Search

Your search keyword '"Kangfeng Zheng"' showing total 187 results
Start Over Author "Kangfeng Zheng"
187 results on '"Kangfeng Zheng"'

101. Improving the Classification Effectiveness of Intrusion Detection by Using Improved Conditional Variational AutoEncoder and Deep Neural Network

Author

Kangfeng Zheng, Chunhua Wu, Yixian Yang, and Yanqing Yang

Subjects
Computer science, intrusion detection, generator network, 02 engineering and technology, Intrusion detection system, lcsh:Chemical technology, Biochemistry, Article, Analytical Chemistry, 0202 electrical engineering, electronic engineering, information engineering, lcsh:TP1-1185, Electrical and Electronic Engineering, Instrumentation, Global optimization, Training set, Artificial neural network, business.industry, deep neural network, 020206 networking & telecommunications, Pattern recognition, Autoencoder, Atomic and Molecular Physics, and Optics, Backpropagation, improved conditional variational autoencoder, 020201 artificial intelligence & image processing, False positive rate, Artificial intelligence, business, Encoder, variational inference
Abstract

Intrusion detection systems play an important role in preventing security threats and protecting networks from attacks. However, with the emergence of unknown attacks and imbalanced samples, traditional machine learning methods suffer from lower detection rates and higher false positive rates. We propose a novel intrusion detection model that combines an improved conditional variational AutoEncoder (ICVAE) with a deep neural network (DNN), namely ICVAE-DNN. ICVAE is used to learn and explore potential sparse representations between network data features and classes. The trained ICVAE decoder generates new attack samples according to the specified intrusion categories to balance the training data and increase the diversity of training samples, thereby improving the detection rate of the imbalanced attacks. The trained ICVAE encoder is not only used to automatically reduce data dimension, but also to initialize the weight of DNN hidden layers, so that DNN can easily achieve global optimization through back propagation and fine tuning. The NSL-KDD and UNSW-NB15 datasets are used to evaluate the performance of the ICVAE-DNN. The ICVAE-DNN is superior to the three well-known oversampling methods in data augmentation. Moreover, the ICVAE-DNN outperforms six well-known models in detection performance, and is more effective in detecting minority attacks and unknown attacks. In addition, the ICVAE-DNN also shows better overall accuracy, detection rate and false positive rate than the nine state-of-the-art intrusion detection methods.

Published
2019

102. User identification by keystroke dynamics using improved binary particle swarm optimisation

Author

Xiujuan Wang, Kangfeng Zheng, Guangzhi Xu, Tong Wu, and Chunhua Wu

Subjects
General Computer Science, business.industry, Computer science, ComputingMethodologies_MISCELLANEOUS, Particle swarm optimization, Feature selection, Pattern recognition, Filter (signal processing), Keystroke logging, Theoretical Computer Science, Support vector machine, Identification (information), Keystroke dynamics, Feature (computer vision), Artificial intelligence, business
Abstract

As a kind of behavioural characteristic, keystroke features are crucial to the accuracy of user identification system using shallow machine learning algorithms. Filter and wrapper feature selection algorithms are the two most important methods. The information gain and particle swarm optimisation algorithm represent the two feature optimisation methods, respectively. In this paper, new hybrid binary particle swarm optimisation methods combined with information gain theory are proposed in association with opposite-based learning and distributed techniques. The converted information gain values act as weight coefficients to adaptively adjust the flight speed of particles. The support vector machine (SVM) algorithm is applied to evaluate the performance of feature optimisation in terms of user identification accuracy and feature reduction rate. Experimental results of three public keystroke datasets show that the proposed optimisation methods achieve better classification accuracy with fewer features than four existing optimisation methods.

Published
2019

103. Semi-GSGCN: Social Robot Detection Research with Graph Neural Network.

Author

Xiujuan Wang, Qianqian Zheng, Kangfeng Zheng, Yi Sui, and Jiayue Zhang

Subjects
SOCIAL robots, FEATURE extraction, AUTONOMOUS robots, SOCIAL networks, FOLKSONOMIES, GRAPH algorithms, INFORMATION networks
Abstract

Malicious social robots are the disseminators of malicious information on social networks, which seriously affect information security and network environments. Efficient and reliable classification of social robots is crucial for detecting information manipulation in social networks. Supervised classification based on manual feature extraction has been widely used in social robot detection. However, these methods not only involve the privacy of users but also ignore hidden feature information, especially the graph feature, and the label utilization rate of semi-supervised algorithms is low. Aiming at the problems of shallow feature extraction and low label utilization rate in existing social network robot detection methods, in this paper a robot detection scheme based on weighted network topology is proposed, which introduces an improved network representation learning algorithm to extract the local structure features of the network, and combined with the graph convolution network (GCN) algorithm based on the graph filter, to obtain the global structure features of the network. An end-to-end semi-supervised combination model (Semi-GSGCN) is established to detect malicious social robots. Experiments on a social network dataset (cresci-rtbust-2019) show that the proposed method has high versatility and effectiveness in detecting social robots. In addition, this method has a stronger insight into robots in social networks than other methods. [ABSTRACT FROM AUTHOR]

Published
2020
Full Text
View/download PDF

104. A Nature-inspired Multiple Kernel Extreme Learning Machine Model for Intrusion Detection.

Author

Yanping Shen, Kangfeng Zheng, Chunhua Wu, and Yixian Yang

Subjects
MACHINE learning, FEATURE selection, KERNEL functions, HEURISTIC, INFORMATION technology security, KERNEL operating systems, BIOLOGICALLY inspired computing
Abstract

The application of machine learning (ML) in intrusion detection has attracted much attention with the rapid growth of information security threat. As an efficient multi-label classifier, kernel extreme learning machine (KELM) has been gradually used in intrusion detection system. However, the performance of KELM heavily relies on the kernel selection. In this paper, a novel multiple kernel extreme learning machine (MKELM) model combining the ReliefF with nature-inspired methods is proposed for intrusion detection. The MKELM is designed to estimate whether the attack is carried out and the ReliefF is used as a preprocessor of MKELM to select appropriate features. In addition, the nature-inspired methods whose fitness functions are defined based on the kernel alignment are employed to build the optimal composite kernel in the MKELM. The KDD99, NSL and Kyoto datasets are used to evaluate the performance of the model. The experimental results indicate that the optimal composite kernel function can be determined by using any heuristic optimization method, including PSO, GA, GWO, BA and DE. Since the filter-based feature selection method is combined with the multiple kernel learning approach independent of the classifier, the proposed model can have a good performance while saving a lot of training time. [ABSTRACT FROM AUTHOR]

