摘要
网络信息安全问题自网络诞生之初,就一直是一个困扰网络的建设者和使用者的难题。随着网络应用的不断普及,以及新兴网络技术的发展,网络信息安全已经越来越成为网络社会中的关键问题,成为网络研究的重点和热点。对于网络风险的科学认定、安全防护的原则制定以及安全防护的技术手段等方面展开了研究,将网络信息安全防护原则的确立和实施方法的研究看成一个完整的体系,提出的网络信息安全防护基本思想既源于实践又高于实践,对网络信息安全的防护实践具有指导意义。具体研究内容如下:
1.安全评估是网络信息安全防护的始点。对国内外网络信息风险评估的发展历程进行了细致剖析,指出传统评估理论在日新月异的网络时代所存在的欠缺,安全评估领域需要更科学的安全风险评估思想。
2.通过对当前网络安全风险评估和网络安全防护的深入研究,首次提出网络安全评估与实施中的“弹性闭合结构”和“无差异性标识未知因素”基本思想。
弹性闭合结构基本思想:从宏观上来看构成网络安全威胁的各个方面,是以安全防护对象为中心的一种环状闭合结构。随着时间和其他各种条件的变化,这些安全威胁在闭合的环状结构中的比例、影响程度是动态可变的;相应的,安全防护对策的制定和安全措施的部署必须与这种闭合的环状结构相适应,能够根据时间及其他条件的变化而弹性适应。安全的重点不仅仅局限于严格的防护,最终目标是避灾、减损。
无差异标识未知因素基本思想:在分析安全威胁的过程中,首先将所有既定的、潜在可能的、当前安全的各种威胁相关因素都统一视为“无差异标识未知因素”,并认为这些无差异标识未知因素在一定的环境和条件下其性质可在安全与非安全之间相互转化。
提出的“弹性闭合结构”以解决网络安全风险评估的范围认定问题,提出的“无差异标识未知因素”以解决风险威胁的对象认定问题,并确定了无差异标识未知因素转化为风险对象的判定原则与方法。网络安全防护不是简单的层次化,而是一个弹性的闭合结构,层次化必须建立在弹性闭合结构基础之上;确定威胁对象过程中,率先以“无差异标识未知因素”作为统一的考察对象,不强行划分风险要素与非风险要素,认为无差异标识未知因素随着时间、环境、对象的变化而动态转化,以未知因素从整体上构成环状闭合结构,不存在评估的盲区和误区。
同时阐明了预应式安全防护原则在安全防护上的前瞻性意义。研究了网络信息安全防护的周密性问题,将这种周密性建立在多层次弹性闭合结构的理论基础之上,提出的解决方案充分考虑到了安全策略制定过程中的潜在漏洞问题。在无差异标识未知因素思想的指导下,明确提出不要谈安全就追求“过度安全”,避免防护过当,从而避免在安全实践中不必要的资源浪费。
3.信息加密和纠错是保证信息安全的重要技术手段。当信息受各种干扰而出错时,如何纠正错误并正确译出原信息是纠错码理论研究的内容,而研究码或码字的结构是纠错码理论的一个重要研究方向。探讨了码的结构研究中的一个核心问题-码的各种重量分布,研究成果不仅给出了有限环Z_(p~k)上码字的广度两个递归算法,而且给出了环F_2+uF_2上长为2~s的(1+μ)-常循环码的结构,并利用这个结构,确定了环F_2+uF_2上长为2~s的(1+μ)-常循环码的Hamming距离、Lee距离、Euclidean距离的分布。这些研究结果对纠错码的译码有非常重要的意义。
4.对网络安全防护的实现方法开展了多方位的研究。基于多层次弹性闭合结构和无差异标识未知因素基本思想,并根据预应式和周密性原则,提出一系列技术手段和方法,并大量成功地应用于安全实践,从而佐证了弹性闭合结构和无差异标识未知因素理论的可行性。
网络安全风险评估的弹性闭合结构和无差异标识未知因素思想希望从根本上科学地解决了安全风险的范围认定和对象认定问题,通过对安全风险评估的科学化、系统化的分析,并在预应式周密性原则的基础上寻求相应的技术手段,从风险认定、对策制定、技术实施为三大层面形成了比较完善的网络安全防护理论体系。
The problem of network information security has been a thorny issue for network owners andusers since the birth of network. As network is more and more widely applied and newly-emergingnetwork technology develops, network information security has become the pivotal concern of thenetwork circle and drawn researchers' most attention. Quite a number of studies focus onconfirming, evaluating, assessing and preventing the network risk. Furthermore, the correspondingcriteria and technology protection measures become more and more diverse. However, the effect isstill not so satisfactory because of the uncertainty and complex of various factors affectingnetwork security,. Therefore, the paper explores a lot about making principles on scientificconfirmation, security protection and technologic measures. Viewing the study on making andimplementing principles of network information security protection as a whole system, the authorproposes a basic idea on network information security protection. The idea derives from real workbut surpasses practice, which is of great significance to guide the protection practice in realoperations. To be specific, the research this paper presents includes the following sections:
1. Security assessment is the starting point of network information security protection. Thepaper analyses the developmental process of network information risk assessment at home andabroad and points out that the object of risk assessment has varied from tangible assets tointangible assets. Defects exist in traditional assessment theories, so a more scientific idea aboutrisk assessment is badly needed.
