• Title/Summary/Keyword: Attack tolerance

Search Result 33, Processing Time 0.032 seconds

Enhancing the Robustness and Efficiency of Scale-free Network with Limited Link Addition

  • Li, Li;Jia, Qing-Shan;Guan, Xiaohong;Wang, Hengtao
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.6 no.5
    • /
    • pp.1333-1353
    • /
    • 2012
  • The robustness of a network is usually measured by error tolerance and attack vulnerability. Significant research effort has been devoted to determining the network design with optimal robustness. However, little attention has been paid to the problem of how to improve the robustness of existing networks. In this paper, we investigate how to optimize attack tolerance and communication efficiency of an existing network under the limited link addition. A survival fitness metric is defined to measure both the attack tolerance and the communication efficiency of the network. We show that network topology reconfiguration optimization with limited link addition (NTRLA) problem is NP-hard. Two approximate solution methods are developed. First, we present a degree-fitness parameter to guide degree-based link addition method. Second, a preferential configuration node-protecting cycle (PCNC) method is developed to do trade-off between network robustness and efficiency. The performance of PCNC method is demonstrated by numerical experiments.

DDPG-SDPCR: A DDPG-based Software Defined Perimeter Components Redeployment

  • Zheng Zhang;Quan Ren;Jie Lu;Yuxiang Hu;Hongchang Chen
    • KSII Transactions on Internet and Information Systems (TIIS)
    • /
    • v.18 no.9
    • /
    • pp.2739-2763
    • /
    • 2024
  • In wide area SDP networks, the failure of SDP components caused by malicious attacks will be accompanied by different deployment locations, profoundly affecting network service latency. However, traditional deployment methods based on prior knowledge are no longer applicable to dynamic SDP networks. This article proposes a dynamic and dimensionally variable deployment mechanism DDPG-SDPCR for SDP components based on DDPG, which enhances the network's endogenous security capability and improves attack tolerance. Based on this, we constructed corresponding mathematical models for latency, load balancing, and attack tolerance. The DDPG-SDPCR mechanism dynamically deploys new SDP nodes to replace faulty nodes based on the real-time status of the network, thereby achieving imperceptible attack tolerance for users. We have implemented a wide area SDP prototype with endogenous security capabilities and evaluated it under different network topologies, traffic sizes, and network attacks. The evaluation results indicate that under high traffic conditions, our proposed redeployment mechanism outperforms the baseline by 36.42% in latency, and only increases by 19.24% compared to the non attacked situation.

Compromised compensation: evaluating the fitness costs of tolerance responses in plants facing herbivore-induced delayed germination and intraspecific competition

  • Jeong-Min Kim;Min-Soo Choi;Juhee Lee;Yong-Chan Cho; Youngsung Joo
    • Journal of Ecology and Environment
    • /
    • v.48 no.3
    • /
    • pp.308-318
    • /
    • 2024
  • Background: Many plants compensate for the damage caused by herbivorous insects through tolerance responses. Besides directly causing plant tissue loss and seed production reduction, herbivory causes phenological changes in the host plant. However, little is known about the fitness costs of phenological changes caused by tolerance responses to herbivorous attacks. Results: The girdling beetle Phytoecia rufiventris caused a short-term decrease in the number of flowers of the host plant Erigeron annuus. However, accelerated growth restored the number of flowers, but after a 2-week delay. With an objective to examine whether the tolerance response with such a delay fully compensates the fitness, we experimentally reproduced a 2-week delay in germination under greenhouse and field settings. Under both conditions, intraspecific competition resulted in serious defects in the growth and reproduction of E. annuus plants which of germination was delayed. However, delayed germination (DG) resulted in better growth when competition and herbivory were eliminated from the field. Thus, we showed that the tolerance response to restore reproductive production does not fully compensate for the fitness loss caused by insect attack; rather, the delay in seed production in attacked plants leads to DG and subsequent inferiority in intraspecific competition. Conclusions: Our results imply that compensation for floral production after an herbivore attack does not fully restore offspring fitness in the presence of intraspecific competition and herbivory. Assessing the ecological consequences of defense traits in an appropriate layer of interaction is critical to interpreting adaptive values.

