Tracing Technique for Blaster Attack

Blaster worm of 2003 is still persistent, the infection appears to have successfully transitioned to new hosts as the original systems are cleaned or shut off, suggesting that the Blaster worm, and other similar worms, will remain significant Internet threats for many years after their initial release. This paper is to propose technique on tracing the Blaster attack from various logs in different OSI layers based on fingerprint of Blaster attack on victim logs, attacker logs and IDS alert log. The researchers intended to do a preliminary investigation upon this particular attack so that it can be used for further research in alert correlation and computer forensic investigation

Detecting Compromised Nodes in Wireless Sensor Networks

While wireless sensor networks are proving to be a versatile tool, many of the applications in which they are utilized have sensitive data. Therefore, security is crucial in many of these applications. Once a sensor node has been compromised, the security of the network degrades quickly if measures are not taken to deal with this event. There have been many approaches researched to tackle the issue. In this thesis, an anomaly-based intrusion detection protocol is developed to detect compromised nodes in wireless sensor networks. The proposed protocol is implemented after the sensors are deployed into the environment in which they will be used. They will start to learn the normal behavior of each of their neighbors with whom they communicate. All legitimate sensor nodes have the same code running on them. A compromised node that is present in the network is assumed to have different code running on it in order to cause some form of damage to the network. These malicious nodes are detected when one of its neighboring nodes identifies its behavior as deviating from what is expected, or in other words an anomaly. The base station is then contacted to confirm whether the suspected node is in fact compromised. If the base station concludes that the node is compromised, the rest of the network will be informed, and the appropriate actions will be taken. One of the unique features of the algorithm is that it is not only capable of sustaining security in wireless sensor networks, but handling the computing restraints as well as other limitations characteristic of these systems. Extensive simulations are performed to verify the algorithm designed

Intrusion detection and response model for mobile ad hoc networks.

This dissertation presents a research whose objective is to design and develop an intrusion detection and response model for Mobile Ad hoc NETworks (MANET). Mobile ad hoc networks are infrastructure-free, pervasive and ubiquitous in nature, without any centralized authority. These unique MANET characteristics present several changes to secure them. The proposed security model is called the Intrusion Detection and Response for Mobile Ad hoc Networks (IDRMAN). The goal of the proposed model is to provide a security framework that will detect various attacks and take appropriate measures to control the attack automatically. This model is based on identifying critical system parameters of a MANET that are affected by various types of attacks, and continuously monitoring the values of these parameters to detect and respond to attacks. This dissertation explains the design and development of the detection framework and the response framework of the IDRMAN. The main aspects of the detection framework are data mining using CART to identify attack sensitive network parameters from the wealth of raw network data, statistical processing using six sigma to identify the thresholds for the attack sensitive parameters and quantification of the MANET node state through a measure called the Threat Index (TI) using fuzzy logic methodology. The main aspects of the response framework are intruder identification and intruder isolation through response action plans. The effectiveness of the detection and response framework is mathematically analyzed using probability techniques. The detection framework is also evaluated by performance comparison experiments with related models, and through performance evaluation experiments from scalability perspective. Performance metrics used for assessing the detection aspect of the proposed model are detection rate and false positive rate at different node mobility speed. Performance evaluation experiments for scalability are with respect to the size of the MANET, where more and more mobile nodes are added into the MANET at varied mobility speed. The results of both the mathematical analysis and the performance evaluation experiments demonstrate that the IDRMAN model is an effective and viable security model for MANET

Security in Distributed, Grid, Mobile, and Pervasive Computing

This book addresses the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security