Earticle

Recently, in many countries, military has adopted Cloud, Big Data, IoT, etc. in order to win the war. Therefore, a favorable environment for future battles based on the soldiers with a variety of IoT technologies that will foster and build elite combat forces in the center can be expected. Similar to the conventional Internet environment, IoT is not only the type of security threat for a variety of networks, data, and personal information for each of the features has also identified protocol management. Therefore, to enhance the security of the environment in the future IoT based on full-length, it is necessary to study the security priority. A recent survey of military IT professionals shows communications / network security is the most important sector. In addition, the survey can distinguish between the security field will be considered fragile. To the study of future IoT-based battlefield, see the results of this study are reflected in the professional military security structure, we should effectively against threats expected in a given amount of the budget.

In gesture recognition, gesture is easy to be influenced by nonlinear factors such as illumination, wrists and motion blur, etc., based on the Analysis of the SVM classification method and its effect in practical application, this paper proposes a gesture method based on the combination of nonlinear support vector machine (SVM) and Linear Discriminant Analysis, LDA (SVM+LDA).First it works out gesture recognition system constituted by multiple-surface electrode sensor, microcontroller acquisition unit, and computer; second, to get the best classification feature of image through linear discriminant analysis with LDA feature extraction; finally, to carry out classification recognition on gesture characteristic vector by applying the nearest neighbor classifier, at the same time compared with other classification algorithms to get the advantages and disadvantages of the algorithm in this paper. The experimental results show that the SVM+LDA can gain higher recognition rate, so as to provide theoretical and data support for the researcher of electromyogram artificial hands control to choose the appropriate means of recognition.

In order to improve the customer service quality during the virtual machine (VM) migration process in networks, a multi-VM parallel migration strategy based on Markov chain is proposed in this paper. Specifically, the simulation experiment is carried out to provide the data regarding the influence of the algorithm parameters on blocking probability, network migration time and downtime. According to the simulation result, under the condition of the same algorithm parameters, the multi-VM parallel migration process has low parallel downtime, and this index can significantly influence user experience improvement, thus indicating the advantage of the parallel strategy for improving user experience. Meanwhile, under the condition of the same parameters, the network blocking probability of the multi-VM parallel migration process is obviously lower than that of the sequence migration process, thus indicating that the parallel process has higher network utilization. Moreover, the network parameters can be properly selected according to actual needs.

There are some applications of military and e-commerce networks, where security of transmitted data on unfriendly environment requires more concern as compared to other design issues like power and energy consumption. Data alterations in above mentioned applications can lead to irreparable losses; so to avoid such losses, we have to maintain Data Integrity in the communication network. This paper presents a novel and reliable Hash algorithm which inherits the basic architecture of SHA-1. Performance of proposed technique is compared with existing techniques through statistical test suite for random numbers. Results reveal that the suggested technique is more effective in terms of randomness than the existing algorithms. The proposed technique, thus, finds its applicability in the sensitive data environment.

With the rapid development of computer systems, intrusion attack methods have become large-scale, distributed and complex. Traditional protection means such as vulnerability database, virus database and rule matching can’t cope with the attacks hidden inside the terminals. This paper proposed a terminal anomaly detection system based on dynamic taint analysis technology from the data dimension of the terminals. Firstly we built a standard data path model based on HMM and evaluated the deviation degree of the current operating mode with it to find the abnormal working status of the terminals. The experimental results show that the structure is valid to discover the intrusion attacks with a high detection rate and low false alarm rate.

Maintaining the confidentiality of data during communication has always been a prime concern of many researchers. Several encryption mechanisms have been developed in order to protect the secret data from the access of unauthorized users. Encryption can be thought of as a set of instruction used for conversion of data from a readable state to nonsense form. An encryption scheme is said to be effective if it provides high security, low computational time and high brute force search time for hackers. This paper is an effort to compare all the text based encryption schemes mentioned in literature. These schemes are implemented in MATLAB-2010 and their efficacy is compared based on various performance metrics such as time complexity, Correlation, Key sensitivity analysis, Differential attack analysis and Entropy. These results can be fruitful for researchers working in this direction.

Based on field survey data and statistics of Zhalong wetland natural reserve, gray correlation model was used to comprehensively analyze and forecast ecological security of zhalong. According to “Response -Pressure - State" model, a eco-security assessment system was built which contains 32 indictors such as human activities, regional development index, etc. The results showed that: Zhalong Wetland ecological security index varied from 0.6852-0.7951 from 2015-2022. The index of ecological security alternated "safer" from "early warning". Upward trend of ecological security benefited from implementation of policies from the response subsystem.

