僵尸网络(Botnet)是一种从传统恶意代码形态进化而来的新型攻击方式,为攻击者提供了隐匿、灵活且高效的一对多命令与控制信道(Command and Control channel,C&C)机制,可以控制大量僵尸主机实现信息窃取、分布式拒绝服务攻击和垃圾...僵尸网络(Botnet)是一种从传统恶意代码形态进化而来的新型攻击方式,为攻击者提供了隐匿、灵活且高效的一对多命令与控制信道(Command and Control channel,C&C)机制,可以控制大量僵尸主机实现信息窃取、分布式拒绝服务攻击和垃圾邮件发送等攻击目的。该文提出一种与僵尸网络结构和C&C协议无关,不需要分析数据包的特征负载的僵尸网络检测方法。该方法首先使用预过滤规则对捕获的流量进行过滤,去掉与僵尸网络无关的流量;其次对过滤后的流量属性进行统计;接着使用基于X-means聚类的两步聚类算法对C&C信道的流量属性进行分析与聚类,从而达到对僵尸网络检测的目的。实验证明,该方法高效准确地把僵尸网络流量与其他正常网络流量区分,达到从实际网络中检测僵尸网络的要求,并且具有较低的误判率。展开更多
The subversive nature of information war lies not only in the information itself, but also in the circulation and application of information. It has always been a challenge to quantitatively analyze the function and e...The subversive nature of information war lies not only in the information itself, but also in the circulation and application of information. It has always been a challenge to quantitatively analyze the function and effect of information flow through command, control, communications, computer, kill, intelligence,surveillance, reconnaissance (C4KISR) system. In this work, we propose a framework of force of information influence and the methods for calculating the force of information influence between C4KISR nodes of sensing, intelligence processing,decision making and fire attack. Specifically, the basic concept of force of information influence between nodes in C4KISR system is formally proposed and its mathematical definition is provided. Then, based on the information entropy theory, the model of force of information influence between C4KISR system nodes is constructed. Finally, the simulation experiments have been performed under an air defense and attack scenario. The experimental results show that, with the proposed force of information influence framework, we can effectively evaluate the contribution of information circulation through different C4KISR system nodes to the corresponding tasks. Our framework of force of information influence can also serve as an effective tool for the design and dynamic reconfiguration of C4KISR system architecture.展开更多
[ Objectlve] Impulsive Logistic Model was used to simulate epidemic process of Gray Leaf Spots caused by C. zeae-maydi. [ Method] The pathogen was inoculated in different maize varieties, and the incidence were observ...[ Objectlve] Impulsive Logistic Model was used to simulate epidemic process of Gray Leaf Spots caused by C. zeae-maydi. [ Method] The pathogen was inoculated in different maize varieties, and the incidence were observed and recorded. Impulsive Logistic Model was used to simulate the development process of the disease, which was compared with actual incidence. [ Result] Artificial inoculation tests showed that impulsive Logistic Model could reflect time dynamic of C. zeae-maydi. Through derivation, exponential growth phase was from maize seedling emergence to eady July in each year, logistic phase was from early July to late August, terminal phase was from eady September to the end of maize growth stage. [ Conclusion] The derivation result from model was consistent with the development biological laws of C. zeae-maydi.展开更多
To analyze the behavioral model of the command,control,communication,computer,intelligence,surveillance,reconnaissance(C4ISR)architecture,we propose an executable modeling and analyzing approach to it.First,the meta c...To analyze the behavioral model of the command,control,communication,computer,intelligence,surveillance,reconnaissance(C4ISR)architecture,we propose an executable modeling and analyzing approach to it.First,the meta concept model of the C4ISR architecture is introduced.According to the meta concept model,we construct the executable meta models of the C4ISR architecture by extending the meta models of fUML.Then,we define the concrete syntax and executable activity algebra(EAA)semantics for executable models.The semantics functions are introduced to translating the syntax description of executable models into the item of EAA.To support the execution of models,we propose the executable rules which are the structural operational semantics of EAA.Finally,an area air defense of the C4ISR system is used to illustrate the feasibility of the approach.展开更多
