Your search keyword '"Yingxu Lai"' showing total 27 results

1. Cross-heterogeneous Domain Authentication Scheme Based on Blockchain

Author

Jing Liu, Siyu Wu, Rongchen Li, Sami Mian, Yingxu Lai, and Yixin Liu

Subjects

Authentication, Blockchain, business.industry, Computer science, Hash function, Public key infrastructure, Encryption, Computer security, computer.software_genre, Root certificate, Authentication protocol, The Internet, business, computer

Abstract

With the rising popularity of the Internet and the development of big data technology, an increasing number of organizations are opting to cooperate across domains to maximize their benefits. Most organizations use public key infrastructure to ensure security in accessing their data and applications. However, with the continuous development of identity-based encryption (IBE) technology, small- and medium-sized enterprises are increasingly using IBE to deploy internal authentication systems. To solve the problems that arise when crossing heterogeneous authentication domains and to guarantee the security of the certification process, we propose using blockchain technology to establish a reliable cross-domain authentication scheme. Using the distributed and tamper-resistant characteristics of the blockchain, we design a cross-domain authentication model based on blockchain to guarantee the security of the heterogeneous authentication process and present a cross-domain authentication protocol based on blockchain. This model does not change the internal trust structure of each authentication domain and is highly scalable. Furthermore, on the premise of ensuring security, the process of verifying the signature of the root certificate in the traditional cross-domain authentication protocol is improved to verify the hash value of the root certificate, thereby improving the authentication efficiency. The developed prototype exhibits generality and simplicity compared to previous methods.

Published

2021

2. Explaining the Attributes of a Deep Learning Based Intrusion Detection System for Industrial Control Networks

Author

Yingxu Lai, Jing Liu, Wang Zhidong, and Zenghui Liu

Subjects

Record locking, Computer science, Process (engineering), Control (management), 02 engineering and technology, Intrusion detection system, computer.software_genre, lcsh:Chemical technology, Biochemistry, Article, Analytical Chemistry, 0202 electrical engineering, electronic engineering, information engineering, industrial control network, Relevance (information retrieval), lcsh:TP1-1185, Electrical and Electronic Engineering, Instrumentation, Artificial neural network, business.industry, Deep learning, deep learning, 020206 networking & telecommunications, Industrial control system, Atomic and Molecular Physics, and Optics, layer-wise relevance propagation, intrusion detection system, 020201 artificial intelligence & image processing, Artificial intelligence, Data mining, business, computer

Abstract

Intrusion detection is only the initial part of the security system for an industrial control system. Because of the criticality of the industrial control system, professionals still make the most important security decisions. Therefore, a simple intrusion alarm has a very limited role in the security system, and intrusion detection models based on deep learning struggle to provide more information because of the lack of explanation. This limits the application of deep learning methods to industrial control network intrusion detection. We analyzed the deep neural network (DNN) model and the interpretable classification model from the perspective of information, and clarified the correlation between the calculation process of the DNN model and the classification process. By comparing the normal samples with the abnormal samples, the abnormalities that occur during the calculation of the DNN model compared to the normal samples could be found. Based on this, a layer-wise relevance propagation method was designed to map the abnormalities in the calculation process to the abnormalities of attributes. At the same time, considering that the data set may already contain some useful information, we designed filtering rules for a kind of data set that can be obtained at a low cost, so that the calculation result is presented in a more accurate manner, which should help professionals lock and address intrusion threats more quickly.

Published

2020

3. A trusted access method in software-defined network

Author

Jing Liu, Yinong Chen, Yingxu Lai, and Diao Zipeng

Subjects

0209 industrial biotechnology, Computer access control, Computer science, business.industry, Network Access Device, 020206 networking & telecommunications, Access control, 02 engineering and technology, Trusted Network Connect, Computer security, computer.software_genre, Discretionary access control, 020901 industrial engineering & automation, Distributed System Security Architecture, Hardware and Architecture, Modeling and Simulation, Network Access Control, 0202 electrical engineering, electronic engineering, information engineering, Role-based access control, business, computer, Software, Computer network

Abstract

In software-defined networks (SDN), most controllers do not have an established control function for endpoint users and access terminals to access network, which may lead to many attacks. In order to address the problem of security check on access terminals, a secure trusted access method in SDN is designed and implemented in this paper. The method includes an access architecture design and a security access authentication protocol. The access architecture combines the characteristics of the trusted access technology and SDN architecture, and enhances the access security of SDN. The security access authentication protocol specifies the specific structure and implementation of data exchange in the access process. The architecture and protocol implemented in this paper can complete the credibility judgment of the access device and user's identification. Furthermore, it provides different trusted users with different network access permissions. Experiments show that the proposed access method is more secure than the access method that is based on IP address, MAC address and user identity authentication only, thus can effectively guarantee the access security of SDN.

