Defense Strategy of Network Security based on Dynamic Classification
Defense Strategy of Network Security based on Dynamic Classification
KSII Transactions on Internet and Information Systems (TIIS). 2015. Dec, 9(12): 5116-5134
Copyright © 2015, Korean Society For Internet Information
  • Published : December 31, 2015
Export by style
Cited by
About the Authors
Jinxia Wei
Information Security Center, National Engineering Laboratory for Disaster Backup and Recovery Beijing University of Posts and Telecommunications Beijing, 100876, China
Ru Zhang
Key Laboratory of Trustworthy Distributed Computing and Service Beijing University of Posts and Telecommunications Beijing, 100876, China
Jianyi Liu
Information Security Center, National Engineering Laboratory for Disaster Backup and Recovery Beijing University of Posts and Telecommunications Beijing, 100876, China
Xinxin Niu
Information Security Center, National Engineering Laboratory for Disaster Backup and Recovery Beijing University of Posts and Telecommunications Beijing, 100876, China
Yixian Yang
Information Security Center, National Engineering Laboratory for Disaster Backup and Recovery Beijing University of Posts and Telecommunications Beijing, 100876, China

In this paper, due to the network security defense is mainly static defense, a dynamic classification network security defense strategy model is proposed by analyzing the security situation of complex computer network. According to the network security impact parameters, eight security elements and classification standard are obtained. At the same time, the dynamic classification algorithm based on fuzzy theory is also presented. The experimental analysis results show that the proposed model and algorithm are feasible and effective. The model is a good way to solve a safety problem that the static defense cannot cope with tactics and lack of dynamic change.
1. Introduction
W ith the development of information technology, Internet is becoming the key infrastructure of national information. Current Internet and computers are constantly under various attacks: hackers’ intrusion, port scan, distributed denial-of-service (DDoS) [1] , virus and worm infection, e-mail spam, etc. Many defense methods and systems have been proposed [2 - 4] . Most research has focused on stationary network operation with fixed configurations. However, attack detection system have to face the rapidly changing network condition and attack intensity [5 , 6] . A variety of applications based on web are increasingly common, the network security is related to the fundamental interests of the state and society. At the same time, network in many fields has been developed rapidly, but the network security has gradually been broken. Therefore the defense mechanism technology of network security is turning to mature, how to protect the safety of network is becoming more and more important. The traditional passive defense mechanism of network security technology, such as firewall, intrusion detection, loophole, is not enough to cope with protean network attacks [7 - 10] . The inherent limitations of these means and methods are obvious. On the other hand, if we can’t deal with the network reasonably, the network would become paralyzed. In order to cope with dynamic network attack efficiently, many researchers turn defense measures from passive to active, and defense mechanism from static to dynamic [11 - 16] . An ideal defense system should make a protection for all weaknesses or aggressive behavior, but this kind of defense is obviously unreasonable for its cumulative cost. Hence, we should take into consideration the applicability of protected system [7] . In the literature [7] , Jiang put forward a new active defense model of network system security assessment - network attack and defense game model, including that a defender dispose network security and active defense to the optimal price, and providing a powerful guarantee for active defense.
However, the defensive strategy doesn’t provide a real-time protection, its dynamic is weak. In the current complexity environment of large-scale network security equipment distribution, heterogeneity [17 - 20] , we may lead to strategy resources issued blindly, cause the waste of resources. So as to deal with the challenges of network security, VPN, IDS, anti-virus system, identity authentication [21] , data encryption, security audit and other security protection and management system have been widely applied. In terms of security equipment and security mechanism, we propose a dynamic classification defense of network security, which provides correct and complete security policies for network security defense system. At the same time, the security strategies can be executed smoothly. Such we would solve the degradation problem of network performance for security deployment, and improve efficiency of security products. At the present stage, the idea of the classification for network security defense has not been commonly developed at home and abroad, therefore the method is a signal that represents the network security defense stepping into a new stage.
