638 research outputs found
Bayesian Models Applied to Cyber Security Anomaly Detection Problems
Cyber security is an important concern for all individuals, organisations and governments globally. Cyber attacks have become more sophisticated, frequent and dangerous than ever, and traditional anomaly detection methods have been proved to be less effective when dealing with these new classes of cyber threats. In order to address this, both classical and Bayesian models offer a valid and innovative alternative to the traditional signature-based methods, motivating the increasing interest in statistical research that it has been observed in recent years. In this review, we provide a description of some typical cyber security challenges, typical types of data and statistical methods, paying special attention to Bayesian approaches for these problems
A closer look at Intrusion Detection System for web applications
Intrusion Detection System (IDS) is one of the security measures being used
as an additional defence mechanism to prevent the security breaches on web. It
has been well known methodology for detecting network-based attacks but still
immature in the domain of securing web application. The objective of the paper
is to thoroughly understand the design methodology of the detection system in
respect to web applications. In this paper, we discuss several specific aspects
of a web application in detail that makes challenging for a developer to build
an efficient web IDS. The paper also provides a comprehensive overview of the
existing detection systems exclusively designed to observe web traffic.
Furthermore, we identify various dimensions for comparing the IDS from
different perspectives based on their design and functionalities. We also
provide a conceptual framework of an IDS with prevention mechanism to offer a
systematic guidance for the implementation of the system specific to the web
applications. We compare its features with five existing detection systems,
namely AppSensor, PHPIDS, ModSecurity, Shadow Daemon and AQTRONIX WebKnight.
The paper will highly facilitate the interest groups with the cutting edge
information to understand the stronger and weaker sections of the web IDS and
provide a firm foundation for developing an intelligent and efficient system
Secure Routing in Wireless Mesh Networks
Wireless mesh networks (WMNs) have emerged as a promising concept to meet the
challenges in next-generation networks such as providing flexible, adaptive,
and reconfigurable architecture while offering cost-effective solutions to the
service providers. Unlike traditional Wi-Fi networks, with each access point
(AP) connected to the wired network, in WMNs only a subset of the APs are
required to be connected to the wired network. The APs that are connected to
the wired network are called the Internet gateways (IGWs), while the APs that
do not have wired connections are called the mesh routers (MRs). The MRs are
connected to the IGWs using multi-hop communication. The IGWs provide access to
conventional clients and interconnect ad hoc, sensor, cellular, and other
networks to the Internet. However, most of the existing routing protocols for
WMNs are extensions of protocols originally designed for mobile ad hoc networks
(MANETs) and thus they perform sub-optimally. Moreover, most routing protocols
for WMNs are designed without security issues in mind, where the nodes are all
assumed to be honest. In practical deployment scenarios, this assumption does
not hold. This chapter provides a comprehensive overview of security issues in
WMNs and then particularly focuses on secure routing in these networks. First,
it identifies security vulnerabilities in the medium access control (MAC) and
the network layers. Various possibilities of compromising data confidentiality,
data integrity, replay attacks and offline cryptanalysis are also discussed.
Then various types of attacks in the MAC and the network layers are discussed.