Published

2017

4. Vulnerability mining for Modbus TCP based on exception field positioning

Author

Yingxu Lai, Wenqian Feng, and Zenghui Liu

Subjects

0209 industrial biotechnology, Computer science, 020208 electrical & electronic engineering, National Vulnerability Database, Random testing, 02 engineering and technology, Industrial control system, Fuzz testing, computer.software_genre, Field (computer science), 020901 industrial engineering & automation, Test case, Hardware and Architecture, Modeling and Simulation, 0202 electrical engineering, electronic engineering, information engineering, Data mining, Communications protocol, Modbus, computer, Software

Abstract

Fuzzing has become an important approach in recent years in detecting vulnerabilities in industrial control system and its network protocol. Traditional fuzzing methods have the shortcomings of low efficiency and blindness. To solve this problem, we have developed an improved fuzzing method based on exception field positioning. The method adds a positioning phase in the testing procedure. We have established a field attribute set model of Modbus protocol and combined it with the attribute reduction algorithm to locate the key fields that trigger potential vulnerabilities. This algorithm assists in connecting the effects of the test cases so that we can adjust the test cases toward a more guided testing procedure, instead of plain random testing. In the simulation experiment, the developed fuzzing method has discovered certain vulnerabilities in Modbus TCP, which include an original vulnerability that has been submitted to the China National Vulnerability Database.

Published

2020

5. Industrial Anomaly Detection and Attack Classification Method Based on Convolutional Neural Network

Author

Zenghui Liu, Yingxu Lai, and Jingwen Zhang

Subjects

Article Subject, Computer Networks and Communications, Computer science, Industrial production, 02 engineering and technology, computer.software_genre, Convolutional neural network, SCADA, lcsh:Technology (General), 0202 electrical engineering, electronic engineering, information engineering, lcsh:Science (General), business.industry, Deep learning, Process (computing), Information technology, 020206 networking & telecommunications, Industrial control system, lcsh:T1-995, 020201 artificial intelligence & image processing, Anomaly detection, Artificial intelligence, Data mining, business, computer, Information Systems, lcsh:Q1-390

Abstract

The massive use of information technology has brought certain security risks to the industrial production process. In recent years, cyber-physical attacks against industrial control systems have occurred frequently. Anomaly detection technology is an essential technical means to ensure the safety of industrial control systems. Considering the shortcomings of traditional methods and to facilitate the timely analysis and location of anomalies, this study proposes a solution based on the deep learning method for industrial traffic anomaly detection and attack classification. We use a convolutional neural network deep learning representation model as the detection model. The original one-dimensional data are mapped using the feature mapping method to make them suitable for model processing. The deep learning method can automatically extract critical features and achieve accurate attack classification. We performed a model evaluation using real network attack data from a supervisory control and data acquisition (SCADA) system. The experimental results showed that the proposed method met the anomaly detection and attack classification needs of a SCADA system. The proposed method also promotes the application of deep learning methods in industrial anomaly detection.

Published

2019

6. Industrial Control Intrusion Detection Approach Based on Multiclassification GoogLeNet-LSTM Model

Author

Yingxu Lai, Ankang Chu, and Jing Liu

Subjects

Article Subject, Computer Networks and Communications, Computer science, Feature extraction, 02 engineering and technology, Intrusion detection system, computer.software_genre, lcsh:Technology (General), 0202 electrical engineering, electronic engineering, information engineering, lcsh:Science (General), Modbus, Network packet, business.industry, Deep learning, 020206 networking & telecommunications, Industrial control system, 020202 computer hardware & architecture, Softmax function, lcsh:T1-995, Data mining, Artificial intelligence, business, Communications protocol, computer, lcsh:Q1-390, Information Systems