Comparing with the existing work, the main contributions of our paper have: (1) We have taken into consideration the effectiveness of the network security defense strategy. Basing on dynamic classification of network security defense, we have established a defense strategy model, and proposed the network security elements and their classification standard. At the same time, a detailed dynamic classification algorithm combined with fuzzy theory is presented. (2) We have solved the strategy generation and distribution in the form of interaction. When some kind of network security defense strategy in database is missing in the generation phase, the database would make the default feedback in time to resource management module. Then the resource management module would provide the missing defense strategy for the database. (3)The system is able to generate and issue strategy to the strategy executive subsystem. When some executive equipment lacks security strategy parameters (without security strategy parameters, executive equipment would can’t adopt the security strategy), the resource management module receives feedback from the strategy executive system, the resource of strategy parameters may be distributed to the executive equipment by resource management module. The main task of resource management module is to accept feedback, and to provide the information what other modules need.
2. Related Work
In this section, we simply introduce some basic concepts and functional expressions of the fuzzy theory which will be used to construct the dynamic classification algorithm. The level of each security element is divided by using a numerical interval, which is equivalent of the Fuzzy set in Fuzzy theory.
- 2.1 The basic definitions
Definition2.1.Fuzzy set [22] :Suppose that U is a domain(non-empty), the “Fuzzy set” A on the area of U refers to given a random x U , such that x belongs to A with degree of μ ( μ ∈ [0,1]), rather than x A or x A .
Definition2.2.Membership function and Membership degree [22] : Suppose that U is a domain, μ U → [0,1], μ is called as a membership function of U , put all membership functions of U together and denote as SH( U ). Given all Fuzzy sets of U as F( U ), the relationship between SH( U ) and F( U ) is one to one. That is to say, for any μ ∈SH( U ), there exists unique Fuzzy set
PPT Slide
Lager Image
of U corresponding to μ . Denote μ as
PPT Slide
Lager Image
for any x U , then
PPT Slide
Lager Image
is called as membership degree of x to
PPT Slide
Lager Image
- 2.2 The expression of membership function
According to the definition of membership degree, a Fuzzy set correspond with a membership function. Similar to the distribution function in probability theory, if the domain is real number set, a parameter function on []0,1, which is applied by all kinds of problems, called Fuzzy distribution function (that is, the membership functions). There are several commonly used membership function as follows [22] : 1. Normal distribution; 2. Half a trapezoidal distribution and trapezoidal distribution; 3. K parabolic distribution; 4. Cauchy distribution; 5. S distribution. Based on our paper data, we choose the half trapezoid distribution, the second type membership functions are introduced in details, and specific expressions are given by:
(1) the right trapezoid distribution
PPT Slide
Lager Image
where a,b are parameters, b >a (see Fig. 1 ).
(2) The left trapezoid distribution
PPT Slide
Lager Image
where a,b are parameters, b >a (see Fig. 2 ).
PPT Slide
Lager Image
right trapezoid distribution
PPT Slide
Lager Image
left trapezoid distribution
3. The principle of the dynamic classification defense strategy of network security
In this work, we mainly introduce dynamic classification strategy system of network security. Based on the data of sensing from requirement system, strategy management system makes decision for network requirements by using safe grade matching and dynamic classification algorithm, and generate corresponding security strategy according to the decision content. Since some of safety equipment can’t recognize strategy language, we establish a translation part, which converts strategy language appropriately by using the results from feedback of safety equipment. We should ensure that strategy is adopted by the corresponding equipment, send the ultimate security strategy to the strategy execution system. Finally, strategy execution system will be activated in turn according to the requirements. In order to understand the working principle of the strategy system, dynamic classification defense of network security system model is shown in Fig. 3 .
PPT Slide
Lager Image
Dynamic classification defense of network security system model
The input of system has three parts: (1) Situational analysis data for network monitoring information (by monitoring man); (2) User input data; (3) Current awareness of defense situation. When there are different security levels about input data(three parts input different data levels), we will select the highest security level data as defense needs, for we need ensure the network in a safety condition. The system executes defense situation awareness and defense range analysis using the implementation results of equipment, strategy library and network topology. Therefore, the data of implementation results of equipment, strategy library and network topology feed the defense situation awareness block.
