15 research outputs found

    A Comprehensive Review on Adaptability of Network Forensics Frameworks for Mobile Cloud Computing

    Get PDF
    Network forensics enables investigation and identification of network attacks through the retrieved digital content. The proliferation of smartphones and the cost-effective universal data access through cloud has made Mobile Cloud Computing (MCC) a congenital target for network attacks. However, confines in carrying out forensics in MCC is interrelated with the autonomous cloud hosting companies and their policies for restricted access to the digital content in the back-end cloud platforms. It implies that existing Network Forensic Frameworks (NFFs) have limited impact in the MCC paradigm. To this end, we qualitatively analyze the adaptability of existing NFFs when applied to the MCC. Explicitly, the fundamental mechanisms of NFFs are highlighted and then analyzed using the most relevant parameters. A classification is proposed to help understand the anatomy of existing NFFs. Subsequently, a comparison is given that explores the functional similarities and deviations among NFFs. The paper concludes by discussing research challenges for progressive network forensics in MCC

    A Comprehensive Review on Adaptability of Network Forensics Frameworks for Mobile Cloud Computing

    Get PDF
    Network forensics enables investigation and identification of network attacks through the retrieved digital content. The proliferation of smartphones and the cost-effective universal data access through cloud has made Mobile Cloud Computing (MCC) a congenital target for network attacks. However, confines in carrying out forensics in MCC is interrelated with the autonomous cloud hosting companies and their policies for restricted access to the digital content in the back-end cloud platforms. It implies that existing Network Forensic Frameworks (NFFs) have limited impact in the MCC paradigm. To this end, we qualitatively analyze the adaptability of existing NFFs when applied to the MCC. Explicitly, the fundamental mechanisms of NFFs are highlighted and then analyzed using the most relevant parameters. A classification is proposed to help understand the anatomy of existing NFFs. Subsequently, a comparison is given that explores the functional similarities and deviations among NFFs. The paper concludes by discussing research challenges for progressive network forensics in MCC

    Flow-oriented anomaly-based detection of denial of service attacks with flow-control-assisted mitigation

    Get PDF
    Flooding-based distributed denial-of-service (DDoS) attacks present a serious and major threat to the targeted enterprises and hosts. Current protection technologies are still largely inadequate in mitigating such attacks, especially if they are large-scale. In this doctoral dissertation, the Computer Network Management and Control System (CNMCS) is proposed and investigated; it consists of the Flow-based Network Intrusion Detection System (FNIDS), the Flow-based Congestion Control (FCC) System, and the Server Bandwidth Management System (SBMS). These components form a composite defense system intended to protect against DDoS flooding attacks. The system as a whole adopts a flow-oriented and anomaly-based approach to the detection of these attacks, as well as a control-theoretic approach to adjust the flow rate of every link to sustain the high priority flow-rates at their desired level. The results showed that the misclassification rates of FNIDS are low, less than 0.1%, for the investigated DDOS attacks, while the fine-grained service differentiation and resource isolation provided within the FCC comprise a novel and powerful built-in protection mechanism that helps mitigate DDoS attacks