Abstract

Intrusion detection is essential for ensuring the security of industrial control systems. However, conventional intrusion detection approaches are unable to cope with the complexity and ever-changing nature of industrial intrusion attacks. In this study, we propose an industrial control intrusion detection approach based on a combined deep learning model for communication processes that use the Modbus protocol. Initially, the network packets are classified as carrying information and noncarrying information based on key fields according to the communication protocol used. Next, a template comparison approach is employed to detect the network packets that do not carry any information. Furthermore, an approach based on a GoogLeNet-long short-term memory model is used to detect the network packets that do carry information. This approach involves network packet sequence construction, feature extraction, and time-series level detection. Subsequently, the detected intrusions are classified into multiple categories through a Softmax classifier. A gas pipeline dataset of the Modbus protocol is used to evaluate the proposed approach and compare it with existing strategies. The accuracy, false-positive rate, and miss rate are 97.56%, 2.42%, and 2.51%, respectively, thus confirming that the proposed approach is suitable for intrusion detection in industrial control systems.

Published

2019

7. Vulnerability Mining Method for the Modbus TCP Using an Anti-Sample Fuzzer

Author

Yingxu Lai, Gao Huijuan, and Jing Liu

Subjects

probability distribution, Exploit, Computer science, vulnerability mining, Vulnerability, 02 engineering and technology, lcsh:Chemical technology, computer.software_genre, Biochemistry, Article, Analytical Chemistry, Header, 0202 electrical engineering, electronic engineering, information engineering, lcsh:TP1-1185, Electrical and Electronic Engineering, Instrumentation, Modbus, Protocol data unit, 020206 networking & telecommunications, Modbus TCP, Industrial control system, Fuzz testing, industrial control system, Atomic and Molecular Physics, and Optics, Test case, recurrent neural network, 020201 artificial intelligence & image processing, Data mining, Communications protocol, computer

Abstract

Vulnerability mining technology is used for protecting the security of industrial control systems and their network protocols. Traditionally, vulnerability mining methods have the shortcomings of poor vulnerability mining ability and low reception rate. In this study, a test case generation model for vulnerability mining of the Modbus TCP based on an anti-sample algorithm is proposed. Firstly, a recurrent neural network is trained to learn the semantics of the protocol data unit. The softmax function is used to express the probability distribution of data values. Next, the random variable threshold and the maximum probability are compared in the algorithm to determine whether to replace the current data value with the minimum probability data value. Finally, the Modbus application protocol (MBAP) header is completed according to the protocol specification. Experiments using the anti-sample fuzzer show that it not only improves the reception rate of test cases and the ability to exploit vulnerabilities, but also detects vulnerabilities of industrial control protocols more quickly.

Published

2020

8. Design and analysis on trusted network equipment access authentication protocol

Author

Zhen Yang, Yingxu Lai, Qichen Zou, Yinong Chen, and Zenghui Liu

Subjects

Engineering, Otway–Rees protocol, Network security, business.industry, Tunneling protocol, Computer security, computer.software_genre, Trusted Network Connect, Hardware and Architecture, Modeling and Simulation, Authentication protocol, Network Access Control, Direct Anonymous Attestation, Wide Mouth Frog protocol, business, computer, Software, Computer network

Abstract

Cloud security is a system engineering problem. A common approach to address the problem is to adapt existing Trusted Network Connection (TNC) framework in the cloud environment, which can be used to assess and verify end clients’ system state. However, TNC cannot be applied to network equipment attached to the cloud computing environment directly. To allow the network devices to access the trusted network devices safely and reliably, we first developed a Trusted Network Equipment Access Authentication Protocol (TNEAAP). We use the BAN logic system to prove that TNEAAP is secure and credible. We then configure the protocol in an attack detection mode to experimentally show that the protocol can withstand attacks in the real network. Experiment results show that all the nine goals that decide the protocol’s security have been achieved.

Published

2015

9. Software Abnormal Behavior Detection Based on Function Semantic Tree

Author

Wenwen Zhang, Zhen Yang, and Yingxu Lai

Subjects

Probabilistic latent semantic analysis, business.industry, Computer science, Semantic analysis (machine learning), Pattern recognition, computer.software_genre, Software, Semantic similarity, Artificial Intelligence, Hardware and Architecture, System call, Semantic computing, Computer Vision and Pattern Recognition, Artificial intelligence, Data mining, Electrical and Electronic Engineering, Abnormality, business, Semantic compression, computer

Published

2015

10. On monitoring and predicting mobile network traffic abnormality

Author

Li Xiulong, Zhen Yang, Yinong Chen, Yingxu Lai, and Zenghui Liu

Subjects

Engineering, Traffic analysis, business.industry, Floating car data, computer.software_genre, Network traffic control, Network traffic simulation, Traffic classification, Hardware and Architecture, Modeling and Simulation, Cellular network, Traffic shaping, Data mining, business, Traffic generation model, computer, Software