Published
2020
Full Text
View/download PDF

105. Efficient identity-based signature scheme with batch authentication for delay tolerant mobile sensor network

Author

Wen-ji Li, Kangfeng Zheng, Yixian Yang, Dongmei Zhang, and Qing Ye

Subjects
Scheme (programming language), Authentication, Computer Networks and Communications, Computer science, business.industry, Cryptography, Computer security, computer.software_genre, Signature (logic), Power (physics), Delivery Performance, Signal Processing, Identity (object-oriented programming), business, computer, Wireless sensor network, Information Systems, computer.programming_language, Computer network
Abstract

Identity-based cryptography (IBC) has drawn a lot of attentions in delay tolerant environment. However, the high computational cost of IBC becomes the most critical issue in delay tolerant mobile sensor network (DTMSN) because of the limited processing power. In this paper, an efficient identify-based signature scheme with batch authentication (ISBA) is proposed for DTMSN. ISBA designs an online/offline signature with batch authentication to reduce the computational cost, and improves data delivery mechanism to increase the number of messages for each batch authentication. Simulation results show that ISBA not only realizes a lower computational cost than existed schemes, but also does not induce negative impact on the delivery performance.

Published
2013

106. Virus Propagation Modeling and Convergence Analysis in Large-Scale Networks

Author

Ren Ping Liu, Wei Ni, Xu Wang, Xinxin Niu, and Kangfeng Zheng

Subjects
021110 strategic, defence & security studies, Mathematical optimization, Computer Networks and Communications, Computer science, Strategic, Defence & Security Studies, 0211 other engineering and technologies, Markov process, 020206 networking & telecommunications, Scale (descriptive set theory), 02 engineering and technology, Network topology, Upper and lower bounds, symbols.namesake, Bounded function, Convergence (routing), 0202 electrical engineering, electronic engineering, information engineering, symbols, Applied mathematics, Quantitative Biology::Populations and Evolution, Safety, Risk, Reliability and Quality, Epidemic model
Abstract

© 2016 IEEE. Biological epidemic models, widely used to model computer virus propagations, suffer from either limited scalability to large networks, or accuracy loss resulting from simplifying approximations. In this paper, a discrete-time absorbing Markov process is constructed to precisely characterize virus propagations. Conducting eigenvalue analysis and Jordan decomposition to the process, we prove that the virus extinction rate, i.e., the rate at which the Markov process converges to a virus-free absorbing state, is bounded. The bounds, depending on the infection and curing probabilities, and the minimum degree of the network topology, have closed forms. We also reveal that the minimum curing probability for a given extinction rate requirement, specified through the upper bound, is independent of the explicit size of the network. As a result, we can interpret the extinction rate requirement of a large network with that of a much smaller one, evaluate its minimum curing requirement, and achieve simplifications with negligible loss of accuracy. Simulation results corroborate the effectiveness of the interpretation, as well as its analytical accuracy in large networks.

Published
2016

107. Anti-Pollution Source Location Privacy Preserving Scheme in Wireless Sensor Networks

Author

Kangfeng Zheng, Dongmei Zhang, and Zha Xuan

Subjects
Traffic analysis, business.industry, Computer science, Key distribution, 020206 networking & telecommunications, 02 engineering and technology, Public-key cryptography, Key distribution in wireless sensor networks, Linear network coding, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Network performance, business, Wireless sensor network, Computer network, Vulnerability (computing)
Abstract

The source-location privacy threat is one of the critical issues in Wireless Sensor Networks (WSNs). Adversaries may trace along the sensor traffic to hunt targets around source nodes. Previous works proposed dummy messages and network coding to eliminate time and content correlations. However, these proposed schemes may result in explosion of polluted and dummy messages, opening up vulnerability to active attackers. In this work, we propose pollution avoiding source location privacy preserving scheme PA-SLP. A probabilistic key predistribution is proposed to predistributed keys in nodes. It enables intermediate nodes to verify signatures and filter out dummy or polluted messages with a certain possibility. In PA-SLP, a triple type homomorphic signature algorithm is developed to detect and classify three message types with only one pair of asymmetric keys. PA-SLP is able to adjust key distribution parameters to balance network performance and privacy. Security analysis and simulation results demonstrate PA-SLP can resist traffic analysis and filter out polluted and dummy messages effectively.

Published
2016

108. Detection of command and control in advanced persistent threat based on independent access

Author

Xu Wang, Kangfeng Zheng, Xinxin Niu, Chunhua Wu, and Bin Wu

Subjects
Advanced persistent threat, business.industry, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Computer security, computer.software_genre, Feature (computer vision), Component (UML), 0202 electrical engineering, electronic engineering, information engineering, Command and control, 020201 artificial intelligence & image processing, business, computer, Computer network
Abstract

© 2016 IEEE. Advanced Persistent Threat (APT) imposes increasing threats on cyber security with the developing network attack technologies. APT is a highly interactive, specifically targeted and extremely harmful network-centric attack, which employs various technologies to evade detection during attacks leading to the result that victims will not be aware of attacks until they suffer from tremendous losses. Since command and control (C&C) is an essential component during the lifetime of APT, the detection of it is a practical measure to defend against the APT. In this paper, we analyze the features of C&C in APT and find that the HTTP-based C&C is widely used. Based on the analysis results, we propose a new feature of C&C, i.e., independent access, to characterize the difference between C&C communications and normal HTTP requests. Applying the independent access feature into DNS records, we implement a novel C&C detection method and validate it on public dataset. As a new feature of C&C, its advantages and drawbacks are also analyzed.

