基于区块链的网络安全技术综述

随着移动互联网与物联网技术的发展,网络空间承载了海量数据,必须保证其安全性和隐私性。基于区块链的网络安全机制具有去中心化、不可篡改、可追溯、高可信和高可用的特性,有利于提升网络安全性。探讨了区块链在网络安全方面的应用方案,分析了基于区块链的网络安全机制的主要技术特点和方法以及未来研究方向。首先探讨了数据管理体系应用区块链进行数据管理的方法,利用区块链不可篡改的特性提高数据的真实性和可靠性。其次分析了物联网应用区块链进行设备管理的方案,通过区块链记录和执行设备控制指令,强化物联网设备权限和通信管理。最后研究了域名系统应用区块链的部署方案,利用区块链的去中心化结构抵抗针对中心节点的分布式拒绝服务攻击。国家自然科学基金资助项目(No.61671396);;东南大学移动通信国家重点实验室开放基金资助项目(No.2018D08);;佛山市科技创新项目(No.2015IT100095)~

Security aspects in cloud based condition monitoring of machine tools

In the modern competitive environments companies must have rapid production systems that are able to deliver parts that satisfy highest quality standards. Companies have also an increased need for advanced machines equipped with the latest technologies in maintenance to avoid any reduction or interruption of production. Eminent therefore is the need to monitor the health status of the manufacturing equipment in real time and thus try to develop diagnostic technologies for machine tools. This paper lays the foundation for the creation of a safe remote monitoring system for machine tools using a Cloud environment for communication between the customer and the maintenance service company. Cloud technology provides a convenient means for accessing maintenance data anywhere in the world accessible through simple devices such as PC, tablets or smartphones. In this context the safety aspects of a Cloud system for remote monitoring of machine tools becomes crucial and is, thus the focus of this pape

A DDoS Attack Detection using PCA Dimensionality Reduction and Support Vector Machine

Distributed denial-of-service attack (DDoS) is one of the most frequently occurring network attacks. Because of rapid growth in the communication and computer technology, the DDoS attacks became severe. So, it is essential to research the detection of a DDoS attack. There are different modes of DDoS attacks because of which a single method cannot provide good security. To overcome this, a DDoS attack detection technique is presented in this paper using machine learning algorithm. The proposed method has two phases, dimensionality reduction and model training for attack detection. The first phase identifies important components from the large proportion of the internet data. These extracted components are used as machine learning’s input features in the phase of model detection. Support Vector Machine (SVM) algorithm is used to train the features and learn the model. The experimental results shows that the proposed method detects DDoS attacks with good accuracy

A novel algorithm for software defined networks model to enhance the quality of services and scalability in wireless network

Software defined networks (SDN) have replaced the traditional network architecture by separating the control from forwarding planes. SDN technology utilizes computer resources to provide worldwide effective service than the aggregation of single internet resources usage. Breakdown while resource allocation is a major concern in cloud computing due to the diverse and highly complex architecture of resources. These resources breakdowns cause delays in job completion and have a negative influence on attaining quality of service (QoS). In order to promote error-free task scheduling, this study represents a promising fault-tolerance scheduling technique. For optimum QoS, the suggested restricted Boltzmann machine (RBM) approach takes into account the most important characteristics like current consumption of the resources and rate of failure. The proposed approach's efficiency is verified using the MATLAB toolbox by employing widely used measures such as resource consumption, average processing time, throughput and rate of success

Technical Report on Deploying a highly secured OpenStack Cloud Infrastructure using BradStack as a Case Study

Cloud computing has emerged as a popular paradigm and an attractive model for providing a reliable distributed computing model.it is increasing attracting huge attention both in academic research and industrial initiatives. Cloud deployments are paramount for institution and organizations of all scales. The availability of a flexible, free open source cloud platform designed with no propriety software and the ability of its integration with legacy systems and third-party applications are fundamental. Open stack is a free and opensource software released under the terms of Apache license with a fragmented and distributed architecture making it highly flexible. This project was initiated and aimed at designing a secured cloud infrastructure called BradStack, which is built on OpenStack in the Computing Laboratory at the University of Bradford. In this report, we present and discuss the steps required in deploying a secured BradStack Multi-node cloud infrastructure and conducting Penetration testing on OpenStack Services to validate the effectiveness of the security controls on the BradStack platform. This report serves as a practical guideline, focusing on security and practical infrastructure related issues. It also serves as a reference for institutions looking at the possibilities of implementing a secured cloud solution.Comment: 38 pages, 19 figures

A novel intelligent approach for detecting DoS flooding attacks in software-defined networks

Software-Defined Networking (SDN) is an emerging networking paradigm that provides an advanced programming capability and moves the control functionality to a centralized controller. This paper proposes a two-stage novel intelligent approach that takes advantage of the SDN approach to detect Denial of Service (DoS) flooding attacks based on calculation of packet rate as the first step and followed by Support Vector Machine (SVM) classification as the second step. Flow concept is an essential idea in OpenFlow protocol, which represents a common interface between an SDN switch and an SDN controller. Therefore, our system calculates the packet rate of each flow based on flow statistics obtained by SDN controller. Once the packet rate exceeds a predefined threshold, the system will activate the packet inspection unit, which, in turn, will use the (SVM) algorithm to classify the previously collected packets. The experimental results showed that our system was able to detect DoS flooding attacks with 96.25% accuracy and 0.26% false alarm rate

Security Threats in Software Defined Mobile Clouds (SDMC)

Future Internet comprises of emerging ICT mega-trends (e.g., mobile, social, cloud, and big data) commands new challenges like ubiquitous accessibility, high bandwidth, and dynamic management to meet the data tsunami requirements. In the recent years, the rapid growth of smartphone business is highly evidenced due to its versatile usage irrespective of location, personality or context. Despite of increased smartphone usage, exploiting its full potential becomes very difficult owing to its typical issues such as resource scarcity, mobility and more prominently the security. Software Defined Networking (SDN), an emerging wireless network paradigm can make use of rich mobile cloud functionalities such as traffic management, load balancing, routing, and firewall configuration over physical abstraction of control planes from data planes. Hence SDN leads to a clear roadmap to Software Security control in Mobile Clouds (SDMC). Further it can be extended to a level of Security prevention. To address in this direction, this paper surveys the relevant backgrounds of the existing state-of-art works to come up with all possible SDMC threats and its countermeasures

Network Interdiction Using Adversarial Traffic Flows

Traditional network interdiction refers to the problem of an interdictor trying to reduce the throughput of network users by removing network edges. In this paper, we propose a new paradigm for network interdiction that models scenarios, such as stealth DoS attack, where the interdiction is performed through injecting adversarial traffic flows. Under this paradigm, we first study the deterministic flow interdiction problem, where the interdictor has perfect knowledge of the operation of network users. We show that the problem is highly inapproximable on general networks and is NP-hard even when the network is acyclic. We then propose an algorithm that achieves a logarithmic approximation ratio and quasi-polynomial time complexity for acyclic networks through harnessing the submodularity of the problem. Next, we investigate the robust flow interdiction problem, which adopts the robust optimization framework to capture the case where definitive knowledge of the operation of network users is not available. We design an approximation framework that integrates the aforementioned algorithm, yielding a quasi-polynomial time procedure with poly-logarithmic approximation ratio for the more challenging robust flow interdiction. Finally, we evaluate the performance of the proposed algorithms through simulations, showing that they can be efficiently implemented and yield near-optimal solutions