Abstract

Traffic analysis and traffic abnormality detection are emerged as an efficient way of detecting network attacks in recent years. The existing approaches can be improved by introducing a new model and a new analysis method of network user’s traffic behaviors. The description dimensions to network user’s traffic behaviors in the current approaches are high, resulting in high processing complexity, high delay in differentiating an individual user’s abnormal traffic behavior from massive network data, and low detection rate. To improve the detection rate and efficiency, we develop a new method of establishing user’s traffic behavior analysis system based on a new model of network traffic monitoring. First, we establish a more complete feature set based on the characteristics of network traffic to describe massive network user’s behaviors. Then, we define a feature selection rule based on the relative deviation distance to select the optimized feature set. We use the selected feature set to locate the abnormality moment and the users who produce the abnormal traffic behavior. Finally, a traffic behavior analysis method based on prediction is developed to improve efficiency of the system. This new method is applied to evaluate the mobile users on mobile cloud. The experimental results show that the proposed method has a higher detection rate and lower delay in the analysis of abnormal user’s traffic behavior than that of the existing approaches.

Published

2015

11. FL-GUARD

Author

Yingxu Lai, Zhang Shixuan, and Jing Liu

Subjects

Guard (information security), business.industry, Computer science, Application layer DDoS attack, Floodlight, 020206 networking & telecommunications, Denial-of-service attack, 02 engineering and technology, Modular design, Computer security, computer.software_genre, IP address spoofing, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Software-defined networking, business, computer, Ip address, Computer network

Abstract

This paper proposed a new detection and prevention system against DDoS (Distributed Denial of Service) attack in SDN (software defined network) architecture, FL-GUARD (Floodlight-based guard system). Based on characteristics of SDN and centralized control, etc., FL-GUARD applies dynamic IP address binding to solve the problem of IP spoofing, and uses 3.3.2 C-SVM algorithm to detect attacks, and finally take advantage of the centralized control of software-defined network to issue flow tables to block attacks at the source port. The experiment results show the effectiveness of our system. The modular design of FL-GUARD lays a good foundation for the future improvement.

Published

2017

12. Keyword extraction by entropy difference between the intrinsic and extrinsic mode

Author

Yingxu Lai, Zhen Yang, Kefeng Fan, and Jianjun Lei

Subjects

Statistics and Probability, business.industry, Computer science, Keyword extraction, Condensed Matter Physics, computer.software_genre, Origin of species, Charles darwin, Entropy (information theory), A priori and a posteriori, Artificial intelligence, business, computer, Natural language processing

Abstract

This paper proposes a new metric to evaluate and rank the relevance of words in a text. The method uses the Shannon’s entropy difference between the intrinsic and extrinsic mode, which refers to the fact that relevant words significantly reflect the author’s writing intention, i.e., their occurrences are modulated by the author’s purpose, while the irrelevant words are distributed randomly in the text. By using The Origin of Species by Charles Darwin as a representative text sample, the performance of our detector is demonstrated and compared to previous proposals. Since a reference text “corpus” is all of an author’s writings, books, papers, etc. his collected works is not needed. Our approach is especially suitable for single documents of which there is no a priori information available.

Published

2013

13. A Security Authentication Protocol for Trusted Domains in an Autonomous Decentralized System

Author

Gong Jiezhong, Zenghui Liu, Xiangzhen Yao, Yinong Chen, Ruikang Zhou, and Yingxu Lai

Subjects

Article Subject, Computer Networks and Communications, Computer science, Interaction protocol, 02 engineering and technology, Computer security, computer.software_genre, lcsh:QA75.5-76.95, Distributed System Security Architecture, 0502 economics and business, 0202 electrical engineering, electronic engineering, information engineering, Direct Anonymous Attestation, Autonomous decentralized system, Authentication, business.industry, 05 social sciences, General Engineering, 020206 networking & telecommunications, Trusted third party, Trusted Network Connect, Authentication protocol, 050211 marketing, lcsh:Electronic computers. Computer science, business, computer, Computer network

Abstract

Software Defined Network (SDN) architecture has been widely used in various application domains. Aiming at the authentication and security issues of SDN architecture in autonomous decentralized system (ADS) applications, securing the mutual trust among the autonomous controllers, we combine trusted technology and SDN architecture, and we introduce an authentication protocol based on SDN architecture without any trusted third party between trusted domains in autonomous systems. By applying BAN predicate logic and AVISPA security analysis tool of network interaction protocol, we can guarantee protocol security and provide complete safety tests. Our work fills the gap of mutual trust between different trusted domains and provides security foundation for interaction between different trusted domains.

