A Service Level Agreement(SLA) is a legal contract between any two parties to ensure an adequate Quality of Service(Qo S). Most research on SLAs has concentrated on protecting the user data through encryption. However...A Service Level Agreement(SLA) is a legal contract between any two parties to ensure an adequate Quality of Service(Qo S). Most research on SLAs has concentrated on protecting the user data through encryption. However, these methods can not supervise a cloud service provider(CSP) directly. In order to address this problem, we propose a privacy-based SLA violation detection model for cloud computing based on Markov decision process theory. This model can recognize and regulate CSP's actions based on specific requirements of various users. Additionally, the model could make effective evaluation to the credibility of CSP, and can monitor events that user privacy is violated. Experiments and analysis indicate that the violation detection model can achieve good results in both the algorithm's convergence and prediction effect.展开更多
How to correctly acquire the appropriate features is a primary problem in network protocol recognition field.Aiming to avoid the trouble of artificially extracting features in traditional methods and improve recogniti...How to correctly acquire the appropriate features is a primary problem in network protocol recognition field.Aiming to avoid the trouble of artificially extracting features in traditional methods and improve recognition accuracy,a network protocol recognition method based on Convolutional Neural Network(CNN)is proposed.The method utilizes deep learning technique,and it processes network flows automatically.Firstly,normalization is performed on the intercepted network flows and they are mapped into two-dimensional matrix which will be used as the input of CNN.Then,an improved classification model named Ptr CNN is built,which can automatically extract the appropriate features of network protocols.Finally,the classification model is trained to recognize the network protocols.The proposed approach is compared with several machine learning methods.Experimental results show that the tailored CNN can not only improve protocol recognition accuracy but also ensure the fast convergence of classification model and reduce the classification time.展开更多
As the information technology rapidly develops,many network applications appear and their communication protocols are unknown.Although many protocol keyword recognition based protocol reverse engineering methods have ...As the information technology rapidly develops,many network applications appear and their communication protocols are unknown.Although many protocol keyword recognition based protocol reverse engineering methods have been proposed,most of the keyword recognition algorithms are time consuming.This paper firstly uses the traffic clustering method F-DBSCAN to cluster the unknown protocol traffic.Then an improved CFSM(Closed Frequent Sequence Mining)algorithm is used to mine closed frequent sequences from the messages and identify protocol keywords.Finally,CFGM(Closed Frequent Group Mining)algorithm is proposed to explore the parallel,sequential and hierarchical relations between the protocol keywords and obtain accurate protocol message formats.Experimental results show that the proposed protocol formats extraction method is better than Apriori algorithm and Sequence alignment algorithm in terms of time complexity and it can achieve high keyword recognition accuracy.Additionally,based on the relations between the keywords,the method can obtain accurate protocol formats.Compared with the protocol formats obtained from the existing methods,our protocol format can better grasp the overall structure of target protocols and the results perform better in the application of protocol reverse engineering such as fuzzing test.展开更多
Multicloud access control is important for resource sharing and security interoperability across different clouds,and heterogeneity of access control policy is an important challenge for cloud mashups.XACML is widely ...Multicloud access control is important for resource sharing and security interoperability across different clouds,and heterogeneity of access control policy is an important challenge for cloud mashups.XACML is widely used in distributed environment as a declaratively fine-grained,attribute-based access control policy language,but the policy integration of XACML lacks formal description and theory foundation.Multicloud Access Control Policy Integration Framework(MACPIF)is proposed in the paper,which consists of Attribute-based Policy Evaluation Model(ABPEM),Four-value Logic with Completeness(FLC)and Four-value Logic based Policy Integration Operators(FLPIOs).ABPEM evaluates access control policy and extends XACML decision to four-value.According to policy decision set and policy integration characteristics,we construct FLC and define FLPIOs including Intersection,Union,Difference,Implication and Equivalence.We prove that MACPIF can achieve policy monotonicity,functional completeness,canonical suitability and canonical completeness.Analysis results show that this framework can meet the requirements of policy integration in Multicloud.展开更多
基金supported in part by National Natural Science Foundation of China (NSFC) under Grant U1509219 and 2017YFB0802900
文摘A Service Level Agreement(SLA) is a legal contract between any two parties to ensure an adequate Quality of Service(Qo S). Most research on SLAs has concentrated on protecting the user data through encryption. However, these methods can not supervise a cloud service provider(CSP) directly. In order to address this problem, we propose a privacy-based SLA violation detection model for cloud computing based on Markov decision process theory. This model can recognize and regulate CSP's actions based on specific requirements of various users. Additionally, the model could make effective evaluation to the credibility of CSP, and can monitor events that user privacy is violated. Experiments and analysis indicate that the violation detection model can achieve good results in both the algorithm's convergence and prediction effect.