The three parts implement fine-turning operation through control interface, and obtain the preliminary demand. Based on this preliminary demand, we apply classification algorithm and standard to generate security need decision. After generating the security need decision, we need to complete defense class confirmation with the network monitoring man and the user. When they agree with this securtiy need decision, defense strategy is generated. Then the strategy is issued to network security equipment through safe equipment interaction interface. In order to monitor equipment for strategy implementation, the system automatically executes defense situation awareness and defense range analysis according to strategy library and network topology, and gets current awareness of defense. He sends current awareness of defense to the preliminary demand module, and cooperates with the user and the network monitoring man to obtain the final preliminary demand. Then the three parts implement fine-turning operation again and repeat the above strategy generation and distributed operation.
We calculate the level of safety demand through dynamic network security classification algorithm. Finally, if the user agrees with performing the level strategy, the system begins to generate strategy. By establishing a dynamic classification strategy system model, we implement the dynamic strategy decisions, format conversion, generation mechanism, provide a guarantee for the security operation of the network in real time.
- 3.1 Dynamic classification defense strategy of network security
The system of dynamic classification defense strategy involves strategy decision unit, strategy generation unit, strategy issue unit, the resource management unit, equipment control unit and a variety of data base. Here, the strategy decision unit plays the most important role in strategy management sub system. The whole system is shown in Fig. 4 .
PPT Slide
Lager Image
Dynamic defense of network security system
As shown in Fig. 4 , the system consists of eight modules: demand acquisition, strategy decision, strategy generation, strategy issue, equipment control, resource management, strategy execution and three databases. Demand acquisition module is a separate subsystem, it is not emphasis for our system. Therefore, we mainly introduce the function of other modules in details:
A) Strategy decision includes data acquisition unit, classification calculation unit and strategy position unit. After acquiring safe factor data, it generates the strategy information according to classification algorithm and standard which is proposed in Section 3.1.2 and 3.2. The proposed classification algorithm is based on membership function. At the same time, it also needs to get strategy position for implementing strategy distributed.
B) Strategy generation module receives the position information from decision module, and generates the final strategy. It includes three units: strategy match, default report and translation. Strategy match unit is responsible for confirmation of safe demand level, if the level of safe strategy satisfies requirement of three parts described in Fig. 3 , it translates strategy into information which can be identified by safe equipment. If the level of safe strategy does not satisfy requirement of the three parts, it would produce a default report. Thus, the strategy would be regenerated until it satisfies the requirement of the three parts.
C) After receiving correct strategy from strategy generation module, strategy issue module packs safe strategy and sends it to strategy execution module which fulfils strategy execution.
D) In addition to execution, the strategy execution module is also responsible for status feedback. It sends the execution status to equipment control module for managing equipment.
E) The equipment control module receives status feedback from the strategy execution, and then updates equipment status. At the same time, it also takes on database maintenance.
F) When the equipment lacks some resource for performing the corresponding safe strategy, the strategy execution module will send a appropriate resource demand to resource management module. Once the resource management module receives this request, it will invoke an appropriate resources from database and send it back to strategy execution.
G) Format database, resource database and strategy database are the most important supporters for the whole system.
From Fig. 3 and Fig. 4 , we can see that the presentation in Fig. 3 is a subsystem of the system in Fig.4 . The strategy decision module, the strategy generation module and the strategy issue module shown in Fig. 4 are detailed description for subsystem in Fig. 3 . That is, the whole process in Fig. 3 is strategy generation and issue, which extends to the strategy decision module, strategy generation module and strategy issue module presented in Fig. 4 .
- 3.1.1 Safety factors of dynamic classification defense of network security
In this section, the selection of network security elements is the foundation of the whole dynamic classification defense of network security, since the network security elements are constructed by numerous correlative parameters which can reflect actual situation of network security. Liu and Zhang [5] have finished the research on defensive measure and safe factor in details. Wang Yulin proposed four network security factors in [24] , such as encryption, integrity, authentication and safe audit. However, these factors are not enough to reflect the change of safety level in a dynamic network environment. We make further analysis on the various aspects of network security parameters on the basis of their research. Combining with dynamic network environment and the experimental-derived QoS parameters presented in [29 - 31] , we introduce the traffic and access control, such as traffic filtration, access control, traffic protection and safe inspection. All these safe factors reflect the safe situation of the whole system. Consequently, we consider the following eight safe factors: traffic packet size, integrity, authentication, traffic packet rate, link frequency, traffic protection, safe inspection and safe audit, which are shown in Fig. 5 .