Published

2016

14. Short Text Sentiment Classification Based on Context Reconstruction

Author

Zhen Yang, Lijuan Duan, Yingxu Lai, and Yu-Jian Li

Subjects

Control and Systems Engineering, Computer science, business.industry, Context (language use), Artificial intelligence, computer.software_genre, business, Computer Graphics and Computer-Aided Design, computer, Software, Natural language processing, Information Systems

Published

2012

15. Research on User Permission Isolation for Multi-Users Service-Oriented Program

Author

Zhan Jing, Liang Peng, Jiang Wei, Lin Li, Yingxu Lai, Shupo Bu, and Li Yu

Subjects

World Wide Web, Software_OPERATINGSYSTEMS, Computer science, Control (management), Principle of least privilege, Isolation (database systems), Privilege (computing), Permission, User Privilege, Virtualization, computer.software_genre, computer, Domain (software engineering)

Abstract

For the super user privilege control problem in system services, a user permission isolation method is proposed. Based on virtualization technology, the permission limited environments are constructed for different users. According to privilege sets, the users, mapping relations are built among users, isolated domains and program modules. Besides, we give an algorithm for division of program permissions based on Concept Lattices. And the security strategies are designed for different isolated domains. Finally, we propose the implications of least privilege, and prove that the method eliminates the potential privileged users in system services.

Published

2012

16. Study on Authentication Protocol of SDN Trusted Domain

Author

Yingxu Lai, Ruikang Zhou, Zenghui Liu, and Jing Liu

Subjects

Network architecture, business.industry, Computer science, Interaction protocol, Trusted third party, Trusted Network Connect, Computer security, computer.software_genre, Distributed System Security Architecture, Authentication protocol, Network Access Control, Direct Anonymous Attestation, business, computer, Computer network

Abstract

Currently Software Define Network (SDN) architecture has become a hot topic. Aiming at the authentication security issues of SDN network architecture, we introduce an authentication protocol based on SDN network architecture without any trusted third party between trusted domains. By applying AVISPA security analysis system of network interaction protocol, we can guarantee protocol security and provide complete safety tests. Our work fill the gap of mutual trust between different trusted domains and provide security foundation for interaction between different trusted domains.

Published

2015

17. Software behaviour analysis method based on behaviour template

Author

Tao Ye, Yingxu Lai, and Zenghui Liu

Subjects

Sequence, Source code, Computer science, business.industry, media_common.quotation_subject, Applied Mathematics, Context (language use), Function (mathematics), computer.software_genre, Computer Science Applications, Software, System call, Modeling and Simulation, Code (cryptography), Data mining, Interrupt, business, computer, media_common

Abstract

This paper proposes a software behaviours analysis method based on behaviour template (SABT), which according to the context of source code, builds a behaviour template to detect software malicious behaviour based on function transfer map and minimum function blocks. In the present research, many methods used state transfer diagram to build software behaviour model. Our method is based on the corresponding relationship between the functions and system call sequence, which ensures the accuracy of the malicious behaviour detection. Compared with traditional methods, such as N-gram, FSA, and Var-gram, SABT can get higher cover rate of code and detect abnormal behaviour more effectively and efficiently.

Published

2018

18. Trust-Based Security for the Spanning Tree Protocol

Author

Pan Qiuyue, Zhizheng Zhou, Yinong Chen, Yingxu Lai, and Zenghui Liu

Subjects

Authentication, Otway–Rees protocol, Computer science, Network security, business.industry, Trusted Network Connect, Network topology, Computer security, computer.software_genre, Spanning Tree Protocol, Authentication protocol, Network Access Control, Link layer, business, computer, Computer network

Abstract

Attacks executed on Spanning Tree Protocol (STP) expose the weakness of link layer protocols and put the higher layers in jeopardy. Although the problems have been studied for many years and various solutions have been proposed, many security issues remain. To enhance the security and credibility of layer-2 network, we propose a trust-based spanning tree protocol aiming at achieving a higher credibility of LAN switch with a simple and lightweight authentication mechanism. If correctly implemented in each trusted switch, the authentication of trust-based STP can guarantee the credibility of topology information that is announced to other switch in the LAN. To verify the enforcement of the trusted protocol, we present a new credible evaluation method of the STP using a specification-based state model. We implement a prototype of trust-based STP to investigate its practicality. Experiment shows that the trusted protocol can achieve security goals and effectively avoid STP attacks with a lower computation overhead and good convergence performance.