    Router-based network traffic observation by terminal sliding mode control theory

    Get PDF
    Since the early days of the Internet, network traffic monitoring (NTM) has always played a strategic role in understanding and characterizing users’ activities. Nowadays, with the increased complexity of the Internet infrastructure, applications, and services, this role has become more crucial than ever. The aims of NTM are mainly focused on the three improvements, which include the quality of service (QoS) of the network, optimization of resource usage, and enhancement of security in computer networks. Specifically speaking, firstly, network conditions can be recognized by the network manager with NTM scheme. It provides the complete details about the QoS of networks, such as bandwidth, throughput, propagation delay, link availability, jitter, server memory, database space and etc. Secondly, with NTM being implemented at network nodes, i.e., network gateways, such as routers, or network links, the network traffic that is traversing the network is under online observation. Thereby, the network utilization can be improved by optimizing the resource usage to avoid the network congestions. Thirdly, unauthenticated service or approaches to the server will be identified by regularly monitoring the traffic. The network convention and statistics about the traffic will be known easily which helps to troubleshoot the network. Security events will also be investigated and the entry of the user will be maintained for responsibility. The work in this thesis focuses on the development of an intelligent real-time dynamic router-based network traffic observation (RNTO) by using the terminal sliding-mode theory. The RNTO technique is applied at network gateways, i.e., routers, to estimate the status of the traffic flows at the router level. The aims of the proposed RNTO technique is to estimate the traffic states, such as queue length (QL)in router buffer, average congestion window size (ACwnd), and the queuing dynamics of the additional traffic flows (ATF). The main contributions of the work can be broadly categorized into four parts. First, the problem of router-based network traffic monitoring is formulated as an observer design by using TSM theory for RNTO applications. The proposed TSM observer in the research is a network-based monitoring, which is implemented into the network gateways, i.e., network routers. Different from the static network traffic monitoring methods, the TSM observer is designed by using control methods based on the fluid-flow mathematical model, which represents the traffic dynamics of the interactions in a set of TCP traffic flows through network routers. By considering the time delay and stochastic properties in the data transmission network, the sliding-mode observation strategy is proposed with its high robustness with system parameter uncertainties as well as the external disturbance rejection. Given the natural weakness of chattering in sliding mode control signal, which can affect the system state, the chattering avoiding technique of the proposed TSM observation was utilized by using a smooth control signal for estimating the abnormal dynamics. It does not need any low-pass filler, which will lead to a phase leg. In addition, for the stochastic dynamics of the network traffics, fast transient convergence at a distance from and within a close range of the equilibrium of the traffic dynamics is essential to quickly capture traffic dynamics in network systems. Thus, a fractional term has been considered in the TSM for faster convergence in system states to efficiently estimate the traffic behaviors. Second, the issue of internal dynamics in network observation system is studied by proposing a novel full-order TSM strategy to speed up the convergence rate of the estimation error. In the RNTO scheme, the precise estimation for ACwnd is needed to estimate the queuing dynamics of ATF. However, the estimation error for ACwnd is not available and it converges to origin asymptotically, which results in a long response time in estimation. The proposed novel TSM observer has been designed to drive the estimation error for ACwnd to a defined known area in the finite-time, which can be calculated. Thereby, the estimation error of ACwnd can converge to origin asymptotically within the defined area. This strategy has shortened the response time and improves the estimation accuracy. This further improves the estimation accuracy for ATF. The comparative studies are conducted to evaluate the performance. Third, the issue of algorithm-efficient RNTO is investigated by considering an event triggered sliding-mode observer to reduce the computational load and the communication burden. Instead of the time-driven observation scheme, the control of the sliding mode observer is formulated under the event triggered scheme. The control of the observer is designed to be smooth and is directly applied to estimate the dynamics of the additional traffic flows. The event triggered observation algorithms is developed to reduce the computational load of the network router and the communication resource of output link in the network. Fourth, the problem of global RNTO is addressed by developing a fuzzy TSM observer by using fuzzy theory to achieve global operation under network uncertainties. The existing RNTO schemes are based on the linearization of a certain network conditions, i.e., a fixed number of TCP connections, which is a constant value N. Given the network suffers from time-varying fading, shadowing and interference and the data rate changes over time, the current methods proposed so far might not effectively and accurately monitor and estimate the traffic dynamics under network uncertainties. The T-S fuzzy models are used to model the traffic dynamics of the time-varying data changes in network link resources, i.e. the time-varying number of TCP sections, N(t) in a mathematical model. Based on the T-S fuzzy models, the fuzzy terminal sliding mode observer is established by using the fuzzy logic theory to estimate the states of the network traffic to achieve the global observation performance under the network uncertainties. In the fuzzy terminal sliding mode observer, the control signal is designed to be continuous for application of estimating the additional traffic flows without the low-pass filter. To evaluate the proposed RNTO technique, the networking simulator tool Network Simulator II (NS-II) has been used. The proposed RNTO algorithms are coded and implemented into network routers in NS-II. Numerous simulation scenarios are considered and performed. The comparative studies are also conducted by analyzing the NS-2 results. The results have demonstrated the effectiveness and efficiency of the proposed RNTO algorithms

    Bibliographical review on cyber attacks from a control oriented perspective

    Get PDF
    This paper presents a bibliographical review of definitions, classifications and applications concerning cyber attacks in networked control systems (NCSs) and cyber-physical systems (CPSs). This review tackles the topic from a control-oriented perspective, which is complementary to information or communication ones. After motivating the importance of developing new methods for attack detection and secure control, this review presents security objectives, attack modeling, and a characterization of considered attacks and threats presenting the detection mechanisms and remedial actions. In order to show the properties of each attack, as well as to provide some deeper insight into possible defense mechanisms, examples available in the literature are discussed. Finally, open research issues and paths are presented.Peer ReviewedPostprint (author's final draft