2. The study finds out the ideas about multi-layer elastic closed structure andnon-discrepancy unknown factors in network risk assessment. The author has done studies onnetwork risk assessment from many perspectives and come up with multi-layer elastic closedstructure for the improved network risk assessment model to solve the problem of confirming therisk scope. The paper demonstrates that risk factors have a kind of closed structure rather than thesimple layer structure. Moreover, the object of this creative research is non-discrepancy unknownrisk factors. All unknown factors are not divided into safe or danger objects, and the factors haveto dynamically adjust with the change of time, environment, object and so forth In this way, sothat the idea of non-discrepancy unknown factors can tackle the problem of confirmation onnetwork risk objects and also it gives rise to principles and methods of turning non-discrepancyunknown factors into risk objects.
The paper also expounds principles of proaction security protection which is a new vision insecurity protection. Based on the thoroughness of the security protection which is guided by thetheory of multi-layer elastic closed structure, the paper proposes a technical plan which takes allvulnerabilities into consideration when designing security strategies. According tonon-discrepancy unknown factors, the author clearly presents the idea that "absolute security"should not be our target because in that situation overprotection would lead to the unnecessaryresource waste.
3. The Error-correcting coding theory is the theoretical bases of network informationsecurity. Researches on codes and the structure of codewords are fundamental for the theory oferror-correcting codes. For measuring the complexity of a codeword, the depth of a codeword isan important mathematical character. The paper defined the width of a codeword on the finite ringZ_p~k, pointed out that the width of a codeword was the generalization of the depth of a codewordand gave two recursive algorithms for computing the Width of codewords on the finite ring Z_p~k. The paper also study three kinds of distances of(1+u)-constacyclic codes of length 2~s overthe ring F_2+u F_2. The structure of(1+u)-constacyclic codes of length 2~s over F_2+u F_2 isobtained. Using the structure of such constacyclic codes, the distributions of the Hammingdistances, Lee distances and Euclidean distances of such constacyclic codes are determined. Theresearch results have important significance for error-correcting coding.
4. The paper researches on solutions to network information security protection fromdiverse aspects. On the basis of ideas on multi-layer elastic closed structure and non-discrepancyunknown factors, the author, according to principles of proaction and thoroughness, puts forward aseries of technological measures and methods which have already been successfully applied tosecurity practice in order to construct a improved security system about theories as well aspractice.
Scientifically speaking, ideas of multi-layer elastic closed structure and non-discrepancyunknown factors solve problems of confirmation on both scope and object. Furthermore,principles of proaction and thoroughness determine the direction and tendency of securityprotection principles. Through scientific and systematic analysis of risk assessment and on thebasis of corresponding technological measures, a better theoretical system of security protection isformed on three levels: confirming risks, making countermeasures and implementing technology.
引文
[ACS2007] G Acs,L Butty(?)n,I Vajda.The Security Proof of a Link-state Routing Protocol for Wireless Sensor Networks.Mobile Adhoc and Sensor Systems (MASS),2007 IEEE International Conference on,Pisa,Italy 2007.