After enumerating the various types of attacks on the MAC and the network
layer, the chapter briefly discusses on some of the preventive mechanisms for
these attacks.Comment: 44 pages, 17 figures, 5 table
An FPGA-Based System for Tracking Digital Information Transmitted via Peer-to-Peer Protocols
This thesis addresses the problem of identifying and tracking digital information that is shared using peer-to-peer file transfer and Voice over IP (VoIP) protocols. The goal of the research is to develop a system for detecting and tracking the illicit dissemination of sensitive government information using file sharing applications within a target network, and tracking terrorist cells or criminal organizations that are covertly communicating using VoIP applications. A digital forensic tool is developed using an FPGA-based embedded software application. The tool is designed to process file transfers using the BitTorrent peer-to-peer protocol and VoIP phone calls made using the Session Initiation Protocol (SIP). The tool searches a network for selected peer-to-peer control messages using payload analysis and compares the unique identifier of the file being shared or phone number being used against a list of known contraband files or phone numbers. If the identifier is found on the list, the control packet is added to a log file for later forensic analysis. Results show that the FPGA tool processes peer-to-peer packets of interest 92% faster than a software-only configuration and is 99.0% accurate at capturing and processing BitTorrent Handshake messages under a network traffic load of at least 89.6 Mbps. When SIP is added to the system, the probability of intercept for BitTorrent Handshake messages remains at 99.0% and the probability of intercept for SIP control packets is 97.6% under a network traffic load of at least 89.6 Mbps, demonstrating that the tool can be expanded to process additional peer-to-peer protocols with minimal impact on overall performance
Detecting Botnets Using Hidden Markov Model, Profile Hidden Markov Model and Network Flow Analysis
Botnet is a network of infected computer systems called bots managed remotely by an attacker using bot controllers. Using distributed systems, botnets can be used for large-scale cyber attacks to execute unauthorized actions on the targeted system like phishing, distributed denial of service (DDoS), data theft, and crashing of servers. Common internet protocols used by normal systems for regular communication like hypertext transfer (HTTP) and internet relay chat (IRC) are also used by botnets. Thus, distinguishing botnet activity from normal activity can be challenging. To address this issue, this project proposes an approach to detect botnets using peculiar traits in the communication between command and control servers and bots. Patterns can be observed in botnet behavior like orchestrated attacks, heartbeat signals, or periodic distribution of commands. Hidden Markov Models (HMM) and Profile Hidden Markov Model (PHMM) are probabilistic models that can be trained on network traffic data to identify activity patterns that suggest botnet activity. In this project, HMM and PHMM are used to detect and classify botnets using publicly available datasets for real network data consisting of botnet traffic mixed with normal and background traffic. A comparative analysis of performance of HMM and PHMM is conducted in this project and the results show that HMM and PHMM can be useful in detecting botnets. PHMM outperforms HMM in terms of accuracy of botnet detection
Workload Prediction for Efficient Performance Isolation and System Reliability
In large-scaled and distributed systems, like multi-tier storage systems and cloud data centers, resource sharing among workloads brings multiple benefits while introducing many performance challenges. The key to effective workload multiplexing is accurate workload prediction. This thesis focuses on how to capture the salient characteristics of the real-world workloads to develop workload prediction methods and to drive scheduling and resource allocation policies, in order to achieve efficient and in-time resource isolation among applications. For a multi-tier storage system, high-priority user work is often multiplexed with low-priority background work. This brings the challenge of how to strike a balance between maintaining the user performance and maximizing the amount of finished background work. In this thesis, we propose two resource isolation policies based on different workload prediction methods: one is a Markovian model-based and the other is a neural networks-based. These policies aim at, via workload prediction, discovering the opportune time to schedule background work with minimum impact on user performance. Trace-driven simulations verify the efficiency of the two pro- posed resource isolation policies. The Markovian model-based policy successfully schedules the background work at the appropriate periods with small impact on the user performance. The neural networks-based policy adaptively schedules user and background work, resulting in meeting both performance requirements consistently. This thesis also proposes an accurate while efficient neural networks-based pre- diction method for data center usage series, called PRACTISE. Different from the traditional neural networks for time series prediction, PRACTISE selects the most informative features from the past observations of the time series itself. Testing on a large set of usage series in production data centers illustrates the accuracy (e.g., prediction error) and efficiency (e.g., time cost) of PRACTISE. The superiority of the usage prediction also allows a proactive resource management in the highly virtualized cloud data centers. In this thesis, we analyze on the performance tickets in the cloud data centers, and propose an active sizing algorithm, named ATM, that predicts the usage workloads and re-allocates capacity to work- loads to avoid VM performance tickets. Moreover, driven by cheap prediction of usage tails, we also present TailGuard in this thesis, which dynamically clones VMs among co-located boxes, in order to efficiently reduce the performance violations of physical boxes in cloud data centers
- …