Shichang Xuan

Thwarting Nonintrusive Occupancy Detection Attacks from Smart Meters

Occupancy information is one of the most important privacy issues of a home. Unfortunately, an attacker is able to detect occupancy from smart meter data. The current battery-based load hiding (BLH) methods cannot solve this problem. To thwart occupancy detection attacks, we propose a framework of battery-based schemes to prevent occupancy detection (BPOD). BPOD monitors the power consumption of a home and detects the occupancy in real time. According to the detection result, BPOD modifies those statistical metrics of power consumption, which highly correlate with the occupancy by charging or discharging a battery, creating a delusion that the home is always occupied. We evaluate BPOD in a simulation using several real-world smart meter datasets. Our experiment results show that BPOD effectively prevents the threshold-based and classifier-based occupancy detection attacks. Furthermore, BPOD is also able to prevent nonintrusive appliance load monitoring attacks (NILM) as a side-effect of thwarting detection attacks.

Performance Evaluation Model for Application Layer Firewalls

Application layer firewalls protect the trusted area network against information security risks. However, firewall performance may affect user experience. Therefore, performance analysis plays a significant role in the evaluation of application layer firewalls. This paper presents an analytic model of the application layer firewall, based on a system analysis to evaluate the capability of the firewall. In order to enable users to improve the performance of the application layer firewall with limited resources, resource allocation was evaluated to obtain the optimal resource allocation scheme in terms of throughput, delay, and packet loss rate. The proposed model employs the Erlangian queuing model to analyze the performance parameters of the system with regard to the three layers (network, transport, and application layers). Then, the analysis results of all the layers are combined to obtain the overall system performance indicators. A discrete event simulation method was used to evaluate the proposed model. Finally, limited service desk resources were allocated to obtain the values of the performance indicators under different resource allocation scenarios in order to determine the optimal allocation scheme. Under limited resource allocation, this scheme enables users to maximize the performance of the application layer firewall.

Mathematical Performance Evaluation Model for Mobile Network Firewall Based on Queuing

While mobile networks provide many opportunities for people, they face security problems huge enough that a firewall is essential. The firewall in mobile networks offers a secure intranet through which all traffic is handled and processed. Furthermore, due to the limited resources in mobile networks, the firewall execution can impact the quality of communication between the intranet and the Internet. In this paper, a performance evaluation mathematical model for firewall system of mobile networks is developed using queuing theory for a multihierarchy firewall with multiple concurrent services. In addition, the throughput and the package loss rate are employed as performance evaluation indicators, and discrete-event simulated experiments are conducted for further verification. Lastly, experimental results are compared to theoretically obtained values to identify a resource allocation scheme that provides optimal firewall performance and can offer a better quality of service (QoS) in mobile networks.

Identification of unknown operating system type of Internet of Things terminal device based on RIPPER

Due to the vast popularity of sensors, cloud computing, mobile computing, and intelligent devices, the Internet of Things has seen tremendous growth in recent years. Operating system type recognition is the core technology of network security assessment. Due to inherit security problems of Internet of Things such as the situation of risk and threat of information, the operating system recognition seeks research attention for Internet of Things network security. In view of the current identification method of active operating system, it is prone to be detected by intrusion detection system. The operating system identification technology based on transmission control protocol/Internet protocol fingerprint library is more complicated than to distinguish the operating system types of unknown fingerprints. In this work, a passive operating system identification method based on RIPPER model is proposed. Also, it is compared with the existing support vector machine and C45 decision tree classification algorithms. Experiments reveal that RIPPER-based algorithm has better recognition accuracy and recognition efficiency.

Two-Stage Mixed Queuing Model for Web Security Gateway Performance Evaluation

Web Security Gateway (WSG) is a new type of network security product that maintains the security of trusted networks. In this paper, a WSG model for evaluating WSG performance is presented. This paper advances discussion of previous studies on series services under multiple service windows. The proposed model consists of a two-stage queuing system. The first stage is a network layer simulation. The second stage is thus similar to a parallel hyper-Erlang distribution model. The results of a simulation test verified the feasibility and performance of the proposed model.

The Improved Variable Length Counting Bloom Filter Based on Buffer

In this paper, a variable-length counting Bloomfilter is studied for a variable-length-count Bloom filter(VLCBF) when configuring updates to the median groupfrequently-shifting. Our proposed improved VLCBF deleteseach hash value stored in the first buffer insertion. Only theauxiliary Bloom filter bit is modified accordingly until thebuffer is full when the group of digits updates a shift. Themethod reduces the number of bits set of shift operations toimprove the efficiency of its configuration updates. Theoperations processes of inserting, querying, and deleting in theimproved VLCBF are described in details, followed bycomparative experiments to illustrate the methods efficiencyand applicability.

A Web Security Data Detection Based on Group Scanning

After studying the current principle andarchitecture of antivirus gateway for Web security detection, we found that the conventional virus scan is based on filescanning, which takes significant processing time. Whenscanning big size files, it may often cause disconnection of filetransferring with a time-out error message prompted out. Tosolve the problem of slow file virus scan, we propose a newmethod in which a packet scanning is introduced instead oftraditional file scanning. This method can be used to processfile receiving and scanning in parallel. The experiment resultsprove that this method significantly improve the performanceof security detection speed.

A Routing Failure Node Detection Method of Wireless Sensors Based on Binary Encoding

According to wireless sensor network (WSN) nodes have unstable performance and are easy to lose effectiveness, a WSN routing failure node verification method, NEVM (Node-Encoding Verification Method), based on node encoding is proposed. The method encodes failure route node with binary encoding and generates more verification path, then sends verification packages to each path and generates a sequence of verification path value according to transmission of verification packages. At last, it calculates the code value of failure nodes. The results show that the method has low computational complexity and can detect the failure routing nodes quickly under the condition of finite energy, which provide help for repairing route quickly.