It is the first and most important step in the detection of satellite navigation deception attack. For the detection of the regenerative deception attack, a method based on carrier phase tracking spectrum analysis is proposed. The simulation experiment results show that this method can be used in the case that the false alarm probability is no more than 0.5%, and the detection probability is almost 100%. The method is not necessary for the transformation of the hardware, the signal processing module in the software receiver can be added to the corresponding processing module, and the detection of the deception attack can be realized.

Recently Big data is in the spotlight and several NoSQL systems have been appeared in order to process large scale data. Among them Cassandra provides high scalability and availability with internal cluster structure. However, it does not provide enough security functionalities, especially transferred messages between internal cluster nodes are easily exposed by outside adversaries. In this paper a group key based security model for Cassandra is proposed. Cluster membership authentication and message confidentiality is provided by using of the group key, and the key is efficiently updated by decentralized approach where the cluster is divided into several subgroups considering Cassandra structure. Our model contributes preventing Cassandra cluster from illegal outside access attempts.

This paper defines a new DNP3 link layer frame structure based on the link layer packet characteristics of transmission time requirements and security requirements in substation automation system (SAS). The new frame structure can provide three different work modes: authentication, authorization-encryption, non-authenticated encryption. Then we propose a link-layer security service mechanism in substation automation system based on the GCM-AES, including the session key agreement protocol based on EKE, GMAC-based message authentication protocol, GCM-AES Authentication Encryption-based DNP3 protocol and GCM-AES-based message transform algorithm. Through experimental calculation and analysis, the results show that the new security mechanisms achieve the efficient and safety in substation packets transmission.

As modern computer networks are large-scale with numerous nodes, the conventional concentrated intrusion detection system fails to work effectively. To deal with the above situation, the paper proposed a “Soft-Man” and data mining based distributed intrusion detection system (SMDMDIDS, for short). Specifically, it designed an overall structure model of the detection system, expounded the system’s communication models, and designed the communication models and cooperation methods between Soft-Mans as well. The paper also defined hierarchical cooperation models for the Soft-Mans and designed corresponding data mining models. Finally, with the help of IDS Informer tools, the paper conducted a simulation experiment on network intrusion detection. The experimental results showed that the proposed intrusion detection system in the paper had good detection performance.

With varied and widespread attacks on information systems, intrusion detection systems (IDS) have become an indispensable part of security policy for protecting data. IDS monitor event logs and network traffic to uncover suspicious connections that deviate from the regular profile and identify them as threats or attacks. Like most of the cases the dataset used for intrusion detection i.e., KDD99 suffers two problems: imbalanced class distribution and curse of dimensionality. In this work SMOTE has been used for balancing the dataset and once balanced, Principal Component Analysis (PCA) has been used to extract the features. And after that on the transformed dataset Correlation based Feature Selection (CFS) is used to select a subset of important features. The reduced dimension dataset is tested with Support Vector Machines (SVM). Obtained results demonstrate improved detection accuracy, computational efficiency with minimal false alarms and less system resources utilization

Security issues of wireless sensor networks (WSNs) have become increasingly prominent. As a reasonable complement for encryption, authentication and other security mechanisms, intrusion detection technology has become an important domain of WSNs security research. So it has very academic and practical value to design an intrusion detection approach adapting to wireless sensor networks characteristics. At the basis of the reputation computing model we designed, and after analyzing features of the sensor networks intrusion detection mechanism, we proposed an intrusion detection model based on trusty nodes inside clusters make use of the reputation computing model to calculate the coordinate nodes synthetic reputation values to check whether some invasion has taken place. If some nodes are being intruded, the messages will be reported to cluster head. When the numbers of the reporting nodes are more than the specified the head will report the information to sink nodes and start intrusion response at the same time. The experimental results show that the designed models can identify vicious nodes and low competitive nodes, helping to promote the security and reliability of the network, and embodying the equity of the network.

Genetic algorithms can solve complex problems, including the problems of cryptography. What problems often occur on the Hill Cipher is the waste of time to determine the numbers that are used in the encryption process. In the encryption process, it is not a problem if the key is derived from any number. However, the problem is ciphertext cannot be returned to the original message. The key that is used must have the determinant is 1. To find the value of it is something that takes time if it must be done manually. Due to the entered value to the Hill Cipher is random, Genetic algorithms can be used to optimize the search time. By using this algorithm, the determinant calculation will be more accurate and faster. The result achieved is the program can specify some combination of numbers that can be used as the encryption key Hill Cipher and it can reject the unnecessary numbers.

