Biblio

As an important branch of computer forensics, network forensics technology, whether abroad or at home, is in its infancy. It mainly focuses on the research on the framework of some forensics systems or some local problems, and has not formed a systematic theory, method and system. In order to improve the network forensics sys-tem, have a relatively stable and correct model for refer-ence, ensure the authenticity and credibility of network fo-rensics from the forensics steps, provide professional and non professional personnel with a standard to measure the availability of computer network crime investigation, guide the current network forensics process, and promote the gradual maturity of network forensics theories and methods, This paper presents a fuzzy decision tree reason-ing method for network forensics analysis.

The 5G research community is increasingly leveraging the innovative features offered by Information Centric Networking (ICN). However, ICN’s fundamental features, such as in-network caching, make access control enforcement more challenging in an ICN-based 5G deployment. To address this shortcoming, we propose a Blockchain-based Decentralized Authentication Protocol (BDAP) which enables efficient and secure mobile user authentication in an ICN-based 5G network. We show that BDAP is robust against a variety of attacks to which mobile networks and blockchains are particularly vulnerable. Moreover, a preliminary performance analysis suggests that BDAP can reduce the authentication delay compared to the standard 5G authentication protocols.

The success of the web and the consequent rise in data sharing have made network security a challenge. Attackers from all around the world target PC installations. When an attack is successful, an electronic device's security is jeopardised. The intrusion implicitly includes any sort of behaviours that purport to think twice about the respectability, secrecy, or accessibility of an asset. Information is shielded from unauthorised clients' scrutiny by the integrity of a certain foundation. Accessibility refers to the framework that gives users of the framework true access to information. The word "classification" implies that data within a given frame is shielded from unauthorised access and public display. Consequently, a PC network is considered to be fully completed if the primary objectives of these three standards have been satisfactorily met. To assist in achieving these objectives, Intrusion Detection Systems have been developed with the fundamental purpose of scanning incoming traffic on computer networks for malicious intrusions.

Machine learning-based DDoS attack detection methods are mostly implemented at the packet level with expensive computational time costs, and the space cost of those sketch-based detection methods is uncertain. This paper proposes a two-stage DDoS attack detection algorithm combining time series-based multi-dimensional sketch and machine learning technologies. Besides packet numbers, total lengths, and protocols, we construct the time series-based multi-dimensional sketch with limited space cost by storing elephant flow information with the Boyer-Moore voting algorithm and hash index. For the first stage of detection, we adopt CNN to generate sketch-level DDoS attack detection results from the time series-based multi-dimensional sketch. For the sketch with potential DDoS attacks, we use RNN with flow information extracted from the sketch to implement flow-level DDoS attack detection in the second stage. Experimental results show that not only is the detection accuracy of our proposed method much close to that of packet-level DDoS attack detection methods based on machine learning, but also the computational time cost of our method is much smaller with regard to the number of machine learning operations.

Computer and Vehicular networks, both are prone to multiple information security breaches because of many reasons like lack of standard protocols for secure communication and authentication. Distributed Denial of Service (DDoS) is a threat that disrupts the communication in networks. Detection and prevention of DDoS attacks with accuracy is a necessity to make networks safe.In this paper, we have experimented two machine learning-based techniques one each for attack detection and attack prevention. These detection & prevention techniques are implemented in different environments including vehicular network environments and computer network environments. Three different datasets connected to heterogeneous environments are adopted for experimentation. The first dataset is the NSL-KDD dataset based on the traffic of the computer network. The second dataset is based on a simulation-based vehicular environment, and the third CIC-DDoS 2019 dataset is a computer network-based dataset. These datasets contain different number of attributes and instances of network traffic. For the purpose of attack detection AdaBoostM1 classification algorithm is used in WEKA and for attack prevention Logit Model is used in STATA. Results show that an accuracy of more than 99.9% is obtained from the simulation-based vehicular dataset. This is the highest accuracy rate among the three datasets and it is obtained within a very short period of time i.e., 0.5 seconds. In the same way, we use a Logit regression-based model to classify packets. This model shows an accuracy of 100%.

This article analyzes the current situation of computer network security in colleges and universities, future development trends, and the relationship between software vulnerabilities and worm outbreaks. After analyzing a server model with buffer overflow vulnerabilities, a worm implementation model based on remote buffer overflow technology is proposed. Complex networks are the medium of worm propagation. By analyzing common complex network evolution models (rule network models, ER random graph model, WS small world network model, BA scale-free network model) and network node characteristics such as extraction degree distribution, single source shortest distance, network cluster coefficient, richness coefficient, and close center coefficient.