Published

2014

19. An Efficient LKH Tree Balancing Algorithm for Group Key Management

Author

Yingxu Lai, Zenghui Liu, Shupo Bu, and Xubo Ren

Subjects

Theoretical computer science, Multicast, Network security, business.industry, Computer science, Distributed computing, Network delay, computer.software_genre, Simulation software, Tree (data structure), Software, Key (cryptography), Rekeying, business, computer

Abstract

This paper will focus on the proposed logical key tree, called the LKH (Logical Key the Hierarchy) and analyze this scheme. An optimization method based on the LKH will be proposed. When the network users to join or leave group, the update method and its changes in the structure of original tree will be analyzed. The LKH structure and the improved LKH structure will be simulated by the NS2 simulation software. Besides, the impact of the two options on the network delay in the network communication will be analyzed, and NS2 software will objective analysis the advantages and disadvantages of these two programs and its application environment.

Published

2012

20. Framework of Web content filtering for IPv6

Author

Zhen Yang, Liu Jing, Yingxu Lai, and Qian Ma

Subjects

medicine.medical_specialty, Intranet, Computer science, Network security, business.industry, computer.software_genre, IPv6, Statistical classification, Expectation–maximization algorithm, medicine, The Internet, Data mining, Web content, business, computer, Web modeling

Abstract

IPv6 embraces various good features from the security perspective, but the improvements also bring us some new challenges for web content filtering. This paper presents a new framework of web content filtering in IPv6, which is helpful to purifying network environment. In this framework, using EM (Expectation maximization) algorithm, the active drift and self-learning mechanisms are proposed. Based on the new mechanisms, we can shield unknown illegal URLs effectively, and the illegal web content can be totally prevented from sneaking into the Intranet. Finally, our experimental results show that the performance of the system is very promising.

Published

2010

21. A Data Mining Framework for Building Intrusion Detection Models Based on IPv6

Author

Yingxu Lai and Zenghui Liu

Subjects

Engineering, computer.internet_protocol, business.industry, Anomaly-based intrusion detection system, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Information processing, Intrusion detection system, computer.software_genre, IPv4, IPv6, Host-based intrusion detection system, The Internet, Data mining, business, computer, Protocol (object-oriented programming)

Abstract

In Intrusion Detection Systems (IDS), many intelligent information processing methods, data mining technology and so on have been applied to improve detection accuracy for IPv4 network. IPv6 will inevitably take the place of IPv4 as the next generation of the Internet Protocol. Considering the problem of the urgent requirement of IDS for IPv6 networks, we present a novel intrusion detection model, and successfully applied it into an IPv6 experimental network in our lab. Lots of experiment indicated that this model can work well for intrusion detection for IPv6 network.

Published

2009

22. Design and Implementation of Distributed Intelligent Firewall Based on IPv6

Author

Guangzhi Jiang, Yingxu Lai, and Qian Ma

Subjects

Intranet, Network security, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Network layer, Computer security, computer.software_genre, Application layer, Firewall (construction), Web page, The Internet, Application firewall, business, computer

Abstract

IPv6, as the alternative of IPv4, contains numerous features and improvements that make it attractive from a security perspective, but it is by no means the panacea for security. This paper presents the design and implementation of a distributed intelligent firewall system based on IPv6, which is able to secure the network layer and application layer of IPv6 networking. By the system, the typical attacks coexisting in both IPv4 and IPv6, the emerging IPv6 specific ones such as security threats related to ICMPv6, can be blocked by the rule set of network layer, similarly, with the rule set of application layer, any illegal or reactionary Web page content in HTML source codes can be totally prevented from sneaking into the Intranet. The Initiative Drift mechanism ensures the legitimacy and civilization of the Web environment within the whole IPv6 networking. Finally, we conduct the performance evaluation of the system and a decent result is gotten.