    Secure Data Management and Transmission Infrastructure for the Future Smart Grid

    Get PDF
    Power grid has played a crucial role since its inception in the Industrial Age. It has evolved from a wide network supplying energy for incorporated multiple areas to the largest cyber-physical system. Its security and reliability are crucial to any country’s economy and stability [1]. With the emergence of the new technologies and the growing pressure of the global warming, the aging power grid can no longer meet the requirements of the modern industry, which leads to the proposal of ‘smart grid’. In smart grid, both electricity and control information communicate in a massively distributed power network. It is essential for smart grid to deliver real-time data by communication network. By using smart meter, AMI can measure energy consumption, monitor loads, collect data and forward information to collectors. Smart grid is an intelligent network consists of many technologies in not only power but also information, telecommunications and control. The most famous structure of smart grid is the three-layer structure. It divides smart grid into three different layers, each layer has its own duty. All these three layers work together, providing us a smart grid that monitor and optimize the operations of all functional units from power generation to all the end-customers [2]. To enhance the security level of future smart grid, deploying a high secure level data transmission scheme on critical nodes is an effective and practical approach. A critical node is a communication node in a cyber-physical network which can be developed to meet certain requirements. It also has firewalls and capability of intrusion detection, so it is useful for a time-critical network system, in other words, it is suitable for future smart grid. The deployment of such a scheme can be tricky regarding to different network topologies. A simple and general way is to install it on every node in the network, that is to say all nodes in this network are critical nodes, but this way takes time, energy and money. Obviously, it is not the best way to do so. Thus, we propose a multi-objective evolutionary algorithm for the searching of critical nodes. A new scheme should be proposed for smart grid. Also, an optimal planning in power grid for embedding large system can effectively ensure every power station and substation to operate safely and detect anomalies in time. Using such a new method is a reliable method to meet increasing security challenges. The evolutionary frame helps in getting optimum without calculating the gradient of the objective function. In the meanwhile, a means of decomposition is useful for exploring solutions evenly in decision space. Furthermore, constraints handling technologies can place critical nodes on optimal locations so as to enhance system security even with several constraints of limited resources and/or hardware. The high-quality experimental results have validated the efficiency and applicability of the proposed approach. It has good reason to believe that the new algorithm has a promising space over the real-world multi-objective optimization problems extracted from power grid security domain. In this thesis, a cloud-based information infrastructure is proposed to deal with the big data storage and computation problems for the future smart grid, some challenges and limitations are addressed, and a new secure data management and transmission strategy regarding increasing security challenges of future smart grid are given as well

    Secure Data Management and Transmission Infrastructure for the Future Smart Grid

    Get PDF
    Power grid has played a crucial role since its inception in the Industrial Age. It has evolved from a wide network supplying energy for incorporated multiple areas to the largest cyber-physical system. Its security and reliability are crucial to any country’s economy and stability [1]. With the emergence of the new technologies and the growing pressure of the global warming, the aging power grid can no longer meet the requirements of the modern industry, which leads to the proposal of ‘smart grid’. In smart grid, both electricity and control information communicate in a massively distributed power network. It is essential for smart grid to deliver real-time data by communication network. By using smart meter, AMI can measure energy consumption, monitor loads, collect data and forward information to collectors. Smart grid is an intelligent network consists of many technologies in not only power but also information, telecommunications and control. The most famous structure of smart grid is the three-layer structure. It divides smart grid into three different layers, each layer has its own duty. All these three layers work together, providing us a smart grid that monitor and optimize the operations of all functional units from power generation to all the end-customers [2]. To enhance the security level of future smart grid, deploying a high secure level data transmission scheme on critical nodes is an effective and practical approach. A critical node is a communication node in a cyber-physical network which can be developed to meet certain requirements. It also has firewalls and capability of intrusion detection, so it is useful for a time-critical network system, in other words, it is suitable for future smart grid. The deployment of such a scheme can be tricky regarding to different network topologies. A simple and general way is to install it on every node in the network, that is to say all nodes in this network are critical nodes, but this way takes time, energy and money. Obviously, it is not the best way to do so. Thus, we propose a multi-objective evolutionary algorithm for the searching of critical nodes. A new scheme should be proposed for smart grid. Also, an optimal planning in power grid for embedding large system can effectively ensure every power station and substation to operate safely and detect anomalies in time. Using such a new method is a reliable method to meet increasing security challenges. The evolutionary frame helps in getting optimum without calculating the gradient of the objective function. In the meanwhile, a means of decomposition is useful for exploring solutions evenly in decision space. Furthermore, constraints handling technologies can place critical nodes on optimal locations so as to enhance system security even with several constraints of limited resources and/or hardware. The high-quality experimental results have validated the efficiency and applicability of the proposed approach. It has good reason to believe that the new algorithm has a promising space over the real-world multi-objective optimization problems extracted from power grid security domain. In this thesis, a cloud-based information infrastructure is proposed to deal with the big data storage and computation problems for the future smart grid, some challenges and limitations are addressed, and a new secure data management and transmission strategy regarding increasing security challenges of future smart grid are given as well