With the development of computer technology and information security technology, computer networks will increasingly become an important means of information exchange, permeating all areas of social life. Therefore, recognizing the vulnerabilities and potential threats of computer networks as well as various security problems that exist in reality, designing and researching computer quality architecture, and ensuring the security of network information are issues that need to be resolved urgently. The purpose of this article is to study the design and realization of information security technology and computer quality system structure. This article first summarizes the basic theory of information security technology, and then extends the core technology of information security. Combining the current status of computer quality system structure, analyzing the existing problems and deficiencies, and using information security technology to design and research the computer quality system structure on this basis. This article systematically expounds the function module data, interconnection structure and routing selection of the computer quality system structure. And use comparative method, observation method and other research methods to design and research the information security technology and computer quality system structure. Experimental research shows that when the load of the computer quality system structure studied this time is 0 or 100, the data loss rate of different lengths is 0, and the correct rate is 100, which shows extremely high feasibility.

HTTP flood DDoS (Distributed Denial of Service) attacks send illegitimate HTTP requests to the targeted site or server. These kinds of attacks corrupt the networks with the help of massive attacking nodes thus blocking incoming traffic. Computer network connected devices are the major source to distributed denial of service attacks (or) botnet attacks. The computer manufacturers rapidly increase the network devices as per the requirement increases in the different environmental needs. Generally the manufacturers cannot ship computer network products with high level security. Those network products require additional security to prevent the DDoS attacks. The present technology is filled with 4G that will impact DDoS attacks. The million DDoS attacks had experienced in every year by companies or individuals. DDoS attack in a network would lead to loss of assets, data and other resources. Purchasing the new equipment and repair of the DDoS attacked network is financially becomes high in the value. The prevention mechanisms like CAPTCHA are now outdated to the bots and which are solved easily by the advanced bots. In the proposed work a secured botnet prevention mechanism provides network security by prevent and mitigate the http flooding based DDoS attack and allow genuine incoming traffic to the application or server in a network environment with the help of integrating invisible challenge and Resource Request Rate algorithms to the application. It offers double security layer to handle malicious bots to prevent and mitigate.

In the last decade, numerous Industrial IoT systems have been deployed. Attack vectors and security solutions for these are an active area of research. However, to the best of our knowledge, only very limited insight in the applicability and real-world comparability of attacks exists. To overcome this widespread problem, we have developed and realized an approach to collect attack traces at a larger scale. An easily deployable system integrates well into existing networks and enables the investigation of attacks on unmodified commercial devices.

Intrusion Detection System (IDS) is one of the applications to detect intrusions in the network. IDS aims to detect any malicious activities that protect the computer networks from unknown persons or users called attackers. Network security is one of the significant tasks that should provide secure data transfer. Virtualization of networks becomes more complex for IoT technology. Deep Learning (DL) is most widely used by many networks to detect the complex patterns. This is very suitable approaches for detecting the malicious nodes or attacks. Software-Defined Network (SDN) is the default virtualization computer network. Attackers are developing new technology to attack the networks. Many authors are trying to develop new technologies to attack the networks. To overcome these attacks new protocols are required to prevent these attacks. In this paper, a unique deep intrusion detection approach (UDIDA) is developed to detect the attacks in SDN. Performance shows that the proposed approach is achieved more accuracy than existing approaches.

Many organizations process and store classified data within their computer networks. Owing to the value of data that they hold; such organizations are more vulnerable to targets from adversaries. Accordingly, the sensitive organizations resort to an ‘air-gap’ approach on their networks, to ensure better protection. However, despite the physical and logical isolation, the attackers have successfully manifested their capabilities by compromising such networks; examples of Stuxnet and Agent.btz in view. Such attacks were possible due to the successful manipulation of human beings. It has been observed that to build up such attacks, persistent reconnaissance of the employees, and their data collection often forms the first step. With the rapid integration of social media into our daily lives, the prospects for data-seekers through that platform are higher. The inherent risks and vulnerabilities of social networking sites/apps have cultivated a rich environment for foreign adversaries to cherry-pick personal information and carry out successful profiling of employees assigned with sensitive appointments. With further targeted social engineering techniques against the identified employees and their families, attackers extract more and more relevant data to make an intelligent picture. Finally, all the information is fused to design their further sophisticated attacks against the air-gapped facility for data pilferage. In this regard, the success of the adversaries in harvesting the personal information of the victims largely depends upon the common errors committed by legitimate users while on duty, in transit, and after their retreat. Such errors would keep on repeating unless these are aligned with their underlying human behaviors and weaknesses, and the requisite mitigation framework is worked out.

