Shijie Zhou

Bio: Shijie Zhou is an academic researcher from University of Electronic Science and Technology of China. The author has contributed to research in topics: Network security & Security service. The author has an hindex of 3, co-authored 4 publications receiving 103 citations.

Honeypot: a supplemented active defense system for network security

Abstract: A honeypot is a supplemented active defense system for network security. It traps attacks, records intrusion information about tools and activities of the hacking process, and prevents attacks outbound the compromised system. Integrated with other security solutions, a honeypot can solve many traditional dilemmas. We expatiate key components of data capture and data control in a honeypot, and give a classification for honeypots according to security goals and application goals. We review the technical progress and security contribution of production honeypots and research honeypots. We present typical honeypot solutions and predict the technical trends of integration, virtualization and distribution for future honeypots.

Colored petri net based attack modeling

Abstract: Color Petri Net (CPN) based attack modeling approach is addressed. CPN based attack model is flexible enough to model Internet intrusion, including the static and dynamic features of the intrusion. The processes and rules of building CPN based attack model from attack tree are also presented. In order to evaluate the risk of intrusion, some cost elements are added to CPN based attack modeling. Experiences also show that it is easy to exploit CPN based attack modeling approach to provide the controlling functions.

Policy-Tree Based Proactive Defense Model for Network Security

Abstract: In-depth defense for network security offers promotion on robusticity and survivability of information system. It prevents attacker from damaging system even he has already broken through one or several but not all layers of the system. Proactive defense integrates in-depth defense and shows the activeness greatly in contrast with traditional defense. It predicts intrusion trend and obtains attacker’s information, dynamically evaluates and responds to intrusion. This reflects the counteracting property of security. Formally defined in Z language, policy-tree model for proactive defense is proposed in this paper. Moreover, completeness, correctness and consistency are analyzed. A completely building method, an abstract for correctness validating and an auto consistency checking method on security policy are designed. Policy-tree model gives theoretical and methodological support for proactive defense.

Distributing the Keys into P2P Network

Abstract: This paper concentrates on analyzing and discussing the basic secure service: key management (PKey). By adding a security service layer, PKey is carefully built on the base of a routing and location layer to simple the application development. According as the layered architecture of PKey, some key protocols of PKey, which include key producing, retrieving and transferring, are designed and analyzed in detail. Other important aspects of this new kind of distributed key management system are also addressed and analyzed.

Research on intrusion detection and response: a survey

Abstract: With recent advances in network based technology and increased dependability of our every day life on this technology, assuring reliable operation of network based systems is very important. During recent years, number of attacks on networks has dramatically increased and consequently interest in network intrusion detection has increased among the researchers. This paper provides a review on current trends in intrusion detection together with a study on technologies implemented by some researchers in this research area. Honey pots are effective detection tools to sense attacks such as port or email scanning activities in the network. Some features and applications of honey pots are explained in this paper.

System and Method for Analyzing Unauthorized Intrusion Into a Computer Network

Abstract: The method analyzes unauthorized intrusion into a computer network. Access is allowed through one or more open ports to one or more virtualized decoy operating systems running on a hypervisor operating system hosted on a decoy network device. This may be done by opening a port on one of the virtualized decoy operating systems. A network attack on the virtualized operating system is then intercepted by an introspection module running on the hypervisor operating system. The attack-identifying information is communicated through a private network interface channel and stored on a database server as forensic data. A signature-generation engine uses this forensic data to generate a signature of the attack. An intrusion prevention system then uses the attack signature to identify and prevent subsequent attacks. A web-based visualization interface facilitates configuration of the system and analysis of (and response to) forensic data generated by the introspection module and the signature generation engine, as well as that stored in the processing module's relational databases.

A Survey on Honeypot Software and Data Analysis.

Abstract: In this survey, we give an extensive overview on honeypots. This includes not only honeypot software but also methodologies to analyse honeypot data.

Darknet as a Source of Cyber Intelligence: Survey, Taxonomy, and Characterization

Abstract: Today, the Internet security community largely emphasizes cyberspace monitoring for the purpose of generating cyber intelligence. In this paper, we present a survey on darknet. The latter is an effective approach to observe Internet activities and cyber attacks via passive monitoring. We primarily define and characterize darknet and indicate its alternative names. We further list other trap-based monitoring systems and compare them to darknet. Moreover, in order to provide realistic measures and analysis of darknet information, we report case studies, namely, Conficker worm in 2008 and 2009, Sality SIP scan botnet in 2011, and the largest amplification attack in 2014. Finally, we provide a taxonomy in relation to darknet technologies and identify research gaps that are related to three main darknet categories: deployment, traffic analysis, and visualization. Darknet projects are found to monitor various cyber threat activities and are distributed in one third of the global Internet. We further identify that Honeyd is probably the most practical tool to implement darknet sensors, and future deployment of darknet will include mobile-based VOIP technology. In addition, as far as darknet analysis is considered, computer worms and scanning activities are found to be the most common threats that can be investigated throughout darknet; Code Red and Slammer/Sapphire are the most analyzed worms. Furthermore, our study uncovers various lacks in darknet research. For instance, less than 1% of the contributions tackled distributed reflection denial of service (DRDoS) amplification investigations, and at most 2% of research works pinpointed spoofing activities. Last but not least, our survey identifies specific darknet areas, such as IPv6 darknet, event monitoring, and game engine visualization methods that require a significantly greater amount of attention from the research community.