Biblio

Cyber resilience has become a strategic point of information security in recent years. In the face of complex attack means and severe internal and external threats, it is difficult to achieve 100% protection against information systems. It is necessary to enhance the continuous service of information systems based on network resiliency and take appropriate compensation measures in case of protection failure, to ensure that the mission can still be achieved under attack. This paper combs the definition, cycle, and state of cyber resilience, and interprets the cyber resiliency engineering framework, to better understand cyber resilience. In addition, we also discuss the evolution of security architecture and analyze the impact of cyber resiliency on security architecture. Finally, the strategies and schemes of enhancing cyber resilience represented by zero trust and endogenous security are discussed.

A QPSK-assisted MIMO equalization is investigated to compensate bandwidth limitation for 800-Gb/s/λ DP-256QAM systems with only 25G-class optics. Compared with conventional MIMO equalization, the proposed equalization scheme exhibits 1.8-dB OSNR improvement at 15% FEC limit.

The emergence of integrated space-ground network (ISGN), with more complex network conditions compared with tradition network, requires packet classification to achieve high performance. Packet classification plays an important role in the field of network security. Although several existing classification schemes have been proposed recently to improve classification performance, the performance of these schemes is unable to meet the high-speed packet classification requirement in ISGN. To tackle this problem, a hybrid packet classification algorithm based on hash table and geometric space partition (HGSP) is proposed in this paper. HGSP falls into two sections: geometric space partition and hash matching. To improve the classification speed under the same accuracy, a parallel structure of hash table is designed to match the huge packets for classifying. The experimental results demonstrate that the matching time of HGSP algorithm is reduced by 40%-70% compared with traditional Hicuts algorithm. Particularly, with the growth of ruleset, the advantage of HGSP algorithm will become more obvious.

Security policy is widely used in network management systems to ensure network security. It is necessary to detect and resolve conflicts in security policies. This paper analyzes the shortcomings of existing security policy conflict detection methods and proposes a B+ tree-based security policy conflict detection method. First, the security policy is dimensioned to make each attribute corresponds to one dimension. Then, a layer of B+ tree index is constructed at each dimension level. Each rule will be uniquely mapped by multiple layers of nested indexes. This method can greatly improve the efficiency of conflict detection. The experimental results show that the method has very stable performance which can effectively prevent conflicts, the type of policy conflict can be detected quickly and accurately.