Published
2016

110. A Novel PUF-Based Key Management Scheme for DTMSN

Author

Yuanbo Guo, Kangfeng Zheng, Kuiwu Yang, and Dongmei Zhang

Subjects
Scheme (programming language), Computer Networks and Communications, Hardware and Architecture, Computer science, Distributed computing, Key management, computer, computer.programming_language
Published
2012

111. An Efficient Algorithm for Time-Driven Data Gathering in Wireless Sensor Networks Using Inter-Session Network Coding

Author

Yixian Yang, Qian Xiao, Kangfeng Zheng, Shoushan Luo, and Ling Zhang

Subjects
Computer Networks and Communications, Visual sensor network, business.industry, Wireless network, Computer science, Wireless WAN, Key distribution in wireless sensor networks, Hardware and Architecture, Linear network coding, Mobile wireless sensor network, Radio resource management, business, Wireless sensor network, Computer network
Published
2012

112. Secure Data Transmission and Modelling in Vehicular Ad Hoc Networks

Author

Wei Ni, Kangfeng Zheng, Xuan Zha, Ren Ping Liu, and Xinxin Niu

Subjects
Vehicular ad hoc network, Computer science, Wireless ad hoc network, business.industry, Distributed computing, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Data security, Markov process, Network topology, symbols.namesake, symbols, business, Secure transmission, Data transmission, Computer network
Abstract

© 2015 IEEE. Data security is crucial to safety-related vehicular applications. Critical challenges of unstable topologies and the collisions of uncoordinated data transmissions arise, due to the mobile and distributed nature of vehicular ad-hoc networks (VANETs). We propose a new secure transmission protocol for VANETs, where the transmitter can adaptively switch between backing off transmissions to alleviate collisions, as well as changing keys, to increase success rate with matched keys. We also develop a new 3-dimensional (3-D) Markov model to characterize the protocol. Security analyses are carried out. Interesting insights and useful guidelines to adequately distribute keys among mobile vehicular nodes are also provided.

Published
2015

113. Detecting Malicious Social Robots with Generative Adversarial Networks.

Author

Bin Wu, Le Liu, Zhengge Dai, Xiujuan Wang, and Kangfeng Zheng

Subjects
SOCIAL robots, AUTONOMOUS robots, INFORMATION networks, COMPUTER network security, INFORMATION technology security, SOCIAL networks
Abstract

Malicious social robots, which are disseminators of malicious information on social networks, seriously affect information security and network environments. The detection of malicious social robots is a hot topic and a significant concern for researchers. A method based on classification has been widely used for social robot detection. However, this method of classification is limited by an unbalanced data set in which legitimate, negative samples outnumber malicious robots (positive samples), which leads to unsatisfactory detection results. This paper proposes the use of generative adversarial networks (GANs) to extend the unbalanced data sets before training classifiers to improve the detection of social robots. Five popular oversampling algorithms were compared in the experiments, and the effects of imbalance degree and the expansion ratio of the original data on oversampling were studied. The experimental results showed that the proposed method achieved better detection performance compared with other algorithms in terms of the F1 measure. The GAN method also performed well when the imbalance degree was smaller than 15%. [ABSTRACT FROM AUTHOR]

Published
2019
Full Text
View/download PDF

114. User Identification Using Real Environmental Human Computer Interaction Behavior.

Author

Tong Wu, Kangfeng Zheng, Chunhua Wu, and Xiujuan Wang

Subjects
SOCIAL interaction, COMPUTER user identification, SUPPORT vector machines, KEYBOARDS (Electronics)
Abstract

In this paper, a new user identification method is presented using real environmental human-computer-interaction (HCI) behavior data to improve method usability. User behavior data in this paper are collected continuously without setting experimental scenes such as text length, action number, etc. To illustrate the characteristics of real environmental HCI data, probability density distribution and performance of keyboard and mouse data are analyzed through the random sampling method and Support Vector Machine(SVM) algorithm. Based on the analysis of HCI behavior data in a real environment, the Multiple Kernel Learning (MKL) method is first used for user HCI behavior identification due to the heterogeneity of keyboard and mouse data. All possible kernel methods are compared to determine the MKL algorithm's parameters to ensure the robustness of the algorithm. Data analysis results show that keyboard data have a narrower range of probability density distribution than mouse data. Keyboard data have better performance with a 1-min time window, while that of mouse data is achieved with a 10-min time window. Finally, experiments using the MKL algorithm with three global polynomial kernels and ten local Gaussian kernels achieve a user identification accuracy of 83.03% in a real environmental HCI dataset, which demonstrates that the proposed method achieves an encouraging performance. [ABSTRACT FROM AUTHOR]

Published
2019
Full Text
View/download PDF

115. An Evaluation Model of Botnet Based on Peer to Peer

Author

Xinxin Niu, Kangfeng Zheng, Gao Jian, and Yixian Yang

Subjects
ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Software_OPERATINGSYSTEMS, Evaluation system, Computer science, Robustness (computer science), ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Botnet, Peer to peer computing, Data mining, Peer-to-peer, computer.software_genre, Computer security, computer
Abstract

We propose a evaluation model of botnet based on peer to peer. We propose key metrics to measure their activities(e.g, Stealthy, Effectiveness, Efficiency and Robustness). Using these performance metrics, we can study p2p botnet in a systematic way, and more convenient to find the method to defense botnet. In particular, our models show that the important relationship between degree and these metrics in p2p botnet. Our experiments prove that, the degree of nodes play an important role in evaluating robust of botnet, at the same time, the differences of node degree also an important metric in our evaluation system. We evaluate some botnet using simulation and demonstrate the utility of our proposed metrics. Our analysis show how botnet can be evaluated according to structure and communication using our proposed metrics.

Published
2012

116. A Secure Network Coding-based Data Gathering Model and Its Protocol in Wireless Sensor Networks

Author

Xu Cui, Shoushan Luo, Kangfeng Zheng, and Qian Xiao

Subjects
Scheme (programming language), General Computer Science, data gathering, Computer science, Symbol (chemistry), lcsh:QA75.5-76.95, Obfuscation, data-privacy preserving, wireless sensor networks, Protocol (object-oriented programming), computer.programming_language, Data collection, business.industry, QA75.5-76.95, network coding, Computational Mathematics, Key distribution in wireless sensor networks, Linear network coding, Electronic computers. Computer science, lcsh:Electronic computers. Computer science, business, computer, Wireless sensor network, data obfuscation, pollution preventing, Computer network
Abstract

To provide security for data gathering based on network coding in wireless sensor networks (WSNs), a secure network coding-based data gathering model is proposed, and a data-privacy preserving and pollution preventing (DPP&PP) protocol using network coding is designed. DPP&PP makes use of a new proposed pollution symbol selection and pollution (PSSP) scheme based on a new obfuscation idea to pollute existing symbols. Analyses of DPP&PP show that it not only requires low overhead on computation and communication, but also provides high security on resisting brute-force attacks.

