method has the following merits:high security,guaranteeing the data is not tampered with,low cost of maintenance,and effective prevention against ARP spoofing attacks.

    Relation extraction based on CNN and Bi-LSTM
    Xiaobin ZHANG, Fucai CHEN, Ruiyang HUANG
    2018, 4(9):  44-51.  doi:10.11959/j.issn.2096-109x.2018074
    Asbtract ( 8138 )   HTML ( 63)   PDF (618KB) ( 3354 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Relation extraction aims to identify the entities in the Web text and extract the implicit relationships between entities in the text.Studies have shown that deep neural networks are feasible for relation extraction tasks and are superior to traditional methods.Most of the current relation extraction methods apply convolutional neural network (CNN) and long short-term memory neural network (LSTM) methods.However,CNN just considers the correlation between consecutive words and ignores the correlation between discontinuous words.On the other side,although LSTM takes correlation between long-distance words into account,the extraction features are not sufficiently extracted.In order to solve these problems,a relation extraction method that combining CNN and LSTM was proposed.three methods were used to carry out the experiments,and confirmed the effectiveness of these methods,which had some improvement in F1 score.

    Game model based security strategy of heterogeneous controllers in the cloud
    Juntai HU,Zhenyu WU,Xiao FU,Yichao WANG
    2018, 4(9):  52-59.  doi:10.11959/j.issn.2096-109x.2018075
    Asbtract ( 505 )   HTML ( 1)   PDF (686KB) ( 817 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    Deploying multiple heterogeneous controllers at the control level of a software-defined data center is an effective way to increase security.In view of the deployment strategy of controllers under different security requirements of the network,a game model was presented.Specifically,firstly,the game theory was used to depict the attack and defense game model and solve the Nash equilibrium,and then guided the design of security strategy.Secondly,the impact of the strategy of attack and defense on the security status of the control layer were analyzed.Finally,the simulation results show the effectiveness of the proposed equilibrium strategy,and describe the dynamic interaction strategy.

    Design of identity authentication agreement in mobile terminal based on SM2 algorithm and blockchain
    Qiuhan WU,Wei HU
    2018, 4(9):  60-65.  doi:10.11959/j.issn.2096-109x.2018046
    Asbtract ( 2077 )   HTML ( 22)   PDF (733KB) ( 1818 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics

    To solve the privacy leakage problem in the process of identification by second generation residents’ ID card,the SM2 algorithm and the blockchain technology were adopted,and the dynamic password ,facial recognition and two-dimension code to modify the traditional identification method were combined to design a kind of identification agreement on mobile terminal.The study analyzed the efficiently and security of the agreement,which reflected that the agreement could guarantee users’ privacy when it provide high-efficient identification.

    Survey on quantitative evaluations of moving target defense
    Huanruo LI,Yunfei GUO,Shumin HUO,Guozhen CHENG,Wenyan LIU
    2018, 4(9):  66-76.  doi:10.11959/j.issn.2096-109x.2018076
    Asbtract ( 734 )   HTML ( 2)   PDF (494KB) ( 1098 )   Knowledge map   
    Figures and Tables | References | Related Articles | Metrics
Copyright Information
Bimonthly, started in 2015
Authorized by:Ministry of Industry and Information Technology of the People's Republic of China
Sponsored by:Posts and Telecommunications Press
Co-sponsored by:Xidian University, Beihang University, Huazhong University of Science and Technology, Zhejiang University
Edited by:Editorial Board of Chinese Journal of Network and Information Security
Editor-in-Chief:FANG Bin-xing
Executive Editor-in-Chief:LI Feng-hua
Director:YI Dong-shan
Address:F8,You Dian Publisher Building,No.11,Chengshousi Road,Fengtai District,Beijing 100078,PR China
Tel:+8610-81055479, 81055456
Fax:+86-81055464
ISSN 2096-109X
CN 10-1366/TP
visited
Total visitors:
Visitors of today:
Now online: