Query:
学者姓名:赖英旭
Refining:
Year
Type
Indexed by
Source
Complex
Co-Author
Language
Clean All
Abstract :
With an increase in the complexity and scale of networks, cybersecurity faces increasingly severe challenges. For instance, an attacker can combine individual attacks into complex multi-stage attacks to infiltrate targets. Traditional intrusion detection systems (IDS) generate large number of alerts during an attack, including attack clues along with many false positives. Furthermore, due to the complexity and changefulness of attacks, security analysts spend considerable time and effort on discovering attack paths. Existing methods rely on attack knowledgebases or predefined correlation rules but can only identify known attacks. To address these limitations, this paper presents an attack correlation and scenario reconstruction method. We transform the abnormal flows corresponding to the alerts into abnormal states relationship graph (ASR-graph) and automatically correlate attacks through graph aggregation and clustering. We also implemented an attack path search algorithm to mine attack paths and trace the attack process. This method does not rely on prior knowledge; thus, it can well adapt to the changed attack plan, making it effective in correlating unknown attacks and identifying attack paths. Evaluation results show that the proposed method has higher accuracy and effectiveness than existing methods.
Keyword :
Graph neural network Graph neural network Attack scenarios reconstruction Attack scenarios reconstruction Intrusion detection Intrusion detection Multi-stage attack Multi-stage attack Network security Network security Graph representation Graph representation
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Lyu, Hongshuo , Liu, Jing , Lai, Yingxu et al. AGCM: A multi-stage attack correlation and scenario reconstruction method based on graph aggregation [J]. | COMPUTER COMMUNICATIONS , 2024 , 224 : 302-313 . |
| MLA | Lyu, Hongshuo et al. "AGCM: A multi-stage attack correlation and scenario reconstruction method based on graph aggregation" . | COMPUTER COMMUNICATIONS 224 (2024) : 302-313 . |
| APA | Lyu, Hongshuo , Liu, Jing , Lai, Yingxu , Mao, Beifeng , Huang, Xianting . AGCM: A multi-stage attack correlation and scenario reconstruction method based on graph aggregation . | COMPUTER COMMUNICATIONS , 2024 , 224 , 302-313 . |
| Export to | NoteExpress RIS BibTex |
Abstract :
由于网络安全领域课程—网络安全与防护课程本身理论性较强,同时教学过程中缺乏对学生学习结果的有效评价方式,实现网络安全与防护课程教学目标存在一定的难度。针对网络安全与防护课程教学建设问题,本文结合线上线下多种形式,提出了新的教学设计思路,并在其中融入了教学思政元素,阐述了课程混合式教学建设过程中的课程目标、教学内容、评价方法等方面的设计。通过对课程实践结果和教学数据的分析,网络安全与防护课程混合式教学设计取得了较好的教学效果。
Keyword :
混合式教学 混合式教学 教学实践 教学实践 网络安全与防护 网络安全与防护 教学设计 教学设计
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | 于海阳 , 杨震 , 赖英旭 et al. 网络安全与防护课程教学设计探索 [J]. | 中国多媒体与网络教学学报(上旬刊) , 2023 , (08) : 77-80 . |
| MLA | 于海阳 et al. "网络安全与防护课程教学设计探索" . | 中国多媒体与网络教学学报(上旬刊) 08 (2023) : 77-80 . |
| APA | 于海阳 , 杨震 , 赖英旭 , 刘静 , 王一鹏 . 网络安全与防护课程教学设计探索 . | 中国多媒体与网络教学学报(上旬刊) , 2023 , (08) , 77-80 . |
| Export to | NoteExpress RIS BibTex |
Abstract :
In an industrial control system, a programmable logic controller (PLC) plays a vital role in maintaining the stable operation of the system. Cyber-attacks can affect the regular operation by tampering with the data stored in the PLC, thereby damaging to the system. Thus, it is particularly important to develop an efficient cyber-attacks recovery method. However, owing to the impact of unknown factors in theoretical methods, poor scalability of automaton theory, and a lack of constraints during the training process of deep learning network models, the restoration accuracy and stability are low. Therefore, it is a significant challenge to design an appropriate method to improve the accuracy and stability of cyber-attacks recovery. In this study, the generative adversarial networks were applied to the problem of cyber-attacks recovery; furthermore, a multi-stage generative adversarial networks was designed. The model consisted of a Variational Autoencoder and two conditional energy-based generative adversarial networks (CEBGANs). Then the second CEBGAN uses the fitted random noise appending with the data generated by the previous stage and the historical data as additional information to obtain the restoration results. Moreover, a self-adaptive decision policy was established to enhance the restoration accuracy and stability. Experimental results demonstrated that the proposed method in this manuscript could effectively improve the accuracy of cyber-attacks data recovery and reduce the possibility of outliers in data recovery.