Along with the development of IoT(Internet of Things) in industrial control field, more and more security issues are emerged, which cause great damage in the physical world. Under the background of IoT for industrial control, we propose a multi-level detection and warning model, the model can find the attacked node quickly and further effectively forecast data transmission situation of IoT. In addition to detecting the attacks accurately and effectively, the algorithm could give different levels of alarm according to network running situations. And then corresponding measures would be taken to guarantee network availability. An OMNeT++( Objective Modular Network Tested in C++) simulation is performed to validate correctness and practicability of the model at last. And the results verify that this model is feasible to a certain degree.

With the rapid development of science and technology and the network popularization, computer network security becomes a social problem. Based on the analysis of the main factors influencing the computer network security, the risk evaluation index system of computer network security is established. The analytic hierarchy process (AHP) is used to calculate the weight of each index. Through the common criteria to determine the grey clustering of computer network security risk, establishing the whitenization weight function of computer network security risk evaluation model, and then calculating the whitenization clustering coefficient and clustering vector of computer network security risk evaluation model, the evaluation results are finally obtained. The method is scientific and reasonable, combining subjective evaluation with objective calculation.

Malwares have sharp resemblance with the biological pathogens in terms of propagation. Biological pathogens spread from one living being to another in very short span of time. Similarly malwares also propagate rapidly from one host to another host and one network to another network, in order to spread infection in major scale. This spread can be epidemic if control strategies are not called in time. In order to timely intervene, study of epidemic behavior is very important. In this paper we develop SI1I2Q1Q2R1R2 model of worm propagation under quarantine control strategy. We have considered different infective, quarantined and recovered (or removed) group in our model. The motivation of such model came from the study of propagation dynamics of HIV. Our worm propagation and its quarantined based defense is based on staged-progression (SP) hypothesis of HIV. We have studied in this paper the stability of worm free equilibrium condition and analyzed the epidemic state condition in terms of reproduction number. When reproduction number is greater than one the worm propagation become epidemic. If it is less than one then infection diminishes. Extensive analysis and simulation has been done to validate our system. Simulation result shows that effective quarantine strategy helps in controlling the epidemic outbreak of worms in networks.

In order to comprehensively manage risks of smart grid and to make risk assessment more scientific, in this paper a smart grid risk assessment system is established in terms of 5 aspects, i.e., technology risk, management risk, implementation (environment) risk, economy risk and safety risk. Then a matter-element-based risk assessment model is put forward. Finally, with help of this model, the correlation degree of current smart grid risk rank in China is worked out and corresponding risks have been analyzed and assessed

As Hierarchical Identity Based Encryption (HIBE) system usually maps the true institutional structure of an organization or entity relationship between objects in real world, It is important that computation & communication complexity of private key, ciphertext, cryptographic computations and so on related to an entity in the hierarchy is independent to the hierarchy depth of the entity. Moreover, key escrow problem that any non-leaf entity in a hierarchical identity based cryptosystem can derive private keys for its descendants with use of its private key should be resolved, in order to prevent any entity from behaving on behalf of its descendants. In this paper, a new technique is introduced for composing a private key for each individual entity in HIBE system by differentiating between non-local identifiers and local identifiers of the identity of the entity. That we call Identifier Discrimination. With the technique, A selective identity secure HIBE system is constructed under Decisional Bilinear Diffie-Hellman (DBDH) assumption without using random oracles, where the private key and the ciphertext consist of constant number of group elements, and decryption requires only three bilinear map computations, regardless of the identity hierarchy depth. Moreover, in contrast to previous HIBE constructions, where private key for an entity can be derived by its ancestors with direct use of their private keys, key escrow problem inherent in identity based cryptosystems is resolved in our HIBE construction. Privilege of deriving private keys for an entity can be delegated to any of its ancestors through authorization by distributing specifically crafted values to the ancestor in our HIBE system, that we call Authorized Delegation.

Physical security is a vital part of any organization’s operations. In spite of advancements in new technologies for personnel access control and security development life cycles, the need exists for a pre-design schematic specification that bridges the gap between “natural communication” (e.g., English) and semiformal computing-based diagramming descriptions (e.g., UML). Such a specification can play an important role in facilitating understanding among all stakeholders and as a first step to implementation and development of programming-based diagrams. Most of the reported research in the area of physical security has been driven by practical objectives; the value of these studies is limited because of their static representations based on static conceptions of space. This paper proposes to develop a security system based on the notion of security as a machine. The machine is an abstract apparatus with synchronic order of five states (stages): creation, release, transfer, receipt, and process. The resultant model views a security environment in terms of flows of things and uses this flow to establish a system-based representation. The paper introduces a sample of such a map for two cases: (i) an airport luggage handling process that involves a possibly compromised human-based portion, and (ii) an insider threat scenario in which the attacker is one of the personnel allowed to physically access the premises. The resultant depiction seems suitable for security operations, training, and planning.