Published
2012

117. A Data Delivery Approach Based on Location and Velocity Vector for Delay Tolerant Mobile Sensor Networks

Author

Shize Guo, Wen-ji Li, Kangfeng Zheng, and Dong-mei Zhang

Subjects
Mobile radio, Transmission (telecommunications), business.industry, Computer science, Real-time computing, Overhead (computing), Data delivery, State (computer science), business, Mobile sensor networks, Wireless sensor network, Computer network, Data transmission
Abstract

Delay Tolerant Mobile Sensor Networks (DTMSN) has the enormous potential to expand its applications in many previously impossible fields. Because of its intermittent link and limited network resources, this network needs an effective data forwarding algorithm to ensure valid data forwarding and highly delivery ratio. Recent approaches have drawbacks of computing nodes' delivery probability, because they only paid attention to partial factors. In this paper, a Location and Velocity vector based data Delivery approach (LVD) was proposed, which gives an in-depth description of nodes' motion state, and more accurately calculates the delivery probability based on the location and velocity vector. Simulation results show that this approach cannot only improve the message delivery rate with lower transmission overhead, but also reduce data transmission delay.

Published
2012

118. Biologically Inspired Anomaly Detection for Hierarchical Wireless Sensor Networks

Author

Tianliang Lu, Kangfeng Zheng, Yixian Yang, Dongmei Zhang, and Rongrong Fu

Subjects
Flexibility (engineering), Computer Networks and Communications, Computer science, business.industry, Artificial immune system, Distributed computing, media_common.quotation_subject, Denial-of-service attack, Machine learning, computer.software_genre, Fuzzy logic, Adaptability, Key distribution in wireless sensor networks, Anomaly detection, Artificial intelligence, business, Wireless sensor network, computer, media_common
Abstract

The resource constraint characteristic of sensor nodes make wireless sensor networks (WSN) very vulnerable to resource depletion attack such as DoS/DDos attack. On the other hand, the resource constraint characteristic also makes anomaly detection a challenging problem in WSN. To address the challenge, this paper presents an anomaly detection framework by taking the advantages of artificial immune system (AIS) and fuzzy theory. The proposed framework incorporates three components: local danger sensing, co-stimulation and global recognition. Due to the hierarchical structure and cooperative mechanism, the proposed model shows more advantages in detection performance than conventional method. The simulation results show that compared to watchdog method, the proposed method can provide higher detection rate and lower false detection rate. Moreover, the propose method shows advantages in flexibility and adaptability.

Published
2012

119. A Danger Theory Based Mobile Virus Detection Model and Its Application in Inhibiting Virus

Author

Shize Guo, Rongrong Fu, Kangfeng Zheng, Bin Wu, Tianliang Lu, and Yingqing Liu

Subjects
Negative selection algorithm, Computer Networks and Communications, Computer science, business.industry, Artificial immune system, Computer security, computer.software_genre, Virus, Theory based, Virus detection, Mobile phone, Cellular network, business, human activities, computer, Computer network
Abstract

According to the propagation and destruction characteristics of mobile phone viruses, a virus detection model based on the Danger Theory is proposed. This model includes four phases: danger capture, antigen presentation, antibody generation and antibody distribution. In this model, local knowledge of mobile phones is exploited by the agents that are running in mobile phones to discover danger caused by viruses. The Antigen Presenting Cells (APCs) present the antigen from mobile phones in the danger zone, and the Decision Center confirms the infection of viruses. After the antibody is generated by self-tolerating using the negative selection algorithm, the Decision Center distributes the antibody to mobile phones. Due to the distributed and cooperative mechanism of artificial immune system, the proposed model lowers the storage and computing consumption of mobile phones. The simulation results show that based on the mobile phone virus detection model, the proposed virus immunization strategy can effectively inhibit the propagation of mobile phone viruses.

Published
2012

120. A study on energy efficient cluster-based network coding protocol for aggregated-data gathering in wireless sensor networks

Author

Shoushan Luo, Yajian Zhou, Kangfeng Zheng, and Qian Xiao

Subjects
Network architecture, Wi-Fi array, Grid network, business.industry, Network information system, Wireless ad hoc network, Computer science, Network packet, Wireless network, Distributed computing, Order One Network Protocol, Wireless WAN, Energy consumption, Key distribution in wireless sensor networks, Intelligent computer network, Linear network coding, Computer Science::Networking and Internet Architecture, Mobile wireless sensor network, business, Wireless sensor network, Heterogeneous network, Municipal wireless network, Computer network, Efficient energy use
Abstract

This paper proposes a cluster-based network coding data gathering (CNCDG) protocol used for the aggregated-data gathering scenario in wireless sensor networks, where the sink only wants an aggregated result of all the data sensed from an area. CNCDG integrates cluster-based routings with network coding. It aims to save more energy than flat-based network coding protocols by permitting cluster heads to perform some aggregation so as to reduce the amount of packets transmitted. This paper theoretically analyzes the feasibility of CNCDG and presents its energy consumption function in a regular rectangular grid network, and further demonstrates the fact that CNCDG will be energy efficient in most environments by simulations in random-deployed networks.

Published
2011

121. Multiple-image compressed encryption and decryption by compressive holography

Author

Kangfeng Zheng, Xinxin Niu, Hong Di, and Xin Zhang

Subjects
business.industry, Holography, Nonuniform sampling, Data_CODINGANDINFORMATIONTHEORY, Encryption, Computer-generated holography, law.invention, symbols.namesake, Compressed sensing, Fourier transform, Wavelet, law, symbols, Computer vision, Artificial intelligence, Quantization (image processing), business, Mathematics
Abstract

This paper presents a scheme of a multiple-image compressed encryption based on the compressive holography technique. Computer generate hologram (CGH) is implemented to record multiple images simultaneously into an encrypted hologram. Because its two-dimensional (2D) Fourier transform (FT) result is analogous a partial 3D Fourier transform sampling, the 2D FT result can be compressed by a nonuniform sampling accompanied with a quantization. The encryption and compression processes agrees with the requirement of the compressive sensing and composes the compressive holography. Therefore, the decryption is solved by a minimization. It remains the sparsity of the recovered natural images in the wavelet basis. Meanwhile, a total-variation regularization and a nonnegative constraint is employed to extract images with edge preserved and nonnegative gray scale, respectively. Experiments are conducted to demonstrate the feasibility of the multiple-image compressed encryption.

Published
2011

122. Detecting DDoS Attack Based on Empirical Mode Decomposition

Author

Xiujuan Wang and Kangfeng Zheng

Subjects
Sequence, Self-similarity, Computer science, Network security, business.industry, Mode (statistics), Denial-of-service attack, Computer security, computer.software_genre, Hurst index, Hilbert–Huang transform, False positive paradox, business, Algorithm, computer
Abstract

The paper proposes to apply Empirical Mode Decomposition (EMD) to network traffic signal. Then the corresponding intrinsic mode functions (IMFs) are obtained to calculate their Hurst index based on which the influence to the IMF Hurst after DDoS attack was analyzed. Finally, it makes a judgment on whether a DDoS attack happened or not by solving the IMF Hurst index of the unsure sequence. Experimental results show that, compared with the original signal Hurst index assay, this method can increase detection precision and CI, reduce the rate of false positives and false negative. The method behaves well in distinguishing attacked traffic from normal ones.