Keyword :
Cyber-attacks Cyber-attacks Industrial control system (ICS) Industrial control system (ICS) Generative adversarial network Generative adversarial network
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Tian, Bitao , Lai, Yingxu , Sun, Motong et al. MSGAN: multi-stage generative adversarial network-based data recovery in cyber-attacks [J]. | NEURAL COMPUTING & APPLICATIONS , 2023 . |
| MLA | Tian, Bitao et al. "MSGAN: multi-stage generative adversarial network-based data recovery in cyber-attacks" . | NEURAL COMPUTING & APPLICATIONS (2023) . |
| APA | Tian, Bitao , Lai, Yingxu , Sun, Motong , Wang, Yipeng , Liu, Jing . MSGAN: multi-stage generative adversarial network-based data recovery in cyber-attacks . | NEURAL COMPUTING & APPLICATIONS , 2023 . |
| Export to | NoteExpress RIS BibTex |
Abstract :
This paper proposes an authentication protocol based on a trusted connection architecture to manage the security and reliability of the cloud service environment during the communication process, improve the trust of the cloud service platform toward vehicles, and ensure that vehicle terminals have reliable access to cloud services. Compared with prior Internet of Vehicle (IoV) authentication schemes, our scheme is the first to include platform identification in the authentication process. Based on the characteristics of the trusted connection architecture, the components that constitute the platform can be assessed for security by verifying the vehicle platform identity and platform integrity metrics, thereby eliminating internal threats. In addition, the protocol proposes an authentication scheme for the IoV environment, in which the trusted authority only needs to generate the user's partial key based on the identity, thereby avoiding the key escrow problem common to identity-based cryptosystems. Finally, the scheme is proven to be highly secure using various approaches, such as Syverson-Van Oorschot (SVO) logical analysis, simulated authentication via automated validation of internet security protocols and applications (AVISPA), and informal security analysis. In the identity authentication step, our method has low computation and communication overhead when compared with other schemes according to the performance analysis results.
Keyword :
Trusted connection architecture Trusted connection architecture Trusted computing Trusted computing SVO SVO AVISPA AVISPA Authentication Authentication
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Zhang, Han , Lai, Yingxu , Chen, Ye . Authentication methods for internet of vehicles based on trusted connection architecture [J]. | SIMULATION MODELLING PRACTICE AND THEORY , 2023 , 122 . |
| MLA | Zhang, Han et al. "Authentication methods for internet of vehicles based on trusted connection architecture" . | SIMULATION MODELLING PRACTICE AND THEORY 122 (2023) . |
| APA | Zhang, Han , Lai, Yingxu , Chen, Ye . Authentication methods for internet of vehicles based on trusted connection architecture . | SIMULATION MODELLING PRACTICE AND THEORY , 2023 , 122 . |
| Export to | NoteExpress RIS BibTex |
Abstract :
In the modern interconnected world, intelligent networks and computing technologies are increasingly being incorporated in industrial systems. However, this adoption of advanced technology has resulted in increased cyber threats to cyber-physical systems. Existing intrusion detection systems are continually challenged by constantly evolving cyber threats. Machine learning algorithms have been applied for intrusion detection. In these techniques, a classification model is trained by learning cyber behavior patterns. However, these models typically require considerable high-quality datasets. Limited attack samples are available because of the unpredictability and constant evolution of cyber threats. To address these problems, we propose a novel federated Execution & Evaluation dual network framework (EEFED), which allows multiple federal participants to personalize their local detection models undermining the original purpose of Federated Learning. Thus, a general global detection model was developed for collaboratively improving the performance of a single local model against cyberattacks. The proposed personalized update algorithm and the optimizing backtracking parameters replacement policy effectively reduced the negative influence of federated learning in imbalanced and non-i.i.d distribution of data. The proposed method improved model stability. Furthermore, extensive experiments conducted on a network dataset in various cyber scenarios revealed that the proposed method outperformed single model and state-of-the-art methods.
