Yang Fang-chun

Deterministic packet marking based on the coordination of border gateways

Mainly aiming at tracing DoS and DDoS attack, the current IP traceback methods has not yet had a good scheme for tracing single packet attack; and most of them enable the marking routers to mark the packet independently, regardless of making the marking routers work together to improve the traceback performance. In view of these insufficiencies, we propose a traceback method named CDPM which is based on the coordination of border gateways. CDPM can identify the forged path information and adjust the marking strategy dynamically so as to reduce the impact on the network and trace different types of attacks (DoS, DDoS, single packet attack and so on). Finally, simulation results show that CDPM is able to reconstruct the attack path as well as own good feasibility and little influence on the end-to-end delay of IP packet.

Description Logic Modeling of Temporal Attribute-Based Access Control

In large-scale open systems like Internet, attribute based access control is more appropriate than some other access control mechanisms. A fragment of description logic can be used to represent and reason about policies of attribute-based access control, because with logic descriptions, policies have a clear syntax and semantics. Further more, with the description logic modeling, ABAC policies and subject attributes assertions are easy to be integrated with semantic Web language which is designed to facilitate the machine interpretability and interoperability in distributed environment. The description logic representation is flexible to hold broad scope of information about users and contexts. The temporal properties of access control are also specified in our model.

ARM-CPD: Detecting SYN flooding attack by traffic prediction

This paper proposed an ARM-CPD scheme that is a simple but fast and effective approach to detect SYN flooding attacks. Instead of managing all real time ongoing traffic on the network, ARM-CPD only monitors the SYN packet and use it to predict the SYN packet in the near future to detect the SYN flooding attacks. To get the prediction SYN traffic, the Autoregressive Integrated Moving Average Model (ARIMA) is proposed; and to make the detection method insensitive to site and access pattern, a non-parametric Cumulative Sum (CUSUM) algorithm is applied. The trace-driven simulations demonstrate that ARM-CPD can shorten the detection time of SYN flooding attack effectively.

A domain-oriented distributed vulnerability scanning mechanism

This paper introduces a new domain-oriented distributed vulnerability scanning mechanism based on the studies of other vulnerability scanning systems, which have difficulties on dealing with network crossing, interceptor crossing and bottleneck effect, etc. After giving some description about domain-oriented distributed architecture, this paper introduces a SOA-like service providing mode. Following introduction leads to a new hierarchical strategy scheduling model that solves the problems of distributed scheduling management. A comparing experiment on the new scanning prototype and a Centralized scanner called Nessus is given at the end of this paper. At last, it comes to the conclusion that this new domain-oriented distributed vulnerability scanning mechanism has great performance on timing and accuracy.

Service-based quantitative calculation of risk for NGN

Network risk assessment is an important method to monitor and forecast the security status of the network. The risk calculation is the key step and the result is the direct reference of the risk assessment. This paper prompts a service-based risk quantitative calculation method — SRQC of NGN. SRQC method includes a service-based layered risk calculation model, the quantitative process of assets, vulnerabilities and threats and the risk calculation. The calculation model centers on the services of NGN and considers the relationship of services. The new view makes the risk analysis closer to manager. It makes the result more valuable to refer and more objective compared with the qualitative calculation.

A heuristic chunk scheduling algorithm reducing delay for Mesh-Pull P2P live streaming

Many Mesh-Pull P2P live streaming systems deployed in Internet catch a large number of users during recent years. While they have high scalability and low cost, they suffer from bad delay performance. In this paper, we aim at reducing the delay caused by chunk scheduling for Mesh-Pull P2P live streaming in the environment of heterogeneous upload bandwidth, heterogeneous and dynamic propagation delays. And we quantify and model the delivery latency of chunk scheduling as an optimization problem by introducing the propagation delay(usually ignored) between peers to the design of chunk scheduling, and put forward a heuristic pull-based chunk scheduling algorithm. Through simulation, our algorithm can adapt to random variance of propagation delays and outperform the two classical Mesh-Pull chunk scheduling algorithms not only in delay performance but also in chunk loss ratio.

Optimization of hierarchical vulnerability assessment method

Network vulnerability assessment has carried out a certain degree of research work in relative field. The common method for vulnerability assessment is hierarchical asset vulnerability assessment, in which vulnerability value is fixed and the weight of service is subjective. Thus the accuracy of calculation depends on experience and judgment. In this paper, according to CVSS (Common Vulnerability Assessment System) theory, a method that takes environment factors into consideration is proposed for asset vulnerability assessment using information collected by vulnerability scanning tool. As an optimization of original method, this method is more accurate than original method.