PPT Slide
Lager Image
The elements of dynamic classification defense for network security
- 3.1.2 The classification standard of safe factors
The classification criterion based on expert opinion and specific experimental environment is proposed. In the process of experiment, we take the load test for several times by setting different network load situations, and observe and record the specific value of various parameters obtained from the experiment, then analyze the relationship between values and the current situation of the network. For example, in normal and abnormal cases, the values of safe parameters are different. Thus we can see that the value of safe parameter is key to determine the scope of the levels of each parameter. We use the corresponding indicators to measure every security elements. Details are shown in Table 1 .
The level of network security factors
PPT Slide
Lager Image
Note: “—” denotes no.
Each level denotes the practical running status of all safe factors’ indicators under different network environment. All the safe levels correspond to the change of network security status from unsafe to safe situations.
- 3.2 Dynamic classification algorithm based on fuzzy theory
In the dynamic classification defense strategy of network security, strategy decision is located at central position. We can obtain the current network security requirements through analyzing of network environment. We usually use the weighted average algorithm to calculate the comprehensive level of network security, the method has simple computational complexity and higher operation rate, but it cannot solve uncertain problems.
Due to the question in this paper is uncertain problems, we cannot regard dynamic classification of the network security as a certain object. Also we can’t design a standard threshold, the network situation is good if they don’t exceed in this threshold, and bad exceed. Therefore, the defense classification of network security should be regarded as a process of reasoning, which needs to make a comprehensive judgment by collecting information from different sources. According to the evaluation results, corresponding strategy are issued. For this problem, we solve the decision of security requirement using fuzzy theory, and obtain the strategy level.
The process diagram of the algorithm is shown in Fig. 6 .
PPT Slide
Lager Image
Fuzzy theory algorithm process
Based on above process, data preprocessing module converts requirement information to the value of requirement for system, we can calculate the comprehensive security level by applying the dynamic classification algorithm.
The calculation process is given as following:
Step1: Construction of membership functions
On the basis of situational analysis information, user requirement and the current defense strategy , we have constructed the membership function. The level of classification defense of network security is divided into eight parts. Membership means that the situation of network security belongs to one level at some extent. Under normal circumstance, the membership value is greater , the possibility belonging to the corresponding level is greater. The specific standard of division needs to change with the specific network environment.
The method for establishing membership function is mainly based on distance between the actual data (monitoring to the current network data) and standard data (see Table 1 ). The specific expression is written as:
PPT Slide
Lager Image
where Li denotes a standard value for the i th(1 ≤ i ≤ 8) level, L i+1 denotes a standard value for the i + 1 th (1 ≤ i ≤ 8) level.
Of course, in view of the standard of different parameters for safety factors, Eq. (3-1) needs to make some adjustment according to different situations.
Step2: Construction of the fuzzy matrix
Let U be a set of various safety factors, and V be a set of network security level. In terms of our system, U={ encryption, integrity,…, safety audit }, V={ level 1 , level 2, …, level 8 }. For each actual measured value x (monitoring data in current network) of safety elements, we calculate its membership for security level by using of membership function, and acquire judging matrix:
PPT Slide
Lager Image
where aij denotes the membership ( i is safe element, j is safe level, 1 ≤ i,j ≤ 8). If some safe element level does not exist, then aij = 0.
Step3: Calculation of the factor weight
Considering the actual situation, each security element plays a different role when different attacks exist on the network. For example, if the Internet is attacked by DDOS, the flow protection and control will play a more important role. We construct the weight calculation formula in double cases, the first case is that the tendency for changing of network safe elements is increasing from the level 1 to 8, the specific calculation formula is given by:
PPT Slide
Lager Image
The first case is that the tendency for changing of network safe elements is decreasing from the level 1 to 8, the specific calculation formula is given by:
PPT Slide
Lager Image
where Bi denotes the actual value of the i th safe element,
PPT Slide
Lager Image
denotes intermediate level value of the i th safe element, B max denotes the maximum value of each security element classification standard, and B min is the minimum value of each security elements classification standard.