Published
2011

123. PUF-Based Node Mutual Authentication Scheme for Delay Tolerant Mobile Sensor Network

Author

Yuanbo Guo, Dawei Wei, Kuiwu Yang, and Kangfeng Zheng

Subjects
Authentication, business.industry, Computer science, Node (networking), Physical unclonable function, Mobile computing, Mutual authentication, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Key distribution in wireless sensor networks, Network Access Control, Mobile wireless sensor network, business, Wireless sensor network, Replay attack, Computer network
Abstract

As an emerging network, Delay Tolerant Mobile Sensor Network (DTMSN) is susceptible to be attacked because of its limited resources and intermittent connectivity. Though authentication technology is usually used to prevent network from attacks, it is a challenging work in delay tolerant circumstance. In this paper, a node mutual authentication scheme based on Physical Unclonable Function (PUF) is proposed for DTMSN. We take advantage of the physical characteristics of chips with PUFs to prevent sensor nodes from cloning. Analysis indicates that the scheme is efficient and robust against different attacks, such as clone attack, replay attack, tampering attack, etc.

Published
2011

124. An intrusion detection scheme based on anomaly mining in Internet of Things

Author

Yixian Yang, Rongrong Fu, Kangfeng Zheng, and Dongmei Zhang

Subjects
Scheme (programming language), Anomaly-based intrusion detection system, business.industry, Anomaly (natural sciences), Intrusion detection system, Computer security, computer.software_genre, Geography, Software deployment, Anomaly detection, Distributed intrusion detection, Internet of Things, business, computer, computer.programming_language
Abstract

Internet of things (IOT) is vulnerable to malicious attacks because of opening deployment and limited resources. It's heterogeneous and distributed characters make conventional intrusion detection methodologies hard to deploy. To overcome this problem, this paper shows an intrusion detection scheme based on the anomaly mining. The paper has two parts (i) in the first part an anomaly mining algorithm is developed to detect anomaly data of perception layer, (ii) in the second part a distributed intrusion detection scheme is designed based on the detected anomalies. Since not all anomalies are triggered by malicious intrusion, the intrusion semantic is analyzed to distinguish intrusion behaviors from anomalies. Finally our evaluation and analysis shows that our approach is accurate and extensible.

Published
2011

125. An active defense model for Web Accessing DoS attacks

Author

Shize Guo, Xinxin Niu, Yao Jiang, Jianpeng Zhao, and Kangfeng Zheng

Subjects
Web server, Network security, business.industry, Computer science, media_common.quotation_subject, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Active Defense, Denial-of-service attack, Web access, Deception, Computer security, computer.software_genre, World Wide Web, business, computer, media_common, Web site
Abstract

This paper analyses the characteristics of the Web Accessing DoS attacks, then proposes an active defense model. Based on the differences of data and time between the Web Accessing DoS attacks and the normal users' browsing behavior, the active defense model will divide the web accessing traffic into three types: the normal browsing traffic, the actual attacking traffic, the dubitable attacking traffic. The policies for accessing traffic are different: the normal browsing traffic is permitted to access the web site; the actual attacking traffic is forbidden to access the web site; the dubitable attacking traffic will be led into the deception web site, then the active defense model will determine whether to permit the traffic to access the web site or not according to the observing result. The experimental results show that the model is effective in detecting and preventing the Web Accessing DoS attacks.

Published
2010

126. Epidemic Model of Mobile Phone Virus for Hybrid Spread Mode with Preventive Immunity and Mutation

Author

Yixian Yang, Kangfeng Zheng, and Fan Yuanyuan

Subjects
ComputerSystemsOrganization_COMPUTERSYSTEMIMPLEMENTATION, Computer science, business.industry, Node (networking), fungi, law.invention, Bluetooth, Mode (computer interface), law, Mobile phone, Embedded system, Mutation (genetic algorithm), Mobile telephony, Epidemic model, business, Computer network
Abstract

According to the propagation characteristics of Bluetooth and SMS/MMS,based on the preventive immunity and mutation of mobile phone virus, we built the Susceptible-Exposed-Infected-Recovered(SEIR) model for the Bluetooth and SMS/MMS hybrid spread mode. On the basis of the SEIR model, we further discuss at length the influence of the propagation parameter such as preventive immunity of mobile phone users, mutation of virus, immunity structure in SMS/MMS network and node average degree in Bluetooth network on the propagation of the virus. Simulation results show that the model can simulate the spread process and features of mobile phone for hybrid spread model perfectly.

Published
2010

127. A Novel VoIP Flooding Detection Method Basing on Call Duration

Author

Tianlu Yang, Kangfeng Zheng, and Yixian Yang

Subjects
Voice over IP, business.industry, Computer science, InformationSystems_INFORMATIONSYSTEMSAPPLICATIONS, Server, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Telecommunication security, Flooding attack, ComputerApplications_COMPUTERSINOTHERSYSTEMS, business, Computer network, Call duration, Flooding (computer networking)
Abstract

Through deeply analysis of INVITE flooding attack of SIP based VoIP system, a novel VoIP flooding detection scheme called CDVFD (Call Duration based VoIP Flooding Detection) is presented. The CDVFD method makes use of SIP signaling bidirectional interaction, and it can make fast detection using Chi-square value, and can distinguish from normal high VoIP traffic. Experimental results show the effectiveness of the method.

Published
2010

128. Pairing-Based Key Management Scheme for Heterogeneous Sensor Networks

Author

Kangfeng Zheng, Kui-wu Yang, Yixian Yang, and Shize Guo

Subjects
Authentication, Network security, business.industry, Computer science, Key space, Mobile computing, Key distribution, Cryptography, Public-key cryptography, Elliptic curve, Base station, Pairing-based cryptography, Key distribution in wireless sensor networks, Pairing, Sybil attack, Cryptosystem, Elliptic curve cryptography, business, Key management, Replay attack, Wireless sensor network, Computer network
Abstract

Key management is challenging in wireless sensor networks (WSNs). Most existing key management schemes mainly consider using symmetric cryptosystems in homogeneous sensor network, but they often do not provide a satisfied storage performance and cause large overhead in establishing shared keys for all pairs of neighbor sensors. In this paper, we propose a key management scheme using for heterogeneous sensor networks (HSNs). Our scheme is based on pairing-based cryptography and has four types of keys according to networks security needs. The scheme reduces the communication cost and key storage spaces of nodes. In fact sensor nodes can agree shared keys without any interaction and no need to store any keys of the other nodes before deployed. Analysis and simulation indicate that the scheme is efficient, and it enables authentication, and robust against different attacks such as replay attack, masquerade attack, Sybil attack etc.