Research on Network Design for Intrusion Tolerance of BcN (BcN에서의 침입감내를 위한 네트워크 디자인 연구)

  • Park, Hyun-Do;Kim, Soo;Lee, Hee-Jo;Im, Chae-Tae;Won, Yoo-Jae
    • Journal of KIISE:Information Networking
    • /
    • v.34 no.5
    • /
    • pp.305-315
    • /
    • 2007
  • Broadband Convergence Network (BcN) is the network which unifies telephone network, the Internet and broadcasting networks. Threats to each network can bring serious problems in BcN environment since the whole network can be damaged by various types of attack. The purpose of this study is to suggest the prototype of intrusion-tolerant network design of BcN to guarantee the continuous operation of BcN services against malicious attacks. First, BcN service components, selected by analysis of service time and coverage importance, are classified into three groups by their type: server type, gateway type and hybrid type. Second, the necessity of applying intrusion tolerance on BcN services is deduced by possible attack scenarios on BcN. Finally, we suggest the intrusion-tolerant network design suitable to BcN, using hardware redundancy and secure policies. Also, we present that the suggested network design can increase the intrusion tolerance of BcN.

Research on Effective Security Control Measures Against DDoS Attacks (DDoS 공격에 대한 효과적인 보안 관제 방안)

  • Jung, Il-Kwon;Kim, Jeom-Gu;Kim, Kiu-Nam;Ha, Ok-Hyun
    • Convergence Security Journal
    • /
    • v.9 no.4
    • /
    • pp.7-12
    • /
    • 2009
  • It is very difficult to completely block the DDoS attack, which paralyzes services by depleting resources or occupying the network bandwidth by transmitting a vast amount of traffic to the specific website or server from normal users' PCs that have been already infected by an outside attacker. In order to defense or endure the DDoS attack, we usually use various solutions such as IDS (Intrusion Detection System), IPS (Intrusion Prevention System), ITS (Intrusion Tolerance System), FW (Firewall), and the dedicated security equipment against DDoS attack. However, diverse types of security appliances cause the cost problem, besides, the full function of the equipments are not performed well owing to the unproper setting without considering connectivity among systems. In this paper, we present the effective connectivity of security equipments and countermeasure methodology against DDoS attack. In practice, it is approved by experimentation that this designed methdology is better than existing network structure in the efficiency of block and endurance. Therefore, we would like to propose the effective security control measures responding and enduring against discriminated DDoS attacks through this research.

  • PDF

Reinforcement Data Mining Method for Anomaly&Misuse Detection (침입탐지시스템의 정확도 향상을 위한 개선된 데이터마이닝 방법론)

  • Choi, Yun Jeong
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.1
    • /
    • pp.1-12
    • /
    • 2010
  • Recently, large amount of information in IDS(Intrusion Detection System) can be un manageable and also be mixed with false prediction error. In this paper, we propose a data mining methodology for IDS, which contains uncertainty based on training process and post-processing analysis additionally. Our system is trained to classify the existing attack for misuse detection, to detect the new attack pattern for anomaly detection, and to define border patter between attack and normal pattern. In experimental results show that our approach improve the performance against existing attacks and new attacks,from 0.62 to 0.84 about 35%.

Implementation of Realtime Face Recognition System using Haar-Like Features and PCA in Mobile Environment (모바일 환경에서 Haar-Like Features와 PCA를 이용한 실시간 얼굴 인증 시스템)

  • Kim, Jung Chul;Heo, Bum Geun;Shin, Na Ra;Hong, Ki Cheon
    • Journal of Korea Society of Digital Industry and Information Management
    • /
    • v.6 no.2
    • /
    • pp.199-207
    • /
    • 2010
  • Recently, large amount of information in IDS(Intrusion Detection System) can be un manageable and also be mixed with false prediction error. In this paper, we propose a data mining methodology for IDS, which contains uncertainty based on training process and post-processing analysis additionally. Our system is trained to classify the existing attack for misuse detection, to detect the new attack pattern for anomaly detection, and to define border patter between attack and normal pattern. In experimental results show that our approach improve the performance against existing attacks and new attacks, from 0.62 to 0.84 about 35%.