We need to normalize the results, such that the sum of all weights is equal to 1. Formula for normalizing is as follows ( h′ denoted initial weight matrix):
PPT Slide
Lager Image
Weighting matrix A is got, where A = [ hi ], i = 1,2,...,8.
Step4: Compound operation of matrix
Matrix A multiples matrix P (in this part, we adopt the multiplication from Fuzzy theory), the result is as follows:
PPT Slide
Lager Image
We normalize the result of [ c 1 , c 2 ,⋯, c 8 ], such that the sum of all elements is equal to 1.
Step5: Decision
According to the results of the final vector to determine the comprehensive level, we choose the vector that has the largest value, and regard angle of it as the comprehensive level. If we regard C as the network safe level, and
PPT Slide
Lager Image
For example, c 5 is the largest one, we obtain the comprehensive level of network safety is level 5.
- 3.3 Dynamic defense system of network security
In terms of system function, strategy is some information which can be used to change the behavior of the execution. In terms of content, strategy is a series of rules, and they can control operation component of network.
In most cases, the network is a relatively stable state, we just make partial adjustment on required defense strategy. Most of the safe equipments are able to maintain safe strategy for themselves, only a small part needs to adjust. When strategy has been generated and distributed, system needs to establish a filtering mechanism, and it only sends necessary safe strategy which changes the execute component. Thus the resource can be distributed fast and efficiently. Strategy decision units, generating unit, strategy issued unit, resource management unit and equipment control unit play a unique function during the strategy generation, distribution and maintenance.
There exist interactive modes between strategy decision and generation and demand acquisition module, strategy decision and generation modules connect with demand acquisition module directly. When network security lies in a dangerous condition, demand acquisition subsystem will obtain an alarm from strategy system (see Fig. 4 ).
- 3.3.1 Strategy distribution and generation
Strategy generation unit accepts positioning information deriving from strategy decision unit. After the information confirmed by users, system will sent the selected strategy to the generation unit, and generate specific types of strategy. The default strategy information will be reported to the resource management module, then the resource management module deals with the default information. Strategy generation unit is a translation unit of system, it converts unified execution strategy description language into different language of executable equipment. Then strategy has been issued in the form of package.
- 3.3.2 Resource management
One of the most important tasks of resource management is receiving default information, the resource management would send the solution of the default information to strategy execution units.
Due to executive equipment is provided by different vendors, and they may adopt different protocols or standards. In order to ensure strategy can be executed by equipment smoothly, resource management unit provides all kinds of strategy implementation in details.When the strategy is issued to execution equipment, it will send a request to resource management unit if executive equipment isn’t able to execute strategy. Resource management unit accesses to strategy resource database. According to the request above, the resource management searches strategy execution method in detail, and then sents it to executive equipment.
- 3.3.3 Equipment control
The main function of equipment control is to receive the execution status information that the execution equipment feedbacks regularly. According to the status information, the equipment control updates the equipment execution information in the database, at the same time also ensures maintenance of the database favorably.
4. The simulation and the analysis of experiment
We have presented how to design the dynamic classification defense of network security system. The system has not been existed before, therefore the method marks the beginning of dynamic classification defense. By comparing the safe level of two different network security, we illustrate the applicability of the method. We use network topology simulation shown in Fig. 7 . The attack host is located in the external network, and a firewall separates target network from external network, firewall rules are shown in Table 2 . The rest of system is made of a Web server with Win7 operating system, a file management server with Linux operating system and a database server with Win7 operating system.
PPT Slide
Lager Image
Experimental environment of network topology
Firewall rules
PPT Slide
Lager Image
Firewall rules
In order to illustrate rationality and applicability for the dynamic classification based on network security defense, we set up two experiments for comparing. The first experiment lies in a deteriorative Internet environment which is affected by the worm, and all measure indicator can not run normally. About the worm attack, we can refer research [25 - 28] . Now the safe server coefficient is falling, and the network resource is not enough to reply a large number of users request. The second lies in a normal operation, the safe level of various factors is kept in a high state, now situation of network security is very good. In this work, the precision of dynamic classification of network security defense is the dynamic classification algorithm. Strategy generation and distribution just follows with the design of system. So our main task is to prove the validity of the algorithm based on two different security environment above.