    The User Attribution Problem and the Challenge of Persistent Surveillance of User Activity in Complex Networks

    Get PDF
    In the context of telecommunication networks, the user attribution problem refers to the challenge faced in recognizing communication traffic as belonging to a given user when information needed to identify the user is missing. This is analogous to trying to recognize a nameless face in a crowd. This problem worsens as users move across many mobile networks (complex networks) owned and operated by different providers. The traditional approach of using the source IP address, which indicates where a packet comes from, does not work when used to identify mobile users. Recent efforts to address this problem by exclusively relying on web browsing behavior to identify users were limited to a small number of users (28 and 100 users). This was due to the inability of solutions to link up multiple user sessions together when they rely exclusively on the web sites visited by the user. This study has tackled this problem by utilizing behavior based identification while accounting for time and the sequential order of web visits by a user. Hierarchical Temporal Memories (HTM) were used to classify historical navigational patterns for different users. Each layer of an HTM contains variable order Markov chains of connected nodes which represent clusters of web sites visited in time order by the user (user sessions). HTM layers enable inference generalization by linking Markov chains within and across layers and thus allow matching longer sequences of visited web sites (multiple user sessions). This approach enables linking multiple user sessions together without the need for a tracking identifier such as the source IP address. Results are promising. HTMs can provide high levels of accuracy using synthetic data with 99% recall accuracy for up to 500 users and good levels of recall accuracy of 95 % and 87% for 5 and 10 users respectively when using cellular network data. This research confirmed that the presence of long tail web sites (rarely visited) among many repeated destinations can create unique differentiation. What was not anticipated prior to this research was the very high degree of repetitiveness of some web destinations found in real network data

    Applied Metaheuristic Computing

    Get PDF
    For decades, Applied Metaheuristic Computing (AMC) has been a prevailing optimization technique for tackling perplexing engineering and business problems, such as scheduling, routing, ordering, bin packing, assignment, facility layout planning, among others. This is partly because the classic exact methods are constrained with prior assumptions, and partly due to the heuristics being problem-dependent and lacking generalization. AMC, on the contrary, guides the course of low-level heuristics to search beyond the local optimality, which impairs the capability of traditional computation methods. This topic series has collected quality papers proposing cutting-edge methodology and innovative applications which drive the advances of AMC

    Discrete Event Simulations

    Get PDF
    Considered by many authors as a technique for modelling stochastic, dynamic and discretely evolving systems, this technique has gained widespread acceptance among the practitioners who want to represent and improve complex systems. Since DES is a technique applied in incredibly different areas, this book reflects many different points of view about DES, thus, all authors describe how it is understood and applied within their context of work, providing an extensive understanding of what DES is. It can be said that the name of the book itself reflects the plurality that these points of view represent. The book embraces a number of topics covering theory, methods and applications to a wide range of sectors and problem areas that have been categorised into five groups. As well as the previously explained variety of points of view concerning DES, there is one additional thing to remark about this book: its richness when talking about actual data or actual data based analysis. When most academic areas are lacking application cases, roughly the half part of the chapters included in this book deal with actual problems or at least are based on actual data. Thus, the editor firmly believes that this book will be interesting for both beginners and practitioners in the area of DES
    corecore