Published
2010

129. Applying Multiple Residual Error Gray Forecast to Restrain Endpoints Effect in HHT of Network Traffic

Author

Kangfeng Zheng, Xiujuan Wang, Yixian Yang, and Shize Guo

Subjects
Signal processing, Continuation, Transformation (function), Computer science, Speech recognition, Effective method, Data mining, Network monitoring, computer.software_genre, Divergence (statistics), Residual, computer, Time–frequency analysis
Abstract

Studying the features of network traffic is a necessary method in many applications such as managing and monitoring the network, detecting network attack etc. Due to the non-stationary and random characteristics of the traffic signal, Hilbert-Huang Transformation(HHT) is an effective method in signal processing. However, endpoints effect comes subsequently in HHT. In this particular case, the paper introduces a multiple residual error gray forecast method to realize data continuation so as to inhibiting endpoints effect in applying HHT to network traffic signal. Experimental results show that this method can effectively restrain the endpoint divergence phenomenon in applying HHT to network traffic signal, but it is not applicable to deterministic signals.

Published
2010

130. Research of an Innovative P2P-Based Botnet

Author

Kangfeng Zheng, Gao Jian, Yixian Yang, and Zhengming Hu

Subjects
Computer science, business.industry, Distributed computing, Node (networking), Frame (networking), Botnet, Coverage probability, Stability (learning theory), Mechanism based, Analytic hierarchy process, business, Connectivity, Computer network
Abstract

The research recently focuses on the integration of peer-to-peer frame as incremental improvements to botnet. In hybrid P2P botnet, it is important to find a mechanism to select neighbor list for every super node, in order to improve stability of communication when some super nodes lose. At the same time, it needs to select high performance and nearest node as a super node, to provide command request and file transport for other ordinary nodes. In this paper, we propose a neighbor list selecting method based on Strongly Connected Graph and analysis a super node selecting mechanism based on AHP. Evaluation shows that this mechanism can increase coverage probability of commands and decrease average connection time (ACT) between super node and ordinary node.

Published
2010

131. Access Model of Web Users Based on Multi-chains Hidden Markov Models

Author

Kangfeng Zheng, Xiujuan Wang, Yixian Yang, and Shize Guo

Subjects
Computer science, Network security, business.industry, Markov process, ComputerApplications_COMPUTERSINOTHERSYSTEMS, Denial-of-service attack, Undo, computer.software_genre, Data modeling, symbols.namesake, Web page, symbols, The Internet, Data mining, business, Hidden Markov model, computer, Computer network
Abstract

How to distinguish abnormal access from normal ones is the key problem in Distribution Denial of service(DDoS) attack detection. This research aims at finding out the major difference between the abnormal access and the normal ones in application layer. To this end, the paper conducts modeling on Web users’ access behaviors based on hidden Markov model(HMM) with multiple chains and puts forward a method to identify abnormal access. Tests on simulation data indicate that this model can undo Web users access to a certain degree and discern the abnormal access well.

Published
2009

132. Design of a High Security GSM/UMTS Inter-System

Author

Kangfeng Zheng, Shize Guo, Lei Zhang, and Zhongxian Li

Subjects
Subscriber identity module, Customised Applications for Mobile networks Enhanced Logic, Computer science, business.industry, InformationSystems_INFORMATIONSYSTEMSAPPLICATIONS, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Data_CODINGANDINFORMATIONTHEORY, law.invention, law, GSM, UMTS Terrestrial Radio Access Network, Service data point, MSISDN, ComputerSystemsOrganization_SPECIAL-PURPOSEANDAPPLICATION-BASEDSYSTEMS, GSM services, Telecommunications, business, Cell Broadcast, Computer network
Abstract

GSM and UMTS mobile radio network will coexist for a few years. Security of interoperation between GSM and UMTS becomes more important. This paper proposes a high security GSM/UMTS inter-system which supports all possible network roaming and provides high security service for both GSM and UMTS subscriber. The paper discusses the architecture of proposed system and authentication procedure in different network environment. The high security GSM/UMTS is efficient in GSM and UMTS coexistence environment in future through a comparison with previous GSM/UMTS inter-system.

Published
2009

133. A new method for watermark of color static image based on gradient field analysis

Author

Shize Guo, Kangfeng Zheng, and Wei Zhang

Subjects
business.industry, Cryptography, Watermark, computer.file_format, JPEG, Redundancy (information theory), Least significant bit, Information hiding, Vector field, Computer vision, Artificial intelligence, business, computer, Digital watermarking, Mathematics
Abstract

The goal of this paper is to carry out a study in a new algorithm of digital watermark, which makes a information hiding calculation in spatial domain. This method can achieve a higher robustness to prevent many attacks from channel noise, JPEG, etc; and as while it can achieve a higher imperceptible than simple LSB method. The ownership insert the watermark into the host signal after analyzing the gradient of the host image based on difference method. A conclusion can be made that the proposed technique is practical.

Published
2009

134. Improved Adoptable Scheme for Authentication and Key Agreement

Author

null Haitao Li, null Shize Guo, null Kangfeng Zheng, Zhe Chen, null Jun Cui, and null Xingyao Wu

Subjects
Cryptographic primitive, Computer engineering, business.industry, Computer science, Authentication protocol, Lightweight Extensible Authentication Protocol, Wide Mouth Frog protocol, Cryptographic protocol, Challenge–response authentication, business, Hash-based message authentication code, Data Authentication Algorithm, Computer network
Published
2009

135. A Novel Dynamic Immunization Model Basing on Alarm Information

Author

Kangfeng Zheng, Tianlu Yang, Yixian Yang, and Guoai Xu

Subjects
TheoryofComputation_MISCELLANEOUS, business.industry, Computer science, animal diseases, fungi, Process (computing), chemical and pharmacologic phenomena, biochemical phenomena, metabolism, and nutrition, Complex network, Computer security, computer.software_genre, Electronic mail, ALARM, Immunization, bacteria, The Internet, business, computer, Worm infection
Abstract

A dynamic immunization model based on alarm information mail spreading was proposed to suppress email worms propagation. This model considers interaction between immunization process and worm infection process other than static immunization strategies. The simulation results show that the model can suppress infection process more effectively without understanding the whole network information than target immunization.