Keyword :
intrusion detection intrusion detection cyber-physical system (CPS) cyber-physical system (CPS) Federated learning Federated learning personalized model personalized model cyber security cyber security
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Huang, Xianting , Liu, Jing , Lai, Yingxu et al. EEFED: Personalized Federated Learning of Execution&Evaluation Dual Network for CPS Intrusion Detection [J]. | IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY , 2023 , 18 : 41-56 . |
| MLA | Huang, Xianting et al. "EEFED: Personalized Federated Learning of Execution&Evaluation Dual Network for CPS Intrusion Detection" . | IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY 18 (2023) : 41-56 . |
| APA | Huang, Xianting , Liu, Jing , Lai, Yingxu , Mao, Beifeng , Lyu, Hongshuo . EEFED: Personalized Federated Learning of Execution&Evaluation Dual Network for CPS Intrusion Detection . | IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY , 2023 , 18 , 41-56 . |
| Export to | NoteExpress RIS BibTex |
Abstract :
In VANETs, malicious nodes launch Sybil attacks using false traffic information by forging basic safety messages, leading to erroneous decisions and ultimately causing traffic accidents that threaten the lives of passengers. Existing Sybil attack detection methods can only mitigate the impact of Sybil attacks and cannot trace the attack back to find malicious nodes. Meanwhile, malicious nodes can suppress the performance of tracing methods with the help of pseudonym exchange policy. This study proposes a fast Sybil attack tracing method in VANETs to address the above challenges. The method quickly identifies suspicious BSMs through cascading operations. Finally, the results of cascading operations are used to perform source estimation and complete the attack tracing. Experimental results show the method's precision >= 97% and recall >= 96%.
Keyword :
Sybil detection Sybil detection Attack tracing Attack tracing Position verification Position verification VANETs VANETs ITS ITS
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Zhang, Zhaoyi , Lai, Yingxu , Chen, Ye et al. Fast tracing method for Sybil attack in VANETs [J]. | 2023 IEEE 98TH VEHICULAR TECHNOLOGY CONFERENCE, VTC2023-FALL , 2023 . |
| MLA | Zhang, Zhaoyi et al. "Fast tracing method for Sybil attack in VANETs" . | 2023 IEEE 98TH VEHICULAR TECHNOLOGY CONFERENCE, VTC2023-FALL (2023) . |
| APA | Zhang, Zhaoyi , Lai, Yingxu , Chen, Ye , Wei, Jingwen , Feng, Yuan . Fast tracing method for Sybil attack in VANETs . | 2023 IEEE 98TH VEHICULAR TECHNOLOGY CONFERENCE, VTC2023-FALL , 2023 . |
| Export to | NoteExpress RIS BibTex |
Abstract :
A software-defined wireless sensor network can dynamically configure the nodes in a network according to the demand of the application layer. In practical applications, such as environmental monitoring, the nodes in a wireless sensor network(WSN) are deployed in the field environment on a large scale, and the data rely on multihop transmission to reach the sink node. The data extremely easy to selective forward-ing attacks during data transmission. Therefore, this study analyzes the models of selective forwarding attacks and proposes an abnormal node detection method, which includes a node behavior measure-ment scheme and trust-value evaluation mechanism. In addition, the application of a software-defined network (SDN) presents increasing network delay. Hence, herein a network recovery mechanism was de-signed based on cloud-edge cooperation to ensure the rapid recovery of the network after identifying the abnormal nodes. Moreover, experiments were conducted using simulation software and actual hardware. We verified the effectiveness of the proposed scheme. The experimental results revealed that the pro-posed method can effectively identify abnormal nodes, reduce the packet dropping ratio and shorten the network recovery delay by 77.2%. The research in this paper solves the security problem of SDWSN.(c) 2022 Elsevier Ltd. All rights reserved.
Keyword :
Wireless sensor network (WSN) Wireless sensor network (WSN) Software -defined wireless sensor network Software -defined wireless sensor network Behavior measurement Behavior measurement Software -defined networking (SDN) Software -defined networking (SDN) Selective -forwarding Selective -forwarding Cloud -edge coordination Cloud -edge coordination
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Luo, Shiyao , Lai, Yingxu , Liu, Jing . Selective forwarding attack detection and network recovery mechanism based on cloud-edge cooperation in software-defined wireless sensor network [J]. | COMPUTERS & SECURITY , 2023 , 126 . |
| MLA | Luo, Shiyao et al. "Selective forwarding attack detection and network recovery mechanism based on cloud-edge cooperation in software-defined wireless sensor network" . | COMPUTERS & SECURITY 126 (2023) . |
| APA | Luo, Shiyao , Lai, Yingxu , Liu, Jing . Selective forwarding attack detection and network recovery mechanism based on cloud-edge cooperation in software-defined wireless sensor network . | COMPUTERS & SECURITY , 2023 , 126 . |
| Export to | NoteExpress RIS BibTex |
Abstract :
With the continuous progress of computer technology, static identity authentication technology has encountered challenges in practical applications; in addition, it has deficiencies in continuity and mutability. For these reasons, we propose a risk-based dynamic identity authentication method based on the Usage Control (UCON) model. When authenticating a user, we consider their access rights based on the degree of risk, except in case of password authentication. We propose a risk assessment method, and blockchain technology is used in the scheme to provide a reliable process for risk assessment and authorization. Our scheme represents an improvement in traditional identity authentication, resulting in higher continuity and mutability. We also prove that the scheme has high security and scalability.