[ADAM1999] Carlisle Adams,Steve Lloyd.Understanding the Public-Key Infrastructure: Concepts,Standards,and Deployment Considerations (Hardcover),Macmillan Technical Publishing, 1999.
[AKUJ2007] C M Akujuobi,N K Ampah.Enterprise network intrusion detection and prevention system (ENIDPS). SPIE vol.6538,Conference on Sensors,and Command,Control,Communications,and Intelligence (C3I) Technologies for Homeland Security and Homeland Defense Ⅵ,2007.
[ALAN2006] Alan Stevens.Check Point VPN-1 UTM Edge.Personal Computer World, Vol.29 No. 11,2006.
[ALLA2007] F Allard,Jean-Marie Bonnin.An application of the context transfer protocol: IPsec in a IPv6 mobility environment.Access Networks & Workshops,Second International Conference on,Ottawa,2007.
[ANA2006] Ana S(?)l(?)gean.Repeated-root Cyclic and Negacyclic Codes over Finite chain Rings.Discrete Applied Mathematies,vol. 154,pp.413-419,2006.
[ANDE1980] J P Anderson.Computer security threat monitoring and surveillance[R].Teehnical Report,Washington, 1980.
[ANDE1995] D Anderson,T frivold.A next generation intrusion-detection expert system.Technical report SRI-CSL,95-97,Computer science laboratory, 1995.
[ANDR2006] Andrew Conry-Murray.Rootkit Detection: Finding the Enemy Within.Network Computing,2006,17 (24).
[ATKI2007] S Atkinson,C Johnson,A Phippen.Improving protection mechanisms by understanding online risk.Information Management & Computer Security,2007,15(5).
[BACH1997] C Bachoe.Applications of coding theory to the construction of modular Lattices,Combination Theory Series A, 1997,78(1).
[BARO2004] S Baroudi,H Ziade,B Mounla.Are we really protected against hackers? Proceedings on 2004 International Conference on Information and Communication Technologies: From Theory to Applications,ICTTA 2004.
[BARR1986] Bruce B Barrow.National security emergency preparedness implications for network management.Proceedings of the National Electronics Conference,v 40,n pt 1,pp.585,1986.
[BELL1973] David E.Bell and Leonard J.LaPadula.Secure Computer Systems: Mathematical Foundations.ESD-TR-73-278,Vol.I,AD 770 768,Electronic Systems Division,Air Force Systems Command,Hanscom Air Force Base,Bedford,MA,USA,Nov 1973.
[BONN1999] A Bonnecaze,P Udaya.Cyclic Codes and self-dual Codes over F2+uF2,IEEE Trans.Inform.Thory, vol.45(4), 1999.
[BOSE2008] S Bose,A Kannan.Detecting Denial of Service Attacks using Cross Layer based Intrusion Detection System in Wireless Ad Hoc Networks.Communication and Networking International Conference on,Chennai,India 2008.
[BRIA1998] Lionel C Briand,Khaled E1 Emam,Frank Bomarius.COBRA: a hybrid method for software cost estimation,benchmarking,and risk assessment.Proc.of the 20th Int'l Conf.on Software Engineering,1998.
[CARA2006] CARA GARRETSON.Antiphishing efforts try to keep pace.Network World,2006,23 (39).
[CHAU2006] Chau Jacqui. Application security-it all starts from here.Computer Fraud and Seeurity, v 2006,n 6,2006.
[CHEN2005] 陈涛,王福豹,肖琳.基于工作组的IPsee安全策略系统研究与实现,计算机应用,25(11),2005.
[CHEN2006] 陈秀真,郑庆华,管晓宏,林晨光.层次化网络安全威胁态势量化评估方法.软件学报.2006,4(17):885-897.
[CHEN2006a] Chen Tzer-Shyong,Jeng Fuh-Gwo,Liu Yu-Chia.Hacking tricks toward security on network environments.Seventh International Conference on Parallel and Distributed Computing,Applications and Technologies,PDCAT 2006,pp.4.42-447,2006,.
[CHOU2004] A R Choudhary, J Odubiyi.Context-based adaptive control in autonomous systems.Information Assurance Workshop,2004.Proceedings from the Fifth Annual IEEE SMC,2004.