Published
2009

136. An improved algorithm for IP alias resolution in network topology measurement

Author

Kangfeng Zheng, Shize Guo, Yixian Yang, and Yong Zhang

Subjects
Router, Alias, Computer science, business.industry, traceroute, The Internet, Topology (electrical circuits), Algorithm design, business, Network topology, Internet topology, Computer network
Abstract

Internet topology measurement is an important part of Network measurement. Nowadays, traceroute probing method is widely used to obtain the original route data, and the IP alias resolution technique is to identify IP addresses belonging to the same router for constructing accurate Internet maps. However, there are thousands of IP addresses only in a region topology exploration, while current alias resolution technique has limited effectiveness. So we need to apply a new approach to refine the collected path traces before IP alias resolution which is called Alias Filter (AF). In this paper we propose an improved algorithm called RAF which based on rules set according to experiences for dealing with the path data. The performance analysis proves the algorithm has low cost and high efficiency.

Published
2009

137. Research on Man-in-the-Middle Denial of Service Attack in SIP VoIP

Author

Kangfeng Zheng, Shize Guo, Zhe Chen, and Haitao Li

Subjects
Voice over IP, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Data security, Denial-of-service attack, Information security, Man-in-the-middle attack, Computer security, computer.software_genre, The Internet, business, computer, Unified communications, INVITE of Death, Computer network
Abstract

As the number of VoIP users increase and as the deployment of SIP devices gains ground, security has risen as a potential issue worthy of our consideration. VoIP is an application running on the data network and as such, inherits the security issues common to IP. The Man-in-the-Middle (MitM) attacks and the denial of service (DoS) attacks are the hackneyed and evil cyber attacks in the IP which can be easily implemented in the SIP VoIP. In this paper, a unified communication model of SIP VoIP infrastructure is established to analyze the DoS attacks launched by the MitM (MitM-DoS). Then we use the set theory to research the models of MitM-DoS attacks formally.

Published
2009

138. A Secure Proxy Blind Signature Scheme Based on ECDLP

Author

Zhengming Hu, Lanlan Hu, Kangfeng Zheng, and Yixian Yang

Subjects
Public-key cryptography, Blinding, Digital signature, Computer science, business.industry, Proxy blind signature, Computer security, computer.software_genre, Proxy (statistics), business, computer
Abstract

To overcome the secure weakness of the existing proxy blind signature scheme based on ECDLP, an improved scheme is presented. The security of the improved scheme is enhanced by improving on the generate form of the proxy commission and the proxy private key in the proxy phase, the procedure of blinding and unblinding, and the corresponding verification equation of proxy blind signature. The analysis shows that the new scheme resolves secure problems in the former schemes, meets the seven aspects of security features needed by proxy blind signature scheme. The analytic results prove that the new scheme is more secure and practicable.

Published
2009

139. Security Analysis and Defense Strategy on Access Domain in 3G

Author

Zhentao Zhang, Xuetao Du, Zhe Chen, Haitao Li, Shize Guo, and Kangfeng Zheng

Subjects
Authentication, Security analysis, business.industry, Computer science, Wireless network, Man-in-the-middle attack, Cryptographic protocol, Computer security, computer.software_genre, Attack model, Network Access Control, business, computer, Computer network, Vulnerability (computing)
Abstract

In this paper, we analyze the security access domain in the third generation communication system (3G) is vulnerable to Man in the Middle (MitM) attack and denial of service (DoS). Basing on deep analysis of Authentication and Key Agreement (AKA) protocol, we formally established the MitM-DoS attack models in the wireless network and in the wired network. Aiming at the vulnerability in the access domain of 3G, finally, a new defense strategy modeling is demonstrated in the paper.

Published
2009

140. Network Worm Propagating Model Based on Network Topology Unit

Author

Shize Guo, Kangfeng Zheng, and Wei Zhang

Subjects
Engineering, business.industry, Node (networking), Structure (category theory), Topology (electrical circuits), Ring network, business, Topology, Network topology, Unit (ring theory), Computer network
Abstract

The existing analytic models on network worm propagation rarely consider the effect of topology structure, and it usually considers the probability and spread parameter as fixed values. They are not coinciding with real situation. Here in the paper, a microstructure based propagation model is proposed to inflect the variability with time. In this model, many probability factors are considered, for example the connecting probability from one node to another node, one node's immune probability, which make the model more general and suitable for simulation.

Published
2009

141. A Data Safety Transmission Solution in Web Application

Author

Kangfeng Zheng, Yixian Yang, and Bin Wu

Subjects
business.industry, Computer science, Data security, Cryptography, USB, Application software, computer.software_genre, law.invention, Transmission (telecommunications), law, Embedded system, Systems design, Web application, Web service, business, computer
Published
2007

142. Modeling of Man-in-the-Middle Attack in the Wireless Networks

Author

Yixian Yang, Kangfeng Zheng, Zhe Chen, and Shize Guo

Subjects
Mobile radio, Wi-Fi array, Computer science, business.industry, Wireless network, Mobile computing, Wireless WAN, Base transceiver station, Man-in-the-middle attack, Computer security, computer.software_genre, Key distribution in wireless sensor networks, Cognitive radio, GSM, Network Access Control, Wireless, Radio resource management, Fixed wireless, business, Mobile device, computer, Vulnerability (computing), Computer network
Abstract

As the number of wireless users increases and as more powerful mobile devices become available for lower cost, Man-in- the-Middle attacks will pose an increasingly real threat to wireless network security. In this paper, a unified mathematical model is established to analyze Man-in-the-Middle attacks in diverse wireless networks. Then we use propositions and logical operations to analyze the relationships of the elements in the model formally. The model and the logical reasoning used in it can assess whether a given system is vulnerable to this type of attack. The defense model of removing the vulnerability is also presented.

Published
2007

143. Research of the Apriority Policy-based Multi-hop BFS Search Algorithm in P2P Network

Author

Shize Guo, Zhe Chen, Kangfeng Zheng, and Yixian Yang

Subjects
Theoretical computer science, Search algorithm, Network packet, Computer science, Breadth-first search, Peer to peer computing, Correctness proofs, Graph theory, Hop (networking)
Abstract

Peer-to-Peer (P2P) network is a fast developing branch of Computer Science and many researchers are developing new algorithms for such systems. After the success of systems like Napster, Kazza, the use of such networks became a necessity. This paper analyses the reason of the redundant search packets in the area of resource discovery and search of the P2P system, details in the Multi-hop BFS algorithm and the apriority policy-based model, puts forward the apriority policy-based multi-hop BFS search algorithm and gives the correctness proof of APM-MHBFS.