Experiment 1:
As we mentioned in the Section 3, the resource of safe elements has three parts: (1) Situational analysis data for network monitoring information; (2) User input data; (3) Current awareness of defense situation. We choose the lowest level data of them as our target data. In order to get the level of network security when the network is attacked by the worm, we should record the operation value of each safe element. Making use of these values and the algorithm given in Section 3.2, we obtain the comprehensive level of network security. The operation values of eight safe elements attacked by the worm are shown in Table 3 .
The actual measured value for safe elements
PPT Slide
Lager Image
The actual measured value for safe elements
According to Eq.(3-1), we list the computational formula for membership function. Since the variation tendency of integrity constraints rate, certification numbers and average throughput is increasing. For the tendency is similar to the change of the traffic packet size, we just give the computational formula for membership function of the traffic packet size as following. The computational formulas of variation tendency of integrity constraints rate, certification numbers and traffic packet rate are similar to the traffic packet size membership function formula.
PPT Slide
Lager Image
The variation tendency of the average response time of link frequency, packet loss rate, the average response time of detection, the average response time of auditing is decreasing, hence we give only the computational formula for membership function of the link frequency as following, the membership function of other safe element is similar to them.
PPT Slide
Lager Image
We get the membership degree matrix as follows
PPT Slide
Lager Image
We calculate the factor weight matrix by using Eq.(3-2)- Eq. (3-4), and normalize the results and achieve ultimate matrix
PPT Slide
Lager Image
We can see that the largest number is 0.2343, which lies in the second position. Therefore, we know that the level of network security is level 2 when the network is attacked by the worm. Now the network is in a dangerous state.
Experiment 2:
The information of eight safe elements is given in Table 4 by monitoring dynamically.
The actual measured value for safe elements
PPT Slide
Lager Image
The actual measured value for safe elements
According to calculating steps in Experiment 1 , the membership matrix is obtained:
PPT Slide
Lager Image
We normalize the weight matrixrecalculatedas follows:
  • A= (0.3004 0.0733 0.1098 0.0308 0.0967 0.1801 0.1686 0.0403)
The normalization form of final result is obtained:
  • (0 0 0 0 0.1105 0.2714 0.4527 0.1654)
The largest number is 0.4527 which locates in the seventh position, we draw a conclusion that the network safe is 7 level. The Internet is operating in good condition. But the result in experience 1 is terrible, we need to offer higher level strategy to defensive system. For example, the Internet may be in danger when the network safe is 2 level, we need to provide the 7 level strategies for the Internet and prevent the Internet from damaging. Referring to the classification standard and the membership degree matrix, we check each security elements level, then generate corresponding strategy for each security elements according to the level of each security elements. Thus the system achieves the distribution and execution of strategy. At the same time, every safe factor is promoted to a higher level of normal operation.When users want to change the execution state security element, the model can obtain security levels accurately.
It can be seen from the results of the validation that the dynamic classification algorithm to the network security factors is accurate, and the method has a clear physical meaning. Of course, we also know that the main advantage of this method is to solve the problem of current network performance degradation caused by the security arrangements, and improve the use efficiency of the security products.
5. Conclusion
Based on analyzing the research status of network security at home and abroad, we make a further study on network security defense knowledge. Considering the current network structure and the present condition of the network, we propose a dynamic classification defense policy model of network security, and discuss the possible problems and solutions on the basis of policy decision methods, strategies generation and issue. The model locates in the core position of whole network security active defense system. We put forward the feedback loop in strategy generation and distribution. The process helps the system issue and execute strategy successfully. The model reflects dynamic classification defense of network security directly. For a long time, most of the network security defense is based on static defense. If the system just considers the security technology, it isn’t able to solve the problem for changing of attack and defense completely. Compared with the literature [23] , the model accomplishes the major function of the network security defense strategy, and has stronger adaptability and real-time performance.
The author thanks the editor and reviewers for their suggestions to improve the quality of paper. This work was supported by the NSF of China (U1433105) and the Beijing Higher Education Young Elite Teacher Project (YETP0448).