[CHRI2004] Christopher D Leidigh.The TCP/IP Protocols: An Introduction.2004 Embedded Systems Conference (Boston),2004.
[COLL2007] M.Patrick Collins,Timothy J.Shimeall,Sidney Faber.Using Uncleanliness to Predict Future Botnet Addresses.IMC'07 Proceedings of the 2007 ACM SIGCOMM Internet Measurement Conference,2007.
[CROS1995] Mark Crosbic.defending a computer system use autonomous agents [R],CSD-TR-95-022,Department of computer seiences,Purduc University, 1995.
[CRUZ2008] Cruz JM.Dynamics of supply chain networks with corporate social responsibility through integrated environmental decision-making.European Journal of Operational Research,2008,vol. 184(3).
[DENG2007a] 邓林,余刘琅,韩江洪.基于文件操作阻断的系统安全加固防护技术.计算机工程,2007,33(15).
[DENG2007b] 邓林,余刘琅,韩江洪.网络干扰性信息对通信效率的影响分析.计算机工程,2007,33(17).
[DENG2007c] 邓林.网络设备的综合防病毒技术研究.仪器仪表学报,2007,28(8).
[DENG2008a] 邓林,余刘琅,韩江洪.基于多核MIPS64安全处理芯片的高性能安全网关.微电子学与计算机,2008,25(2)
[DENG2008b] 邓林,余刘琅,王军,韩江洪.入侵攻击的防火墙无关性研究.计算机应用研究,2008,25(5).
[DENG2008c] 邓林,余刘琅,韩江洪.基于入侵容忍原理的服务器防护技术.微电子学与计算机,2008,25(6).
[DENG2008d] 邓林,张道福,朱士信.环Zpk上码字广度的递归算法.中国科学技术大学学报,2008,38(9).
[DENG2008e] 邓林,朱士信,韩江洪.环F2+U F2上长为2S的(1+u)-常循环码的距离分布.中国科学技术大学学报,2008,38(10).
[DENN1987] Dorothy E Denning.An intrusion detection model [I] IEEE transaction on software engineering, 1987,2.
[DHAM2005] Rachna Dhamija,J D Tygar.Phish and HIPs: Human Interactive Proofs to Detect Phishing Attacks.In Human Interactive Proofs: Second International Workshop.http://www.sims.berkeley.edu/-rachna/papers/phish_and_hips.pdf,2005.
[DING2001] 丁岳伟,高文兰,网络安全中流量分析的算法[J],微计算机应用,22(1):10-14,2001.
[DON2006] Don Macvittie.Probing Questions.Network Computing, Vol. 17 No.20,2006.
[DOUG1999] S T Dougherty, P.Gaborit,M.Harada.Type Ⅱ codes over, IEEE Trans.Inform.Thory,vol.45 ,No. 1, pp. 32-45 ,January, 1999.
[DUNN2003] W R Dunn.Designing safety-critical computer systems.Computer,Vol.36 No. 11,2003.
[EDDA2006] Ahmed EDDAOUI,Abdellatif MEZRIOUI.Defeat the Network Attack by using Active Networks approach.2nd International Conference on Information and Communication Technologies,vol. 1,2006.
[ETZI1997] T Etzion.The depth distribution-a new characterization for linear codes[J].IEEE Trans InformTheory,1997,43 (4): 1361-1363.
[FADI2006] Fadi Saibi,Jing-fan Zhang.将PCI Express数字IP核心整合于千兆以太网控制器.电子与电脑.8:107-109,2006.
[FAIS2005] Ulrich Faisst,O Prokein.An optimization model for the management of security risks in banking companies.E-Commerce Technology,2005.CEC 2005.Seventh IEEE International Conference on E-Commerce Technology.
[FENG2001] 冯登国等著.计算机通信网络安全.清华大学出版社,2001.
[FRIE2007] Allan Friedman.Good neighbors can make good fences: a peer-to-peer user security system. IEEE Technology and Society Magazine,Vol.26 No. 1,2007.
[GARV2002] Will Garvin.Internet security: safeguarding your IT investment.Valve magazine,vol. 14,no.3,2002.
[GUO2006] 郭庆北,张华忠,丁秀明.基于用户可信度的误用入侵检测系统的研究[J].计算机应用,26(5):1082,2006.
[HE2006] 何申,张四海,王煦法,马建辉,曹先彬.网络脚本病毒的统计分析方法.计算机学报.2006,6(29):969-975.
[HEAS2006] John Heasman.Rootkit threats.Network Security,Vol. 1,2006.
[HERB1990] L T Heberlein,G V.Dias,K N Levitt.A network security monitor[C].proceeding of the 1990 IEEE symposium on research in security and privacy, 1990.
[HOOP2006] Emmanuel Hooper.Intelligent infrastructure security architecture,response and management system using firewalls and adaptive policies.Fourth IASTED International Conference on Communications,Interact,and Information Technology-CIIT,2006.
[HORT2007] William S Hortos.Cross-layer design for intrusion detection and data security in wireless ad hoe sensor networks.Next-Generation Communication and Sensor Networks 2007 : Proceedings of SPIE,v.6773,2007.
[HU2006] 胡思康,曹元大.Web网页知识获取技术.北京理工大学学报,12(26):1066-1068,2006.
[HU2007] Hu Wei,Li Jianhua,Jiang Xinghao,Zhang Yueguo,Chen Xiuzhen.A hierarchical algorithm for cyberspace situational awareness based on analytic hierarchy process.High Technology Letters,Vol. 13,No.3,2007.
[HUNT2003] Ray Hunt, Theuns Verwoerd.Reactive firewalls-a new technique.Computer Communications, vol.26 issue 12,2003.
[INGA2008] Jeffrey A.Ingalsbe,Louis Kunimatsu,Tim Baeten,Nancy R.Mead.Threat Modeling: Diving into the Deep End.IEEE Software,Vol.25,No. 1,2008.
[ISO1987] ISO 8372:信息处理-64位块加密算法的操作方式,1987.
[ISO2005] Information Technology-Security techniques-Code of practice for information security management,in ISO/IEC 17799.2005.
[JAME2006] A JAMES.UTM thwarts blended attacks.Network World, Vol.23 No.38,2006.
[JEFF2007] Jeff Hughes.Demystifying the rootldt.Net,No. 161,2007.
[JESU2006] Jesus Leonardo Garcia Rojas.The Integral Risk Management Process.0th World Multi-Conference on Systems,Cybernetics and hformatics (WMSCI 2006),jointly with the 12th International Conference on Information Systems Analysis and Synthesis (ISAS 2006),vol.Ⅵ,2006.
[J12002] 季庆光,唐柳英.《结构化保护级》安全操作系统安全策略模型[R].北京:中科院信息安全技术工程研究中心,2002.
[JOEL2007] JOEL SNYDER.Check Point's UTM mgmt falters,Cisco,Juniper gain ground.Network World,Vol.24 No.44,2007.
[JULK2001] H Julkunen,C E Chow.Enhance network security with dynamic packet filter.Computer Communications and Networks,Proceedings.7th International Conference on,pp.268 -275,2001.
[KANU2007] Saurangshu Kanunjna.F-Secure Internet Security 2007.PC Quest,Vol.3,2007.
[KBAR2007] Ghassan Kbar,Wathiq Mansoor.Securing the Wireless LANs that is based on Distributed Resource Management against internal attacks.Innovations in Information Technologies,2007,Dubai,United Arab Ernirates Innovations in Information Technologies,2007.
[KIM2007] TaeYeon Kim,HeeMan Park,HyungHyo Lee.A Secure Pairwise Key Establishment Scheme in Wireless Ad Hoe Networks. Ubiquitous intelligence and computing : Lecture notes in computer science,2007.
[KOTU2004] Andrew G Kotulic,Jan Guynes Clark.Why there aren't more information security research studies.Information & Management,Vol.41 No.5,2004.
[KRIS2006] D Krishna Sandeep Reddy, Subrat Kumar Dash,Arun K Pujari.New Malicious Code Detection Using Variable Length n-grams.International Conference on Information Systems Security(ICISS 2006),20061219-21,Kolkata(IN) Information Systems Security, Lecture Notes in Computer Science,2006.
[LEON2007] Leonardo Duenas-Osorio,I James Craig,Barry J Goodno.Interdependent Response of Networked Systems.Journal of Infrastructure Systems,Vol. 13,No.3,2007.