Because of the complex and massive risk factors of a large-scale activity, it is difficult to assess the risk level for such activities with an accurate numerical value. Therefore, a fuzzy linguistic based approach was proposed to evaluate the risk level of large-scale activities. Taking Jay Chou’s concert in 2016 as a case study, a hierarchy structure for risk assessment index system was built from the interviews with experts and literatures, which contain 14 risk factors in 4 groups. A five-point scale linguistic term was designed for the experts to evaluate the risk level of risk factors, and a fuzzy synthetic assessment model was adopted to present the procedures of risk assessment. The results reveal that the top risk factor is “safety education” and the top risk group is “management”, and the overall risk criticality (RC) is considered as middle. Based on the rank of RC both for risk factors and risk groups, some risk management strategies were suggested.

Distributed Denial of Service (DDoS) attack becomes a serious hazard for cloud computing environments as they target the victim and completely suppress the Datacenter to serve for its legitimate clients.This work focus on analyzing the several works and suggesting the better approach to suit cloud environment to detect and to maintain better detection accuracy. Also we have made historical comparison of research works of DDoS mitigation schemes with respect to cloud computing environment. The comparison is also made on five existing research works and provided a summary of them which evaluates the detection accuracy of each work.

Recently, with the wider application and development of wireless sensor networks (WSNs), security issues become essential for many sensor network applications including environment monitoring, traffic controlling, military sensing, patient status monitoring and so on. In this paper, we summarize the security architecture and requirements, enumerate attacks and countermeasures in wireless sensor networks. In addition, we also summarize key management and introduce several typical key management methods. Which benefit researchers greatly to realizing the situation and trend of state-of-the-art of wireless sensor networks security.

From the point of view of digital product development, this paper makes a deep discussion and research on the key technologies of pipeline layout design, pipeline layout optimization, and assembly simulation in the process of complex product development. We introduce an automatic pipe layout techniques based on improved rapidly exploring random tree, it could able to quickly establish the framework model of pipeline system, on this basis are discussed a pipeline of the simulated annealing algorithm based on automatic optimization algorithm, and interactive pipeline layout method, using computer artificial intelligence and design personnel manual intervention method to improve the quality of pipe layout. Also, we make the system realization of automatic layout of pipe line, and put forward related Suggestions.

The classical objective of obfuscation considers indistinguishability of the obtained code in relation to original programs of equal functionality. The present paper reviews another objective of obfuscation, when indistinguishability is considered relatively to programs of different functionality. In this case, an obfuscator is provided with a key at the input. It is nearly impossible to discover the program’s functionality without having the key. Hence, that obfuscator type is named a key obfuscator. The paper proves existence of a key obfuscator and existence of effective algorithms for its operation demonstrated by recursive functions. The practical relevance of the result obtained by the research is the possibility to store an executable code in an untrusted computational environment and to obstruct injection attacks and distributed computing analysis. RKB-Obfuscator (Recursive Key Blur), an application for obfuscating high-level applications is presented. The presented application matches recursive functions with commands of a high-level programming language.

In the era of big data network, the data is no longer just a simple collection of objects; it contains a wealth of rich, complex, related knowledge. The effective use of the network big data value of the main task is not only to get more and more data, but also need to dig more useful knowledge from the existing data. In this paper, the author analyzes the multiple integration mechanism of ideological and political education resources, by using a KP-LIM inference method on association. Based on empirical analysis, we construct the performance evaluation system of ideological and political education; the result shows that first-class index includes policy implementation (0.25), subject of education (0.15), ideological and political education process (0.2), information system construction (0.15) and environment construction (0.25).College should construct implementation system all-round education of ideological and political education, in order to achieve the multiple integration effect.

In this paper we have proposed a hybrid intrusion detection system consisting of a misuse detection model based upon a Binary Tree of Classifiers as the first stage and an anomaly detection model based upon SVM Classifier as the second stage. The Binary Tree consists of several best known classifiers specialized in detecting specific attacks at a high level of accuracy. Combination of a Binary Tree and specialized classifiers will increase accuracy of the misuse detection model. The misuse detection model will detect only known attacks. In-order to detect unknown attacks, we have an anomaly detection model as the second stage. SVM has been used, since it’s the best known classifier for anomaly detection which will detect patterns that deviate from normal behavior. The proposed hybrid intrusion detection has been tested and evaluated using KDD Cup ’99, NSL-KDD and UNSW-NB15 dataset.