Jinxia Wei received the B.S. degree from Hebei Normal University in 2010 and M.S. degree from YanShan University in 2013. Her current research interesting include cryptography, network secrity, cloud storage security and its application, etc. Now, she is studying as a doctor in Beijing University of Posts and Telecommunications.
Ru Zhang was born in 1976 and received Ph.D. degree in Computer Application Technology in 2003. She is a Prof. at Computer College, BUPT. She researches on Information Security in the state key laboratory of networking and switching technology, BUPT. Her interests include digital watermark, cryptography and multimedia authentication. She was awarded a national second prize and two provincial prizes.
Jianyi Liu received the B.S. degree from Xi’an University of Posts and Telecommunications in 2000 and M.S. degree from Beijing University of Posts and Telecommunications in 2005. Her current research interesting include disaster backup, information retrieval, network secrity, and cloud storage security, etc. He has published more than 40 papers in International Journal.
Xinxin Niu is an professor of Computer Science and Technology at Beijing University of Posts and Telecommunications. She received the MS degree from Beijing University of Posts and Telecommunications in 1988, the PhD degree from Chinese University of Hong Kong in 1997. Her current research interests include network security, digital watermarking and digital rights management, etc.
Yixian Yang is a Professor of Computer Science and Technology at Beijing University of Posts and Telecommunications and also the director of the National Engineering Laboratory for Disaster Backup and Recovery of China. He received his MS degree in Applied Mathematics and Posts and Telecommunications in 1987 and 1988, respectively. His research interests include coding theory and cyrptography, information secrutiy and network security, disaster backup and recovery, signal and information processing, etc.
Wu Q. S. “On modeling and simulation of game theory-based defense mechanisms against DoS and DDoS attacks,” in Proc. of the 2010 spring simulation multiconference. Society for computer Simulation International 2010
Lye K. W. , Wing J. 2002 “Game strategies in network security,” School of Computer Science, Carnegie Mellon University Pittsburgh Technical Report CMU-CS-02-136
Zou C. Cliff , Duffield Nick , Towsley Don 2006 “Weibo Gong. Adaptive Defense Against Various Network Attacks,” IEEE Journal on Selected Areas in Communications 24 (10) 1877 - 1887    DOI : 10.1109/JSAC.2006.877137
Xu J. , Lee W. 2003 “Sustaining availability of Web services under distributed denial of service attacks,” IEEE Transactions on Computers 52 (4) 195 - 208
Liu P. , Zhang W. “Incentive-based modeling and inference of attacker intent, objectives, and strategies,” in Proc. of the 10th ACM Computer and Communication Security Conference (CCS’03) Washington, DC 2003 179 - 189
Northcutt S. 1999 Networking Intrusion Detection: An Analyst’s Handbook, 3rd Edition Indianapolis New Riders Publishing Indiana, United States
Jiang W. , Fang B. X. , Tian Z. H. 2009 “Evaluating network security and optimal active defense based on attack-defense game madel,” Chinese Journal of Computers 32 (4) 817 - 827    DOI : 10.3724/SP.J.1016.2009.00817
Spyridopoulos T. , Karanikas G. , Tryfonas T. , Oikonomou G. 2013 “A game theoretic defense framework against DoS/DDoScyber attacks,” Computer & Security 38 39 - 50    DOI : 10.1016/j.cose.2013.03.014
Chonka A. , Xiang Y. , Zhou W. L. , Bonti A. 2011 “Cloud security defense to protect cloud computing against HTTP-DoS and XML –DoS attacks,” Journal of Network and Computer Applications 34 (4) 1097 - 1107    DOI : 10.1016/j.jnca.2010.06.004
Tariq U. , Malik Y. , Abdulrazak B. 2011 “Collaborative Peer to Peer Defense Mechanism for DDoS Attack,” Procedia Computer Science 5 157 - 164    DOI : 10.1016/j.procs.2011.07.022