[LI2005] 李丹,吴建平,崔勇,徐恪.互联网名字空间结构及其解析服务研究.软件学报.2005,8(16):1445-1455.
[LI2007] Xiangyang Li,Charu Chandra.A knowledge integration framework for complex network management.Industrial Management & Data Systems,Vol. 107,No.8.,2007.
[LIAN2006] 梁军,汪厚祥,李娟.未来战争中的信息安全研究[J].舰船电子工程,5(26):9-11,2006.
[LIN2005] 林闯,汪洋,李泉林.网络安全的随机模型方法与评价技术.计算机学 报.2005,28(12):1943-1956.
[LIN2006] 林琛,李弼程,一种有效的垃圾邮件过滤新方法[J],计算机应用,26(8):1980-1982,2006.
[LINK2005] H E Link,W D Neumann.Clarifying obfuscation: improving the security of white-box DES.Information Technology Coding and Computing,2005.ITCC 2005.
[LIU1998] 刘渊,乐红兵等.因特网防火堵技术.机械工业出版社,1998.
[LIU2007a] Liu Fong-Hao.Constructing Enterprise Information Network Security Risk Management Mechanism by Using Ontology.Advanced Information Networking and Applications Workshops,2007 21st IEEE International Conference on,Niagara Falls,Canada Advanced Information Networking and Applications Workshops.
[LIU200Tb] 刘慧婷,倪志伟,李建洋,刘政怡.基于交叉覆盖算法的时间序列模式匹配.计算机应用,27 (2):425-427,2007.
[LIU2007c] 刘元勋,徐秋亮,云晓春.面向入侵检测系统的通用应用层协议识别技术研究.山东大学学报(工学版),37(1):66-69,2007.
[LIU2008] 刘衍珩,田大新,余雪岗,王健.基于分布式学习的大规模网络入侵检测算法.软件学报.2008,4(19):993-1003.
[LONG2005] 龙银香.一种新的漏洞检测系统方案.微计算机信息(测控自动化),Vol21.5.228-229,2005.
[LORE2006] Loreen Marie,Butcher-Powell.Better Securing an Infrastructure for Telework.Journal of Cases on Information Technology, Vol.8 No.4,2006.
[LUNT1988] Teresa F Lunt,R jaganthan.IDES: The enhanced prototype.Technical report,SRI International,Computer Science Lab,October 1988.
[LUO2000] Luo Y,Fu F W,Wei K W.On the depth distribution of linear codes[J].IEEE Trans Inform Theory,2000,46 (6): 2197-2203.
[MAGL2006] I Maglogiannis,E Zafiropoulos,A Platis,C Lambrinoudakis.Risk analysis of a patient monitoring .system using Bayesian Network modeling.Journal of Biomedical Informatics,vol.39 no.6,2006.
[MCGR2006] Patrick McGregor,Richard Kaczmarek,Vernon Mosley, Dennis Dease.National security/emergency preparedness and the next-generation network.IEEE Communications Magazine,v 44,n 5,2006.
[MESS2006a] ELLEN MESSMER.All-in-one security devices face challenges.Network World,Vol.23,No.31,2006.
[MESS2006b] ELLEN MESSMER.Experts differ on rootkit detection and removal.Network World Vol.23 No.33,2006.
[MING2001] 鸣润.网络黑客常用攻击手段.信息安全与通信保密,(10):1,2001.
[MITC1998] C J Mitchell.On integer-valued rational polynomials and depth distributions of binary codes[J].IEEE Trans Inform Theory, 1998,44(7): 3146-3150.
[MOOK2004] K K Mookhey,Nilesh Burghate.Detection of SQL Injection and Cross-site Scripting Attrack.2004 http://www.seeurityfocus.com/infocus/1768.
[MUKH1994] Biswanath Mukherjee,Todd herberlein,K N levitt.Network intrusion detection,IEEE network,26-41,1994.
[MUKO2007] Shinichi Mukosaka,Hideki Koike.integrated Visualization System for Monitoring Security in Large-Scale Local Area Network.6th International Asia-Pacific Symposium on Visualization (APVIS 2007),2007.