基金supported by the National Key R&D Program of China(2017YFB0802900).
文摘How to correctly acquire the appropriate features is a primary problem in network protocol recognition field.Aiming to avoid the trouble of artificially extracting features in traditional methods and improve recognition accuracy,a network protocol recognition method based on Convolutional Neural Network(CNN)is proposed.The method utilizes deep learning technique,and it processes network flows automatically.Firstly,normalization is performed on the intercepted network flows and they are mapped into two-dimensional matrix which will be used as the input of CNN.Then,an improved classification model named Ptr CNN is built,which can automatically extract the appropriate features of network protocols.Finally,the classification model is trained to recognize the network protocols.The proposed approach is compared with several machine learning methods.Experimental results show that the tailored CNN can not only improve protocol recognition accuracy but also ensure the fast convergence of classification model and reduce the classification time.
基金supported by the National Key R&D Subsidized Project with 2017YFB0802900.
文摘As the information technology rapidly develops,many network applications appear and their communication protocols are unknown.Although many protocol keyword recognition based protocol reverse engineering methods have been proposed,most of the keyword recognition algorithms are time consuming.This paper firstly uses the traffic clustering method F-DBSCAN to cluster the unknown protocol traffic.Then an improved CFSM(Closed Frequent Sequence Mining)algorithm is used to mine closed frequent sequences from the messages and identify protocol keywords.Finally,CFGM(Closed Frequent Group Mining)algorithm is proposed to explore the parallel,sequential and hierarchical relations between the protocol keywords and obtain accurate protocol message formats.Experimental results show that the proposed protocol formats extraction method is better than Apriori algorithm and Sequence alignment algorithm in terms of time complexity and it can achieve high keyword recognition accuracy.Additionally,based on the relations between the keywords,the method can obtain accurate protocol formats.Compared with the protocol formats obtained from the existing methods,our protocol format can better grasp the overall structure of target protocols and the results perform better in the application of protocol reverse engineering such as fuzzing test.
基金supported by National Key R&D Program of China (2017YFB0802900)NUPTSF (No. NY219004)
文摘Multicloud access control is important for resource sharing and security interoperability across different clouds,and heterogeneity of access control policy is an important challenge for cloud mashups.XACML is widely used in distributed environment as a declaratively fine-grained,attribute-based access control policy language,but the policy integration of XACML lacks formal description and theory foundation.Multicloud Access Control Policy Integration Framework(MACPIF)is proposed in the paper,which consists of Attribute-based Policy Evaluation Model(ABPEM),Four-value Logic with Completeness(FLC)and Four-value Logic based Policy Integration Operators(FLPIOs).ABPEM evaluates access control policy and extends XACML decision to four-value.According to policy decision set and policy integration characteristics,we construct FLC and define FLPIOs including Intersection,Union,Difference,Implication and Equivalence.We prove that MACPIF can achieve policy monotonicity,functional completeness,canonical suitability and canonical completeness.Analysis results show that this framework can meet the requirements of policy integration in Multicloud.