ISSN 1000-1239 CN 11-1777/TP


    Default Latest Most Read
    Please wait a minute...
    For Selected: Toggle Thumbnails
    Journal of Computer Research and Development    2019, 56 (5): 907-908.  
    Abstract811)   HTML274)    PDF (318KB)(414)       Save
    Related Articles | Metrics
    DDoS Attack Detection Model Based on Information Entropy and DNN in SDN
    Zhang Long, Wang Jinsong
    Journal of Computer Research and Development    2019, 56 (5): 909-918.   DOI: 10.7544/issn1000-1239.2019.20190017
    Abstract1495)   HTML49)    PDF (2034KB)(891)       Save
    The software defined networking (SDN) decouples the data layer and the control layer of the network, but the controller is in danger of “single node invalidation ”. Attackers launch DDoS attacks to disable the controller and threaten the safety of networks. This paper presents a DDoS detection model based on entropy and deep neural network (DNN), which includes the initial detection module based on entropy-based detection method and the further detection module based on DNN. The initial detection module finds out the suspicious traffic in the network preliminarily by calculating the entropy of source and destination IP address, and then the suspected abnormal traffic with DNN-based DDoS detection module confirms the anomaly traffic. Experiments show that this model has higher recognition rate and accuracy rate than the traditional detection algorithm based on entropy or machine learning. At the same time, the model can shorten the detection time and improve the efficiency of resource utilization.
    Related Articles | Metrics
    Delay Tolerant Access Control Method Based on Spatio-Temporal Distribution of Access Requests
    Chen Li, Deng Kun,Jiang Tao,Yue Guangxue,Li Panpan,Yang Jun, Xu Xubao
    Journal of Computer Research and Development    2019, 56 (5): 919-928.   DOI: 10.7544/issn1000-1239.2019.20190016
    Abstract723)   HTML5)    PDF (2908KB)(269)       Save
    In ocean observations, the infrastructure providing wireless communication is sparsely deployed and the wireless observation nodes move very fast. The limited or even scarce wireless network resources are difficult to meet the uploading requirements of large-scale data collection. It is extremely urgent to study and solve the effective upload access control method for massive observation nodes to compete for scarce communication resources. Based on the historical data of the observation access request, the neural network is used to perform time series analysis on them, and then gets their future revenues based on probability. To maximize total revenue, this paper studies the optimization method of uploading access scheduling problem that guarantees the delay tolerance of observation data based on time series analysis. Unfortunately, it is an NP-hard problem (see in theorem 1). Therefore, the approximation algorithm of enhanced access control (P-RSA) is proposed based on the dynamic programming idea. Firstly, the wireless access requests with spatio-temporal dynamic features is a quantified. Secondly, performance parameters are generalized to “revenue”. Finally, simulation experiments are performed that the total revenues of access requests are analysed under different AP’s load conditions until the deadline. P-RSA’s effectiveness is verified by detailed simulation experiments than the existing algorithms.
    Related Articles | Metrics
    Intelligent and Efficient Method for Optimal Penetration Path Generation
    Wang Shuo, Wang Jianhua, Tang Guangming, Pei Qingqi, Zhang Yuchen, Liu Xiaohu
    Journal of Computer Research and Development    2019, 56 (5): 929-941.   DOI: 10.7544/issn1000-1239.2019.20190012
    Abstract1060)   HTML20)    PDF (3954KB)(828)       Save
    Considering the insider and unknown attack, to further improve the efficiency, an intelligent-efficient method for generating the optimal penetration path is put forward. Firstly, we define the two-layer threat penetration graph(TLTPG), where the lower layer is called host threat penetration graph(HTPG) and the upper layer is called network threat penetration graph(NTPG). Then, based on knowledge graph, we build the host resource knowledge graph(HRKG), which is used to generate the HTPG intelligently and efficiently. Further, utilizating the HTPG, we design the NTPG generation algorithm based on penetration information exchange. Finaly, we describe the algorithm of optimal penetration path generation by using the TLTPG. Experimental results show that the proposed method can improve the efficiency of generating the optimal penetration path under the condition that the insider and unknown attack are considered.
