浅析光以太网的网络安全

文章简单介绍了光以太网网络安全的基本技术,根据光以太网的特性分析了其物理安全隐患及可采取的防御措施,并对光以太网中数据的信息安全进行了分析,探讨了采用身份认证和信息加密方法加强信息安全性的具体实现策略.     

实施VoIP过程中的安全性考虑

随着 VoIP(Voice over IP)技术在全球电信市场的不断普及,VoIP的安全问题迫切需要得到解决,而这也是运营商开展业务的前提.VoIP安全可以分为业务的正常提供、业务内容的保密、呼叫者身份确认和系统安全等.文章分析了VoIP目前存在的安全威胁及其相应的防范措施.     

浅析计算机网络安全

计算机网络具有联结形式多样性、终端分布不均匀性和网络的开放性、互连性等特征,致使网络易受攻击,所以网上信息的安全和保密是一个重要问题。无论在局域网或广域网中,都存在自然和人为等因素的脆弱性和潜在威胁。计算机网络的安全措施应是能全方位地针对各种不同的威胁和脆弱性,这样才能确保网络信息的保密性、完整性和可用性。文中介绍了计算机网络面临的威胁,以及计算机网络安全的策略和措施,包括物理安全、访问控制、数据加密和网络安全管理等方面。     

基于角色的域-类型增强访问控制模型研究及其实现

安全系统只有能够支持多种安全政策才能满足实际需求.基于角色的访问控制(Role-Based Access Control,RBAC)是一种政策中性(Policy Neutral)的新模型,已经实现了多种安全政策.域-类型增强(Domain and Type Enforcement,DTE)安全政策充分体现了最小特权(Least Privilege)和职责分离(Separation of Duty)的安全原则,但是,RBAC96不便于直接实现DTE.根据RBAC和DTE的思想,本文提出了"基于角色的域-类型增强访问控制"(Role-Based Domain and Type Enforcement Access Control,RDTEAC)模型.该模型继承了RBAC96的优点,又体现了DTE的安全思想,并易于实现DTE安全政策.此外,我们还在Linux上实现了RDTEAC模型的一个原型.     

基于系统调用特征的入侵检测研究

对网络服务程序进行攻击是非法用户入侵系统的主要途径 ,针对关键程序的入侵检测近年来受到重视 .该文提出的CTBIDS检测模型在利用系统调用特征树描述程序行为特征的基础上 ,通过异常有限积累判别程序入侵 ,既能体现异常状况的长期积累 ,也能很好地反映入侵的异常局部性原理 .此外 ,该文通过统计分析方法确定入侵判别参数 ,使得入侵判别更加准确 .测试及试用结果表明CTBIDS能有效检测出针对关键程序的攻击     

Fast reused code tracing method based on simhash and inverted index

A novel method for fast and accurately tracing reused code was proposed. Based on simhash and inverted in-dex, the method can fast trace similar functions in massive code. First of all, a code database with three-level inverted in-dex structures was constructed. For the function to be traced, similar code blocks could be found quickly according to simhash value of the code block in the function code. Then the potential similar functions could be fast traced using in-verted index. Finally, really similar functions could be identified by comparing jump relationships of similar code blocks. Further, malware samples containing similar functions could be traced. The experimental results show that the method can quickly identify the functions inserted by compilers and the reused functions based on the code database under the premise of high accuracy and recall rate.     

个人便携式网络硬件防水墙设计

文中介绍了防水墙技术和数据包过滤技术,针对个人计算机网络安全的问题,设计了一种便携式的防水墙系统。本系统运用了防水墙技术和网络数据包过滤技术,采用MEGA128单片机控制DM9000网络控制器的方法,对本地计算机发出的数据进行过滤,达到了防止信息被窃取的目的。     

Research on HTML5 application cache poison attack

HTML5 application cache (AppCache) allowed Web browser to access Web offline.But it also brought a new method of cache poisoning attack that was more persisting.As for websites which used the AppCache,a novel poisoning method RFTM (replace file twice method),in which the attacker replaced the manifest file twice to poison the client’s AppCache,was proposed.Compared with the original attack,the legal server would not receive abnormal HTTP requests from the client in the attack.Therefore,changing the server configuration could not prevent the client from the RFTM AppCache poisoning.To avoid the attack mentioned above,a lightweight signature defense scheme Sec-Cache in application layer was designed.Furthermore,experiments show that it has good performance and compatibility.     

基于软件身份标签的安全性研究

当前,由于软件发行商通常不为应用程序和可执行文件（程序文件,共享库,脚本等）提供用以验证其可靠性的关键信息,所以计算机管理员想要自动辨别这些文件是否被第三方修改过变得十分困难.通过与民航飞行的安全性要求进行类比,分析了软件身份标签如何从身份鉴别、应用关联、防止篡改和未知威胁这四方面改善软件的安全性.     

Neural Style Transfer for image within images and conditional GANs for destylization

In this paper, the feature representation of an image by CNN is used to hide the secret image into the cover image. The style of the cover image hides the content of the secret image and produce a stego image using Neural Style Transfer (NST) algorithm, which resembles the cover image and also contains the semantic content of secret image. The main technical contributions are to hide the content of the secret image in the in-between hidden layered style features of the cover image, which is the first of its kind in the present state-of-art-technique. Also, to recover the secret image from the stego image, destylization is done with the help of conditional generative adversarial networks (GANs) using Residual in Residual Dense Blocks (RRDBs). Further, stego images from different layer combinations of content and style features are obtained and evaluated. Evaluation is based on the visual similarity and quality loss between the cover-stego pair and the secret-reconstructed secret pair of images. From the experiments, it has been observed that the proposed algorithm has 43.95 dB Peak Signal-to-Noise Ratio (PSNR)), .995 Structural Similarity Index (SSIM), and .993 Visual Information Fidelity (VIF) for the ImageNet dataset. The proposed algorithm is found to be more robust against StegExpose than the traditional methods.