New precisely cooperative attacks, such as the coordi- nated cross plane session termination (CXPST) attack, need thou- sands upon thousands machines to attack diverse selected links simultaneously with the given ra...New precisely cooperative attacks, such as the coordi- nated cross plane session termination (CXPST) attack, need thou- sands upon thousands machines to attack diverse selected links simultaneously with the given rate. However, almost all command and control(C&C) mechanisms only provide publishing one com- mand to the whole once, so-called one-to-all C&C model, and are not productive to support CXPST-alike attacks. In this paper, we present one-to-any C&C model on coordination among the unco- operative controlled nodes. As an instance of one-to-any C&C model, directional command publishing (DCP) mechanism lever- aging on Kademlia is provided with a range-mapping key creating algorithm for commands to compute the publishing range and a statistically stochastic node querying scheme to obtain the com- mands immediately. With theoretical analysis and simulation, it is indicated that one-to-any C&C model fits for precisely coordi- nated operation on uncooperative controlled nodes with least complexity, better accuracy and efficiency. Furthermore, DCP mechanism can support one-to-all command publishing at the same time. As an example of future C&C model, studying on one-to-any C&C model may help to promote the development of more efficient countermeasures.展开更多
为了统一描述军事电子信息系统(command control communication computers intelligence surveil-lance and reconnaissance,C4ISR)系统功能和效能两方面的需求,提出了一种基于统一建模语言/对象约束语言(unified modeling language/obj...为了统一描述军事电子信息系统(command control communication computers intelligence surveil-lance and reconnaissance,C4ISR)系统功能和效能两方面的需求,提出了一种基于统一建模语言/对象约束语言(unified modeling language/object constraint language,UML/OCL)的C4ISR效能概念建模和形式化验证方法。首先,利用效能相关概念扩展了DoDAF 2.0能力元模型,构建一个能够同时引导C4ISR能力的功能分析和效能分析的元模型;将该元模型描述为UML Profile,形成一种基于UML的C4ISR效能概念建模语言,并支持C4ISR效能概念模型检验;最后借助一个假想案例分析说明了该建模语言对C4ISR能力的功能和效能概念建模及模型验证的能力。该方法可弥补UML建模技术在特定领域效能分析方面的不足。展开更多
文摘僵尸网络(Botnet)是一种从传统恶意代码形态进化而来的新型攻击方式,为攻击者提供了隐匿、灵活且高效的一对多命令与控制信道(Command and Control channel,C&C)机制,可以控制大量僵尸主机实现信息窃取、分布式拒绝服务攻击和垃圾邮件发送等攻击目的。该文提出一种与僵尸网络结构和C&C协议无关,不需要分析数据包的特征负载的僵尸网络检测方法。该方法首先使用预过滤规则对捕获的流量进行过滤,去掉与僵尸网络无关的流量;其次对过滤后的流量属性进行统计;接着使用基于X-means聚类的两步聚类算法对C&C信道的流量属性进行分析与聚类,从而达到对僵尸网络检测的目的。实验证明,该方法高效准确地把僵尸网络流量与其他正常网络流量区分,达到从实际网络中检测僵尸网络的要求,并且具有较低的误判率。
基金supported by the Natural Science Foundation Research Plan of Shanxi Province (2023JCQN0728)。
文摘The subversive nature of information war lies not only in the information itself, but also in the circulation and application of information. It has always been a challenge to quantitatively analyze the function and effect of information flow through command, control, communications, computer, kill, intelligence,surveillance, reconnaissance (C4KISR) system. In this work, we propose a framework of force of information influence and the methods for calculating the force of information influence between C4KISR nodes of sensing, intelligence processing,decision making and fire attack. Specifically, the basic concept of force of information influence between nodes in C4KISR system is formally proposed and its mathematical definition is provided. Then, based on the information entropy theory, the model of force of information influence between C4KISR system nodes is constructed. Finally, the simulation experiments have been performed under an air defense and attack scenario. The experimental results show that, with the proposed force of information influence framework, we can effectively evaluate the contribution of information circulation through different C4KISR system nodes to the corresponding tasks. Our framework of force of information influence can also serve as an effective tool for the design and dynamic reconfiguration of C4KISR system architecture.