[NIKI2000] Andy Nikishin,Mike Pavluschik, Eugene Kaspersky.Threats of Macro-Viruses and Methods of Protection? Database and network journal,Vol.30 No.2,2000.
[ONEI1995] J.E ONeill.The role of ARPA in the development of the ARPANET,1961-1972.IEEE annals of the history of computing,Vol. 17,pp. 1058-6180,1995.
[ORTO1987] R L Orton.Telecommunications network and national security.Telecommunication Journal of Australia,v 37,n 1,pp.31-35,1987.
[OWEN2007] Michael Owen,Colin Dixon.A new baseline for cardholder security.Network Security, Vol.Jun,2007.
[PAN2006] 潘志红.Web环境下SQL Server的数据保护.北京联合大学学报(自然科学版),3(20):24-26,2006.
[PARK2005] Jaemin Park,Zeen Kim,Kwangjo Kim.State-based key management scheme for wireless sensor networks.Mobile Adhoc and Sensor Systems Conference,IEEE International Conference on,2005.
[QIAN2006] Jian-Fa Qian,Li-Na Zhang, Shi-xin Zhu, constacyelic and cyclic codes over,Applied Mathematics Letters,vol. 19,pp.820-823,2006.
[QIU2004] 邱卫东,陈燕,李洁萍,彭澄廉.一种实时异构嵌入式系统的任务调度算法.软件学报.2004,4(15):504-511.
[RACH2005] Rachna Dhamija,J D Tygar.Phish and HIPs: Human Interactive Proofs to Detect Phishing Attacks.Human interactive proofs : Lecture notes in computer science,3517,2005.
[RAMK2005] M.Ramkumar,N Memon.An efficient key predistribution scheme for ad hoe network security.IEEE Journal on Selected Areas in Communications,Vol.23,No.3,2005.
[RICH2007] Richard Bergmair, Stefan Katzenbeisser.Content-Aware Steganography: About Lazy Prisoners and Narrow-Minded Wardens.Information hiding : Lecture notes in computer science,4437,2007.
[ROY2006] Anindya Roy.ZyXEL ZyWALL 35 UTM Firewall.PC Quest,Vol.Apr,2006.
[ROY2007] Anindya Roy.20 Minutes and your own UTM is Ready.PC Quest,Vol.May,2007.
[RUHE2003] M Ruhe,R Jeffery, I Wieczorek.Cost estimation for web applications.Software Engineering,Proceedings.25th International Conference (ICSE03),2003.
[SALE2007] S Salekzamankhani,A Pakstas.Why we need a reference model for intrusion handling systems for Wireless LANs? Software,Telecommunications and Computer Networks,Softcom 2007-15th International Conference on, Split,Dubrovnik,Croatia.
[SAWY2006] John H Sawyer.Incident Response: Security Triage and Treatment.Network Computing,Vol. 17 No.25,2006.
[SEAN2007] Sean M.Condron.Getting It Right: Protecting American Critical Infrastructure in Cyberspace.Harvard Journal of Law and Technology, Vol.20,No.2,2007.
[SHAN2007] Bharanidharan Shanmugam,Norbik Bashah Idris.Improved hybrid intelligent intrusion detection system using AI technique.Neural Network World,Vol. 17,No.4,2007.
[SHI2001] 石文昌,孙玉芳,梁洪亮.经典BLP安全公理的一种适应性标记实施方法及其正确性[J].计算机研究与发展,11(38):1366-1371,2001.
[SHIN] Debra Littlejohn Shinder,Thomas W.Shinder.ISA Server 2004 Hardware Firewall Appliances.Windows IT Pro,Vol. 11 No.9,2005.
[STEV2000] W Richard Stevens.TCP/IP详解[M].范建华,青光辉,张涛译.北京:机械工业出版社pp.115-130.,2000.
[STEV2006] Mark Stevens.UTM: one-stop protection.Network Security,Vol.2,2006.
[SU2004] 苏贵洋,马颖华,李建华,一种基于内容的信息过滤改进模型[J],上海交通大学学报,38(12):2031-2034,2004.
[SUAM2004] Pitaya Suamsiri,Attaehai Jintrawet,Hayato Umekawa,Ryouei Ito,Takaharu Kameoka.A Web-based Information Delivery System for Appropriate Technology for Reduction of Agrochemical in Northern Thailand.Proceedings AFITA/WCCA2004,No.6,2004.