Robust Fuzzy Fingerprint Vault System against Correlation Attack (상관관계 공격에 강인한 지문퍼지볼트 시스템)

  • Moon, Dae-Sung;Chae, Seung-Hoon;Chung, Yong-Wha;Kim, Sung-Young;Kim, Jeong-Nyeo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.2
    • /
    • pp.13-25
    • /
    • 2011
  • Biometric-based authentication can provide strong security guarantee about the identity of users. However, security of biometric data is particularly important as the compromise of the data will be permanent. The fuzzy fingerprint vault system is one of the most popular solutions for protecting the fingerprint template stored in the database. Recently, however, this system is very susceptible to a correlation attack that finds the real minutiae using multiple fingerprint vaults enrolled for different applications. To solve this problem, we propose a robust fuzzy fingerprint vault system against the correlation attack. In this paper, we add chaff minutiae based on the relative information of minutiae such as direction, coordinate instead of adding randomly. Also, our proposed approach allow to add multiple chaff minutiae within tolerance box for enhanced security level. Experimental results show that the proposed approach can protect the correlation attack and achieve enhanced verification accuracy.

A Survivability Model of an Intrusion Tolerance System (침입감내시스템의 생존성 모델)

  • Park, Bum-Joo;Park, Kie-Jin;Kim, Sung-Soo
    • The KIPS Transactions:PartA
    • /
    • v.12A no.5 s.95
    • /
    • pp.395-404
    • /
    • 2005
  • There have been large concerns about survivability defined as the capability of a system to perform a mission-critical role, in a timely manner, in the presence of attacks, failures. In particular, One of the most important core technologies required for the design of the ITS(Intrusion Tolerance System) that performs continuously minimal essential services even when the computer system is partially compromised because of intrusions is the survivability one of In included the dependability analysis of a reliability and availability etc. quantitative dependability analysis of the In. In this Paper, we applied self-healing mechanism utilizing two factors of self-healing mechanism (fault model and system response), the core technology of autonomic computing to secure the protection power of the ITS and consisted of a state transition diagram of the ITS composed of a primary server and a backup server. We also defined the survivability, availability, and downtime cost of the ITS, and then performed studies on simulation experiments and two cases of vulnerability attack. Simulation results show that intrusion tolerance capability at the initial state is more important than coping capability at the attack state in terms of the dependability enhancement.

Secure route determination method to prevent sinkhole attacks in INSENS based wireless sensor networks (INSENS 기반의 무선 센서 네트워크에서 싱크홀 공격을 방어하기 위한 강화된 경로 설정 기법)

  • Song, Kyu-Hyun;Cho, Tae-Ho
    • Journal of the Korean Institute of Intelligent Systems
    • /
    • v.26 no.4
    • /
    • pp.267-272
    • /
    • 2016
  • Wireless sensor networks (WSNs) are vulnerable to external intrusions due to the wireless communication characteristics and limited hardware resources. Thus, the attacker can cause sinkhole attack while intruding the network. INSENS is proposed for preventing the sinkhole attack. INSENS uses the three symmetric keys in order to prevent such sinkhole attacks. However, the sinkhole attack occurs again, even in the presence of INSENS, through the compromised node because INSENS does not consider the node being compromised. In this paper, we propose a method to counter the sinkhole attack by considering the compromised node, based on the neighboring nodes' information. The goals of the proposed method are i) network reliability improvement and ii) energy conservation through effective prevention of the sinkhole attack by detecting compromised nodes. The experimental results demonstrate that the proposed method can save up to, on average, 19.90% of energy while increasing up to, on average, 71.50%, the report reliability against internal sinkhole attacks in comparison to INSENS.