Biblio

Software-Defined Networking (SDN) simplifies network management by separating the control plane from the data forwarding plane. However, the plane separation technology introduces many new loopholes in the SDN data plane. In order to facilitate taking proactive measures to reduce the damage degree of network security events, this paper proposes a security situation prediction method based on particle swarm optimization algorithm and long-short-term memory neural network for network security events on the SDN data plane. According to the statistical information of the security incident, the analytic hierarchy process is used to calculate the SDN data plane security situation risk value. Then use the historical data of the security situation risk value to build an artificial neural network prediction model. Finally, a prediction model is used to predict the future security situation risk value. Experiments show that this method has good prediction accuracy and stability.

Industrial control systems (ICSs) are facing serious security challenges due to their inherent flaws, and emergence of vulnerabilities from the integration with commercial components and networks. To that end, assessing the security plays a vital role for current industrial enterprises which are responsible for critical infrastructure. This paper accomplishes a complex task of quantitative assessment based on attack graphs in order to look forward critical paths. For the purpose of application to a large-scale heterogeneous ICSs, we propose a flexible attack graph generation algorithm is proposed with the help of the graph data model. Hereafter, our quantitative assessment takes a consideration of graph indicators on specific nodes and edges to get the security metrics. In order to improve results of obtaining the critical attack path, we introduced a formulating selection rule, considering the asset value of industrial control devices. The experimental results show validation and verification of the proposed method.

Website defacements can inflict significant harm on the website owner through the loss of reputation, the loss of money, or the leakage of information. Due to the complexity and diversity of all kinds of web application systems, especially a lack of necessary security maintenance, website defacements increased year by year. In this paper, we focus on detecting whether the website has been defaced by extracting website features and website embedded trojan features. We use three kinds of classification learning algorithms which include Gradient Boosting Decision Tree (GBDT), Random Forest (RF) and Support Vector Machine (SVM) to do the classification experiments, and experimental results show that Support Vector Machine classifier performed better than two other classifiers. It can achieve an overall accuracy of 95%-96% in detecting website defacements.