基金Supported by Doctoral Fundation of Liaoning Province(20081064)Liaoning BaiQianWan Talents Program(2009921072)Ministry of Agriculture,National Research Subject(2004BA520A11)~~
文摘[ Objectlve] Impulsive Logistic Model was used to simulate epidemic process of Gray Leaf Spots caused by C. zeae-maydi. [ Method] The pathogen was inoculated in different maize varieties, and the incidence were observed and recorded. Impulsive Logistic Model was used to simulate the development process of the disease, which was compared with actual incidence. [ Result] Artificial inoculation tests showed that impulsive Logistic Model could reflect time dynamic of C. zeae-maydi. Through derivation, exponential growth phase was from maize seedling emergence to eady July in each year, logistic phase was from early July to late August, terminal phase was from eady September to the end of maize growth stage. [ Conclusion] The derivation result from model was consistent with the development biological laws of C. zeae-maydi.
文摘To analyze the behavioral model of the command,control,communication,computer,intelligence,surveillance,reconnaissance(C4ISR)architecture,we propose an executable modeling and analyzing approach to it.First,the meta concept model of the C4ISR architecture is introduced.According to the meta concept model,we construct the executable meta models of the C4ISR architecture by extending the meta models of fUML.Then,we define the concrete syntax and executable activity algebra(EAA)semantics for executable models.The semantics functions are introduced to translating the syntax description of executable models into the item of EAA.To support the execution of models,we propose the executable rules which are the structural operational semantics of EAA.Finally,an area air defense of the C4ISR system is used to illustrate the feasibility of the approach.
基金Supported by the National Natural Science Foundation of China(61402526,61502528)
文摘New precisely cooperative attacks, such as the coordi- nated cross plane session termination (CXPST) attack, need thou- sands upon thousands machines to attack diverse selected links simultaneously with the given rate. However, almost all command and control(C&C) mechanisms only provide publishing one com- mand to the whole once, so-called one-to-all C&C model, and are not productive to support CXPST-alike attacks. In this paper, we present one-to-any C&C model on coordination among the unco- operative controlled nodes. As an instance of one-to-any C&C model, directional command publishing (DCP) mechanism lever- aging on Kademlia is provided with a range-mapping key creating algorithm for commands to compute the publishing range and a statistically stochastic node querying scheme to obtain the com- mands immediately. With theoretical analysis and simulation, it is indicated that one-to-any C&C model fits for precisely coordi- nated operation on uncooperative controlled nodes with least complexity, better accuracy and efficiency. Furthermore, DCP mechanism can support one-to-all command publishing at the same time. As an example of future C&C model, studying on one-to-any C&C model may help to promote the development of more efficient countermeasures.
文摘为了统一描述军事电子信息系统(command control communication computers intelligence surveil-lance and reconnaissance,C4ISR)系统功能和效能两方面的需求,提出了一种基于统一建模语言/对象约束语言(unified modeling language/object constraint language,UML/OCL)的C4ISR效能概念建模和形式化验证方法。首先,利用效能相关概念扩展了DoDAF 2.0能力元模型,构建一个能够同时引导C4ISR能力的功能分析和效能分析的元模型;将该元模型描述为UML Profile,形成一种基于UML的C4ISR效能概念建模语言,并支持C4ISR效能概念模型检验;最后借助一个假想案例分析说明了该建模语言对C4ISR能力的功能和效能概念建模及模型验证的能力。该方法可弥补UML建模技术在特定领域效能分析方面的不足。