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Liu, Jing , Liu, Rongchao , Lai, Yingxu . Risk-Based Dynamic Identity Authentication Method Based on the UCON Model [J]. | SECURITY AND COMMUNICATION NETWORKS , 2022 , 2022 . |
| MLA | Liu, Jing et al. "Risk-Based Dynamic Identity Authentication Method Based on the UCON Model" . | SECURITY AND COMMUNICATION NETWORKS 2022 (2022) . |
| APA | Liu, Jing , Liu, Rongchao , Lai, Yingxu . Risk-Based Dynamic Identity Authentication Method Based on the UCON Model . | SECURITY AND COMMUNICATION NETWORKS , 2022 , 2022 . |
| Export to | NoteExpress RIS BibTex |
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Gu, Haoran , Lai, Yingxu , Wang, Yipeng et al. DEIDS: a novel intrusion detection system for industrial control systems (Feb, 10.1007/s00521-022-06965-4, 2022) [J]. | NEURAL COMPUTING & APPLICATIONS , 2022 , 34 (23) : 21405-21405 . |
| MLA | Gu, Haoran et al. "DEIDS: a novel intrusion detection system for industrial control systems (Feb, 10.1007/s00521-022-06965-4, 2022)" . | NEURAL COMPUTING & APPLICATIONS 34 . 23 (2022) : 21405-21405 . |
| APA | Gu, Haoran , Lai, Yingxu , Wang, Yipeng , Liu, Jing , Sun, Motong , Mao, Beifeng . DEIDS: a novel intrusion detection system for industrial control systems (Feb, 10.1007/s00521-022-06965-4, 2022) . | NEURAL COMPUTING & APPLICATIONS , 2022 , 34 (23) , 21405-21405 . |
| Export to | NoteExpress RIS BibTex |
Abstract :
While vehicle-to-everything communication technology enables information sharing and cooperative control for vehicles, it also poses a significant threat to the vehicles' driving security owing to cyber-attacks. In particular, Sybil malicious attacks hidden in the vehicle broadcast information flow are challenging to detect, thereby becoming an urgent issue requiring attention. Several researchers have considered this problem and proposed different detection schemes. However, the detection performance of existing schemes based on plausibility checks and neighboring observers is affected by the traffic and attacker densities. In this study, we propose a malicious attack detection scheme based on traffic-flow information fusion, which enables the detection of Sybil attacks without neighboring observer nodes. Our solution is based on the basic safety message, which is broadcast by vehicles periodically. It first constructs the basic features of traffic flow to reflect the traffic state, subsequently fuses it with the road detector information to add the road fusion features, and then classifies them using machine learning algorithms to identify malicious attacks. The experimental results demonstrate that our scheme achieves the detection of Sybil attacks with an accuracy greater than 90% at different traffic and attacker densities. Our solutions provide security for achieving a usable vehicle communication network.
Keyword :
Sybil attacks Sybil attacks Information fusion Information fusion Vehicular networks Vehicular networks Traffic flow characterization Traffic flow characterization Attack detection Attack detection
Cite:
Copy from the list or Export to your reference management。
| GB/T 7714 | Chen, Ye , Lai, Yingxu , Zhang, Zhaoyi et al. Malicious attack detection based on traffic-flow information fusion [J]. | 2022 IFIP NETWORKING CONFERENCE (IFIP NETWORKING) , 2022 . |
| MLA | Chen, Ye et al. "Malicious attack detection based on traffic-flow information fusion" . | 2022 IFIP NETWORKING CONFERENCE (IFIP NETWORKING) (2022) . |
| APA | Chen, Ye , Lai, Yingxu , Zhang, Zhaoyi , Li, Hanmei , Wang, Yuhang . Malicious attack detection based on traffic-flow information fusion . | 2022 IFIP NETWORKING CONFERENCE (IFIP NETWORKING) , 2022 . |
| Export to | NoteExpress RIS BibTex |
Export
| Results: |
Selected to |
| Format: |