    Related Articles | Metrics
    Network Defense Decision-Making Method Based on Stochastic Game and Improved WoLF-PHC
    Yang Junnan, Zhang Hongqi, Zhang Chuanfu
    Journal of Computer Research and Development    2019, 56 (5): 942-954.   DOI: 10.7544/issn1000-1239.2019.20180877
    Abstract968)   HTML5)    PDF (4280KB)(359)       Save
    At present, the method of network attack and defense analysis based on stochastic game adopts the assumption of complete rationality, but in the actual network attack-defense confrontation, it is difficult for both sides of attack and defense to meet the high requirement of complete rationality, which reduces the accuracy and guiding value of the existing methods. Based on the reality of network attack-defense confrontation, the influence of bounded rationality on attack-defense stochastic game is analyzed. Under the constraints of bounded rationality, a stochastic game model is constructed. Aiming at the problem of network state explosion, a method of extracting network state and attack-defense action based on attack-defense graph is proposed, which the game state space is effectively reduced. On this basis, WoLF-PHC algorithm in reinforcement learning is introduced to carry out bounded rational stochastic game analysis and design a defensive decision-making algorithm with online learning ability. By learning, the algorithm can obtain the optimal defense strategy for the current attacker. The obtained strategy is superior to the Nash equilibrium strategy of the existing attack-defense stochastic game model under bounded rationality. By introducing eligibility trace to improve WoLF-PHC, the learning speed of defenders is further improved. The experimental results verify the effectiveness and advancement of the proposed method.
    Related Articles | Metrics
    DiffSec: A Differentiated Intelligent Network Security Service Model
    Deng Li, Wu Weinan, Zhu Zhengyi, Chen Ming
    Journal of Computer Research and Development    2019, 56 (5): 955-966.   DOI: 10.7544/issn1000-1239.2019.20190019
    Abstract872)   HTML10)    PDF (3121KB)(348)       Save
    Network security for our modern information society is more and more important, and what followed by the cost of network security is increasing. It is a challenging task to reduce the cost of network security as much as possible on the premise of ensuring network security. Based on the fact that different user communities have different security requirements, this paper proposes a model called DiffSec that provides differentiated security services according to different user security levels. We argue that this model can effectively reduce the network security service cost and improve the network performance and can meet the needs of long-term development of the network security technology. Based on the DiffSec, we design the structure of the secure access network (SANet) and the corresponding intelligent control method using the combination of NFV and SDN, and implement the prototype system. The experimental results of the prototype system show that SANet can not only provide flexible and correct network security functions, but also has good network performance and practical value.
    Related Articles | Metrics
    Implementation and Evaluation of Cooperative Routing in Software Defined Wireless Networking
    Fei Ning, Xu Lijie, Cheng Xiaohui
    Journal of Computer Research and Development    2019, 56 (5): 967-976.   DOI: 10.7544/issn1000-1239.2019.20180866
    Abstract767)   HTML15)    PDF (1947KB)(208)       Save
    In a mesh network, not all WiFi APs are always taken part in the actual packet transmission which makes network resources redundant. A same packet is usually received by more than one node even though they are not on this packet’s original transmission path. These nodes can be chosen to forward the packets to the destination node, which improves the bandwidth of the designated link in a cooperative routing path. However, due to the transmission and computation overhead on WiFi APs, the cooperative routing is difficult to be implemented in traditional wireless networking. The centralized architecture of software defined wireless networking (SDWN) makes it convenient to select helper nodes effectively and globally for a cooperative routing. This paper proposes a cooperative routing algorithm in SDWN. In this algorithm, routing discovery is performed on WiFi APs while the global and computation intensive tasks such as the route validation, the helper node selection and the interferences update are completed by the controller. By extending OpenFlow protocol, the proposed cooperative routing has been implemented and evaluated on a test bed. The evaluation indicates that our QoS oriented SDWN-based cooperative routing achieves greater bandwidth and less packet transmission delay than traditional wireless protocols.
    Related Articles | Metrics