Xu J. F. 2011 “A defense system for wireless sensor networks,” The Journal of China Universities of Posts and Telecommunications 18 (2) 119 - 122    DOI : 10.1016/S1005-8885(10)60162-8
Jiang Y. C. , Xia Z. Y. , Zhang S. Y. 2005 “A novel defence model for dynamic topology network based on mobile agent,” Microprocessors and Microsystems 29 (6) 289 - 297    DOI : 10.1016/j.micpro.2004.10.007
Hong W. M. 2012 “The technology research of dynamic network active defense in network management,” International workshop on information and electronics engineering(IWIEE) 29 1584 - 1589
Tripathy S. , Nandi S. 2008 “Defense against outside attacks in wireless sensor network,” Computer Communications 31 (4) 818 - 826    DOI : 10.1016/j.comcom.2007.10.025
Fitch J. A. , Hoffman L. J. 1993 “A shortest path network security model,” Computers & Security 12 (2) 169 - 189    DOI : 10.1016/0167-4048(93)90100-J
Hoque N. , Bhuyan M. H. , Baishya R. C. , Bhattacharyya D. K. 2014 “Network attacks: Taxonomy, tools and systems,” Journal of Network and Computer Applications 40 307 - 324    DOI : 10.1016/j.jnca.2013.08.001
Levitin G. 2007 “Optimal defense strategy against intentional attacks,” IEEE Transactions on Reliability 56 (1) 148 - 157    DOI : 10.1109/TR.2006.884599
Li H. , Rosenwald G. W. , Jung J. , Liu C. C. “Strategic power infrastructure defense,” in Proc. of The IEEE 2005 vol. 93, no.5 918 - 933
Chen R. L. , Park J. M. , Marchany R. 2007 “A divide – and – conquer strategy for thwarting distributed denial-of-service attacks,” IEEE Transactions on Parallel and Distributed Systems 18 (5) 577 - 588    DOI : 10.1109/TPDS.2007.1014
Kreidl O. P. , Frazier T.M. 2004 “Feedback control applied to survivability: A host-based autonomic defense system,” IEEE Transactions on Reliability 53 (1) 140 - 166    DOI : 10.1109/TR.2004.824833
Cao C. L. , Zhang R. , Zhang M. Y. , Yang Y. X. 2013 “IBC-based entity authentication protocols for federated cloud systems,” KSII Transactions on Internet and Information Systems 7 (5) 1291 - 1312    DOI : 10.3837/tiis.2013.05.020
Peng Z. Z. , Sun Y. Y 2007 “Fuzzy mathematics and its application,” 2nd Edition Wu Han university press China 4 - 10
Yao S. P. , Gu Y. Y. “Network security situation quantitative evaluation based on the classification of attacks in attack-defense confrontation environment,” 2009 Chinese Control and Decision Conference 2009 6014 - 6019
Wang Y. L. , Tian G. F. 2013 “Network security technology and practices,” Tsinghua university press Beijing, China 65 - 67
Dainotti A. , Pescapè A. , Ventre G. “Worm Traffic Analysis and Characterization,” 2007 IEEE International Conference on Communications (ICC 2007)
Dainotti A. , Pescapè A. , Ventre G. 2009 “A cascade architecture for DoS attacks detection based on the wavelet transform,” Journal of Computer Security 17 (6) 945 - 968
Jo M. , Han L. Z. , Tan N. D. , In H. P. 2015 “A Survey: Energy Exhausting Attacks in MAC Protocols in WBANs,” Telecommunication Systems 58 (2) 153 - 164    DOI : 10.1007/s11235-014-9897-0
Jo M. , Han L. Z. , Kim D. , In H. P. 2013 “Selfish Attacks and Detection in Cognitive Radio Ad-hoc Networks,” IEEE Networt 27 (3) 46 - 50    DOI : 10.1109/MNET.2013.6523808
Botta A. , Pescapé A. , Ventre G. (2008) “Quality of service statistics over heterogeneous networks: Analysis and applications,” European Journal of Operational Research 101 1075 - 1088    DOI : 10.1016/j.ejor.2007.07.022
Karrer R. P. , Matyasovszki I. , Botta A. , Pescapé A. “Experimental evaluation and characterization of the magnets wireless backbone,” WiNTECH’06 Los Angeles, California, USA September 29, 2006
Karrer R. P. , Matyasovaszki I. , Botta A. , Pescapé A. “MagNets-experiences from deploying a joint research-operational next-generation wireless access network testbed,” in Proc. of the 3rd International Conference on Testbeds and Research Infrastructures for the Development of Networks and Communities. TridentCom 2007