Published
2007

144. Normalized and classified feature selection in text categorization

Author

Jun Guo, Kangfeng Zheng, and Xiujuan Wang

Subjects
Normalization (statistics), Computer science, business.industry, Feature selection, Pattern recognition, Evaluation function, computer.software_genre, Boosting methods for object categorization, Text categorization, Text mining, Data mining, Artificial intelligence, business, computer
Abstract

Feature selection is a valid method to reduce the dimension of text vector in automatic text categorization system. The paper finds a defect among several normal evaluation functions based on experiments data and proposes that normalization should be taken into these methods as a necessary step. Furthermore, the paper also brings forward a new idea named classified feature selection that applies traditional evaluation function among each class. Experiments prove the validity of these two solutions.

Published
2006

145. Feature Selection to Mine Joint Features from High-dimension Space for Android Malware Detection.

Author

Yanping Xu, Chunhua Wu, Kangfeng Zheng, Xinxin Niu, and Tianling Lu

Subjects
FEATURE selection, PARTICLE swarm optimization, COMPUTER algorithms, MALWARE, SMARTPHONES
Abstract

Android is now the most popular smartphone platform and remains rapid growth. There are huge number of sensitive privacy information stored in Android devices. Kinds of methods have been proposed to detect Android malicious applications and protect the privacy information. In this work, we focus on extracting the fine-grained features to maximize the information of Android malware detection, and selecting the least joint features to minimize the number of features. Firstly, permissions and APIs, not only from Android permissions and SDK APIs but also from the developer-defined permissions and third-party library APIs, are extracted as features from the decompiled source codes. Secondly, feature selection methods, including information gain (IG), regularization and particle swarm optimization (PSO) algorithms, are used to analyze and utilize the correlation between the features to eliminate the redundant data, reduce the feature dimension and mine the useful joint features. Furthermore, regularization and PSO are integrated to create a new joint feature mining method. Experiment results show that the joint feature mining method can utilize the advantages of regularization and PSO, and ensure good performance and efficiency for Android malware detection. [ABSTRACT FROM AUTHOR]

Published
2017
Full Text
View/download PDF

146. WORM-HUNTER: A Worm Guard System using Software-defined Networking.

Author

Yixun Hu, Kangfeng Zheng, Xu Wang, and Yixian Yang

Subjects
HONEYPOTS (Network security), SOFTWARE-defined networking, VIRTUAL machine systems, NETWORK-centric operations (Military science), COMPUTER simulation
Abstract

Network security is rapidly developing, but so are attack methods. Network worms are one of the most widely used attack methods and have are able to propagate quickly. As an active defense approach to network worms, the honeynet technique has long been limited by the closed architecture of traditional network devices. In this paper, we propose a closed loop defense system of worms based on a Software-Defined Networking (SDN) technology, called Worm-Hunter. The flexibility of SDN in network building is introduced to structure the network infrastructures of Worm-Hunter. By using well-designed flow tables, Worm-Hunter is able to easily deploy different honeynet systems with different network structures and dynamically. When anomalous traffic is detected by the analyzer in Worm-Hunter, it can be redirected into the honeynet and then safely analyzed. Throughout the process, attackers will not be aware that they are caught, and all of the attack behavior is recorded in the system for further analysis. Finally, we verify the system via experiments. The experiments show that Worm-Hunter is able to build multiple honeynet systems on one physical platform. Meanwhile, all of the honeynet systems with the same topology operate without interference. [ABSTRACT FROM AUTHOR]

Published
2017
Full Text
View/download PDF

148. ACO-BTM: A Behavior Trust Model in Cloud Computing Environment

Author

Min Lei, Yuyu Bie, Kangfeng Zheng, and Guoyuan Lin

Subjects
ant colony optimization, General Computer Science, trust pheromone, Computer science, Process (engineering), business.industry, Distributed computing, Ant colony optimization algorithms, cloud computing, Data_MISCELLANEOUS, Context (language use), Cloud computing, Computer security, computer.software_genre, lcsh:QA75.5-76.95, Computational Mathematics, heuristic pheromone, behavior trust, Time constraint, lcsh:Electronic computers. Computer science, business, computer
Abstract

Considering trust issues in cloud computing, we analyze the feasibility of adopting ant colony optimization algorithm to simulate trust relationships between entities in the cloud and then propose a novel behavior trust model: ACO-BTM. Trust relationships between entities in cloud computing are dynamic, uncertain and hard to quantify. ACO-BTM introduces the conception of ‘pheromone’ and transition probability to represent behavior trust. Then, it focuses on the research of dynamic trust evaluation, time constraint and some other issues. Furthermore, a detailed algorithm process of behavior trust evaluation is given in this context. Finally, ACO-BTM is applied to cloud computing platform to simulate the establishment of behavior trust relationships. The simulation experiment verifies that trust degree change with time varies and the frequency of interactions. Compared with the other model, ACO-BTM can provide better trust recommendation services and protect against attacks of malicious nodes effectively in cloud computing environment. It is proved that ACO-BTM has good flexibility, accuracy and robustness.

Published
2014

149. Flow-based Anomaly Detection Using Access Behavior Profiling and Time-sequenced Relation Mining.

Author

Weixin Liu, Kangfeng Zheng, Bin Wu, Chunhua Wu, and Xinxin Niu

Subjects
ANOMALY detection (Computer security), DATA mining, ACCESS control, ALGORITHMS, COMPUTATIONAL complexity
Abstract

Emerging attacks aim to access proprietary assets and steal data for business or political motives, such as Operation Aurora and Operation Shady RAT. Skilled Intruders would likely remove their traces on targeted hosts, but their network movements, which are continuously recorded by network devices, cannot be easily eliminated by themselves. However, without complete knowledge about both inbound/outbound and internal traffic, it is difficult for security team to unveil hidden traces of intruders. In this paper, we propose an autonomous anomaly detection system based on behavior profiling and relation mining. The single-hop access profiling model employ a novel linear grouping algorithm PSOLGA to create behavior profiles for each individual server application discovered automatically in historical flow analysis. Besides that, the double-hop access relation model utilizes in-memory graph to mine time-sequenced access relations between different server applications. Using the behavior profiles and relation rules, this approach is able to detect possible anomalies and violations in real-time detection. Finally, the experimental results demonstrate that the designed models are promising in terms of accuracy and computational efficiency. [ABSTRACT FROM AUTHOR]

Published
2016
Full Text
View/download PDF

Catalog

Books, media, physical & digital resources
See catalog results