[THIB2003] Frank Thibodeaux,Zhu Hua Ning.TIGATING DEFECTIVE STRUCTURE IN URBAN TREES.Proceedings of the Society of American Foresters,2003.
[TONG2007] 童宏玺,朱士信.一种快速计算 上码字深度的算法[J].高校应用数学学报 A辑,2007,22(2):134-140.
[TORR2004] G.A Torrellas.A network security architectural approach for systems integrity using multi agent systems engineering.Parallel Architectures,Algorithms and Networks,2004.Proceedings.7th International Symposium on,2004.
[WANG2006] 王镓,刘海燕,荆京.无线传感器网络安全体系的构建.计算机研究与发展.2006,22(43):655-657.
[WANG2006a] Jian Wang,Huiqiang Wang,Guosheng Zhao.ERAS-an Emergency Response Algorithm for Survivability of Critical Services.Computer and Computational Scienees,2006.IMSCCS '06.First International Multi-Symposiums on Computer and Computational Sciences.
[WANG2006b] 王振海,王海峰.针对多态病毒的反病毒检测引擎的研究[J].微计算机信息,2006,22(27).
[WEI2006] 魏建平,魏强,吴灏,网页病毒防御系统的设计[J],计算机应用研究,2006,23(8).
[WEN2007] Wen Liang.Risk Management for Build-Operate-Transfer Infrastructure Projects in China.Wuhan International Conference on E-Buainess,Wuhan(CN) Management Challenges in a Global World vo1.Ⅲ,2007.
[WILB2004] Dave Wilby.Scan your computer for adware and spyware.Internet Magazine,Vol.Feb No.Issue 114,2004.
[WILL2003] Richard Williams.Performing a Successful Unix Audit.Computer Fraud & Security, 1361-3723,Vol.Aug,2003.
[WU2007] 武彬,张玉清,毛剑.信息安全风险管理系统的设计与实现.计算机工程.November,Vol.33,No.21,2007.
[XION2004] 熊乃学,杨燕.针对Telnet协议的入侵检测研究.华中师范大学学报(自然科学版),(2):161,2004.
[YAN2006] 颜仁仲,钟锡昌,张倪.一种自动检测内核级Rootkit并恢复系统的方法[J].计算机工程,10(32):77-79,2006.
[YE2003] Nong Ye,Ying-Cheng Lai,Toni Farley.Dependable Information Infrastructures as Complex Adaptive Systems.Systems Engineering,Vol.6,No.4,2003.
[YE2005] 叶步财,杨晨晖.基于RTAI可扩展的实时调度模型的研究与实现.厦门大学学报,44(z1),2005.
[YIN2005] 殷胤,李宝.标准模型下可证安全的加密密钥协商协议.软件学报. 2005.18(2):191-208.
[YU2006] 于顺治,王春露,薛一波,汪东升.一个基于Web的入侵检测系统设计与实现.计算机工程与设计,2006,21(27).
[YUAN2004] Yuan-ni Guo, Ren-fa Li.Design and Performance of Firewall System Based on Embedded Computing.2nd International Workshop on Grid and Cooperative Computing (GCC),2004.
[YU2007]
[YUAN2006] Xiaodong Yuan, Dajiong Yue.Software Vaccine Technique and Its Application in Early Virus Finding and Tracing.2006 International Conference on Security and Management (SAM'06),2006.
[YUE2001] 岳殿武,Shwedyk E.纠错码的深度分布在其周期分布研究中的应用[J].应用科学学报,2001,19(3):189-192..
[ZENG2003] 曾春;邢春晓;周立柱.基于内容过滤的个性化搜索算法.软件学报.2003,5(14):999-1004.
[ZHAN2006] 张宏,贺也平,石志国.基于周期时间限制的自主访问控制委托模型.计算机学报.2006,8(29):1427-1437.
[ZHU2005]朱士信.环Z4上线性循环码的深度谱[J].电子与信息学报,2005,27(10):1597-1599.
[ZHUG2007] 诸葛建伟,韩心慧,周勇林,叶志远,邹维.僵尸网络研究.软件学报.2007,28(12):8-13.