When we setup a computer network, we need to know if an attacker can get into the system. We need to do a series of test that shows the vulnerabilities of the network setup. These series of tests are commonly known Penetration Test. The need for penetration testing was not well known before. This paper highlights how penetration started and how it became as popular as it has today. The internet played a big part into the push to getting the idea of penetration testing started. The styles of penetration testing can vary from physical to network or virtual based testing which either can be a benefit to how a company becomes more secure. This paper presents the steps of penetration testing that a company or organization needs to carry out, to find out their own security flaws.

With the development of openness, sharing and interconnection of computer network, the architecture of enterprise network becomes more and more complex, and various network security problems appear. Threat Intelligence(TI) Analysis and situation awareness(SA) are the prediction and analysis technology of enterprise security risk, while intrusion detection technology belongs to active defense technology. In order to ensure the safe operation of computer network system, we must establish a multi-level and comprehensive security system. This paper analyzes many security risks faced by enterprise computer network, and integrates threat intelligence analysis, security situation assessment, intrusion detection and other technologies to build a comprehensive enterprise security system to ensure the security of large enterprise network.

The paper proposes ways to solve the problem of secure remote access to telecommunications’ equipment. The purpose of the study is to develop a set of procedures to ensure secure interaction while working remotely with Cisco equipment using the SSH protocol. This set of measures is a complete list of measures which ensures security of remote connection to a corporate computer network using modern methods of cryptography and network administration technologies. It has been tested on the GNS3 software emulator and Cisco telecommunications equipment and provides a high level of confidentiality and integrity of remote connection to a corporate computer network. In addition, the study detects vulnerabilities in the IOS operating system while running SSH service and suggests methods for their elimination.

Existing digital identity management systems fail to deliver the desirable properties of control by the users of their own identity data, credibility of disclosed identity data, and network-level anonymity. The recently proposed Self-Sovereign Identity (SSI) approach promises to give users these properties. However, we argue that without addressing privacy at the network level, SSI systems cannot deliver on this promise. In this paper we present the design and analysis of our solution TCID, created in collaboration with the Dutch government. TCID is a system consisting of a set of components that together satisfy seven functional requirements to guarantee the desirable system properties. We show that the latency incurred by network-level anonymization in TCID is significantly larger than that of identity data disclosure protocols but is still low enough for practical situations. We conclude that current research on SSI is too narrowly focused on these data disclosure protocols.

In the continuously evolving environment, computer security has become a convenient challenge because of the rapid rise and expansion of the Internet. One of the most significant challenges to networks is attacks on network resources caused by inadequate network security. DHCP is defenseless to a number of attacks, such as DHCP rogue server attacks. This work is focused on developing a method of detecting these attacks and granting active host protection on GNU/Linux operating systems. Unauthorized DHCP servers can be easily arranged and compete with the legitimate server on the local network that can be the result of distributing incorrect IP addresses, malicious DNS server addresses, invalid routing information to unsuspecting clients, intercepting and eavesdropping on communications, and so on. The goal is to prevent the situations described above by recognizing untrusted DHCP servers and providing active host protection on the local network.

CAPTCHA or Completely Automated Public Turing test to Tell Computers and Humans Apart is a technique to distinguish between humans and computers by generating and evaluating tests that can be passed by humans but not computer bots. However, captchas are not foolproof, and they can be bypassed which raises security concerns. Hence, sites over the internet remain open to such vulnerabilities. This research paper identifies the vulnerabilities found in some of the commonly used captcha schemes by cracking them using Deep Learning techniques. It also aims to provide solutions to safeguard against these vulnerabilities and provides recommendations for the generation of secure captchas.

With the rapid development of the information technology era, the era of big data has also arrived. While computer networks are promoting the prosperity and development of society, their applications have become more extensive and in-depth. Smart city video surveillance systems have entered an era of networked surveillance and business integration. The problems are also endless. This article discusses computer network security in the era of big data, hoping to help strengthen the security of computer networks in our country. This paper studies the computer network security prevention strategies of smart cities in the era of big data.

With the continuous improvement of China's scientific and technological level, computer network has become an indispensable part of people's daily life. It can not only effectively improve the efficiency of production and life, and shorten the distance between people, but also further promote the speed of China's social and economic development, which has a positive impact on the realization of China's modernization. Under the new information security demand environment at present, we should pay attention to the related information security work and formulate effective security measures and strategies. In order to effectively prevent these information security problems, people should actively adopt firewall technology, encryption technology, network access control technology and network virus prevention technology for effective protection. This paper analyzes the security problems in the application of wireless sensor networks and explores the mechanism of defending information security, hoping to strengthen the security and stability of wireless sensor networks through effective measures, so that people can better enjoy the convenience brought by the network age.