Published

2009

23. Design and Implementation of Distributed Firewall System for IPv6

Author

Guangzhi Jiang, Zhen Yang, Li Jian, and Yingxu Lai

Subjects

business.industry, Network packet, Computer science, computer.internet_protocol, Distributed computing, Distributed firewall, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Network traffic control, Network simulation, Stateful firewall, IPsec, Packet analyzer, business, computer, Processing delay, Computer network

Abstract

The deployment of the IPv6 network becomes to be realized as the necessity of the IPv6 network is enlarged due to the limit of the IPv4 network. However, the security policy about the IPv6 network is not mature and it becomes an obstacle in the IPv6 network deployment. Attackers can detour the access control of packet filtering system, unless packet filtering system can decrypt IPSec packet. This paper introduces the implementation of Distributed Firewall System (DFS) that can be applicable to the IPv6 network and has capabilities of processing encrypted IPSec packet. The prototype introduced in this paper has been implemented in order to be applied to the IPv6 network preferentially. Although it has a limit to forward performance, the prototype can give the basic concepts toward the IPv6-based DFS equipment.

Published

2009

24. Trusted Computing Based Mobile DRM Authentication Scheme

Author

Zhen Yang, Kefeng Fan, and Yingxu Lai

Subjects

Digital rights management, business.industry, Computer science, Interoperability, Mobile computing, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Trusted Computing, Trusted Network Connect, Computer security, computer.software_genre, Direct Anonymous Attestation, Message authentication code, Mobile telephony, business, computer, Computer network

Abstract

Rapid development of mobile communications business leads to greater focus on effective mobile DRM (digital right management) for providing improved content protection. To be able to guarantee DRM policies enforcement, the trusted mobile working environment based on a tamper-resistant hardware module is needed. In this paper, firstly, a construction of the trusted mobile computing based on TPM/TPCM is introduced. Thereafter, an example of DRM authentication scheme in user domain integrated with trusted mobile platform is discussed. Based on the new characters provided by trusted computing platform, the authentication scheme can be simplified, which is safe enough to increase the security of latest mobile DRM framework and promote its interoperability and compatibility.

Published

2009

25. Unknown Malicious Executable Defection

Author

Yingxu Lai

Subjects

Artificial neural network, business.industry, Computer science, Feature extraction, Feature selection, computer.file_format, Machine learning, computer.software_genre, Computer virus, Statistical classification, Naive Bayes classifier, ComputingMethodologies_PATTERNRECOGNITION, Data mining, Artificial intelligence, Executable, business, computer, Classifier (UML)

Abstract

Anti-virus systems traditionally use signatures to detect malicious executables, but this method beyond the capability of many existing detection approaches. In this paper, we present a data mining approach to detect unknown malicious executables. The feature set is a key to applying data mining or machine learning to successfully detect malicious executables. We propose a method to extract features which are most representative of viral properties. To improve the performance of the Bayesian classifier, we present a novel algorithm called half increment naive Bayes (HIB). We also evaluate the predictive power of the classifier, and show that our classifier yields high detection rates and works at a high learning speed.

Published

2008

26. A Feature Selection for Malicious Detection

Author

Yingxu Lai

Subjects

business.industry, Computer science, Feature extraction, Feature selection, computer.file_format, computer.software_genre, Machine learning, Support vector machine, Artificial intelligence, Executable, Data mining, Detection rate, business, computer, Classifier (UML)

Abstract

The detection of unknown malicious executables is beyond the capability of many existing detection approaches. Machine learning or data mining methods can identify new or unknown malicious executables with some degree of success. Feature selection is a key to apply data mining or machine learning to successfully detect malicious executables. We propose a method to extract features which are most representative of viral properties. We show that our classifier, based on strings, achieves high detection rates and can be expected to perform as well in real-world conditions.

Published

2008

27. Unknown Malicious Code Detection Based on Bayesian

Author

Zhenghui Liu and Yingxu Lai

Subjects

Bayesian algorithm, Computer science, business.industry, String (computer science), Bayesian probability, detection, Pattern recognition, General Medicine, computer.file_format, computer.software_genre, malicious codes, Naive Bayes classifier, ComputingMethodologies_PATTERNRECOGNITION, Code (cryptography), Executable, Artificial intelligence, Data mining, Detection rate, business, computer, Engineering(all)

Abstract

Analyzed Bayesian classifier with string, n -gram and API as features, we found that it is very difficult to improve Bayesian classifier detection accuracy because selected features are not completely independent. In order to solve this problem, we propose a new improved choose features method which are most representative properties, and show that our method achieve high detection rates, even on completely new, previously unseen malicious executables.