With the development of cloud computing technology, cloud services have been used by more and more traditional applications and products because of their unique advantages such as virtualization, high scalability and universality. In the cloud computing environment, computer networks often encounter security problems such as external attacks, hidden dangers in the network and hidden dangers in information sharing. The network security level protection system is the basic system of national network security work, which is the fundamental guarantee for promoting the healthy development of informatization and safeguarding national security, social order and public interests. This paper studies cloud computing security from the perspective of level protection, combining with the characteristics of cloud computing security. This scheme is not only an extension of information system level protection, but also a study of cloud computing security, aiming at cloud computing security control from the perspective of level protection.

Several previous studies have focused on Distributed Denial of Service (DDoS) attacks, which are a crucial problem in computer network security. In this paper we explore the applicability of a a time series method known as a matrix profile to the anomaly based DDoS attacks detection. The study thus examined how the matrix profile method performed in diverse situations related to DDoS attacks, as well as identifying those features that are most applicable in various scenarios. Based on reported empirical evaluation the matrix profile method is shown to be efficient against most of the considered types of DDoS attacks.

Modern cyberattacks are the most powerful disturbance factor for computer networks, as they have a complex and devastating impact. The impact of cyberattacks is primarily aimed at disrupting the performance of computer network protection means. Therefore, managing this defense system in the face of cyberattacks is an important task. The paper examines a technique for constructing an effective control system for a computer network security system operating in real time in the context of cyber attacks. It is supposed that it is built on the basis of constructing a system state space and a stack of control decisions. The probability of finding the security system in certain state at each control step is calculated using a finite Markov chain. The technique makes it possible to predict the number of iterations for managing the security system when exposed to cyber attacks, depending on the segment of the space of its states and the selected number of transitions, as well as automatically generate control decisions. An algorithm has been developed for situational control of a computer network security system in conditions of cyber attacks. The experimental results obtained using the generated dataset demonstrated the high efficiency of the developed technique and the ability to use it to determine the parameters that are most susceptible to abnormal deviations during the impact of cyber attacks.

With the reform of the power market(PM), various power applications based on computer networks have also developed. As a network application system supporting the operation of the PM, the technical support system(TSS) of the PM has become increasingly important for its network information security(NIS). The purpose of this article is to study the security protection of computer network information in power systems. This paper proposes an identity authentication algorithm based on digital signatures to verify the legitimacy of system user identities; on the basis of PMI, according to the characteristics of PM access control, a role-based access control model with time and space constraints is proposed, and a role-based access control model is designed. The access control algorithm based on the attribute certificate is used to manage the user's authority. Finally, according to the characteristics of the electricity market data, the data security transmission algorithm is designed and the feasibility is verified. This paper presents the supporting platform for the security test and evaluation of the network information system, and designs the subsystem and its architecture of the security situation assessment (TSSA) and prediction, and then designs the key technologies in this process in detail. This paper implements the subsystem of security situation assessment and prediction, and uses this subsystem to combine with other subsystems in the support platform to perform experiments, and finally adopts multiple manifestations, and the trend of the system's security status the graph is presented to users intuitively. Experimental studies have shown that the residual risks in the power system after implementing risk measures in virtual mode can reduce the risk value of the power system to a fairly low level by implementing only three reinforcement schemes.

How to prevent the computer system from being interfered by external factors and maintain a strong working state is a problem that needs to be solved at present. At present, encryption and network security defense systems are important technical means of security defense. Based on this research background, the paper proposes an AES data encryption scheme in the Hadoop big data environment. The AES algorithm performs several rounds of plaintext encryption through the steps of round key addition, byte replacement, row displacement, column confusion, etc. Under the MapReduce architecture, the plaintext data is divided into multiple data fragments. The Map function is responsible for the AES algorithm encryption operation, and the Reduce function Combine encrypted data information. Finally, the paper designs a computer network security defense system that can actively discover the security threats in the network and effectively prevent them, so as to ensure the normal and safe operation of the network. At the same time, we use the encryption algorithm on the computer network security defense system. Experimental research has proved that this method can safely transmit network data packets. With the increase of computing cluster nodes, its encryption transmission efficiency continues to improve. This solution not only solves the problem of computer network data security encryption, but also realizes the parallel transmission of encrypted data in the information age.

The development and popularization of big data technology bring more convenience to users, it also bring a series of computer network security problems. Therefore, this paper will briefly analyze the network security threats faced by users under the background of big data, and then combine the application function of computer network security defense system based on big data to propose an architecture design of computer network security defense system based on big data.