Geographic location of PlanetLab servers

Táto práca sa zaoberá presnosťou polohy staníc v experimentálnej sieti PlanetLab. Práca je rozdelená na teoretickú a praktickú časť. V teoretickej časti je opísaná sieť PlanetLab, jej stručná história a prebiehajúce projekty. Taktiež je v nej opísané vývojové prostredie Google Maps, ktoré využívam v praktickej časti. Praktická časť opisuje funkčnosť programu na overenie presnosti pozície, ale tiež program na meranie odozvy stanice na SSH, či mapu, na ktorej sú zobrazené stanice PlanetLab v Európe. Programy a namerané dáta sú priložené na CD.This thesis deals with accuracy of location of nodes in experimental network PlanetLab. Thesis is devided into a theoretical and a practical part. Theoretical part consists of the description of network PlanetLab, its brief history and current projects. At the same time, Google Maps framework, which is later employed in the practical part, is described. Practical part describes the functionality of the application aimed at validation of location accuracy. Nextly, the application measuring latency of node to SSH is also described, as well as the map which contains PlanetLab nodes located in Europe. Applications and obtained data are attached on CD disk.

Detección de ataques DoS con herramientas de minería de datos

datos en grandes colecciones de datos” y “Evaluación de arquitecturas distribuidas de commodity basadas en software libre” contenidos en el “Laboratorio de Sistemas Inteligentes para la búsqueda de Conocimiento en Datos Masivos”, integrado por docentes investigadores del Departamento e Instituto de Informática (DI-IdeI) de la Facultad de Ciencias Exactas Físicas y Naturales FCEFN, se trabaja enmodelary desde allí mitigar, ataques a un servidor de red por denegación de Servicios(Denial of Services)-DoS- mediante el análisis offline de un flujo de datos simulados y la utilización de algoritmos y herramientas correspondientes a Data StreamMining (Minería de datos -MD- en flujos de datos continuos). La aplicación utiliza módulos y algoritmos específicos delas herramientas de software libre RapidMiner (RM) 5.3.015 y KNIME 3.3.Eje: Bases de datos y Minería de datos.Red de Universidades con Carreras en Informática (RedUNCI

Detecting Slow DDos Attacks on Mobile Devices

Denial of service attacks, distributed denial of service attacks and reflector attacks are well known and documented events. More recently these attacks have been directed at game stations and mobile communication devices as strategies for disrupting communication. In this paper we ask, How can slow DDos attacks be detected? The similarity metric is adopted and applied for potential application. A short review of previous literature on attacks and prevention methodologies is provided and strategies are discussed. An innovative attack detection method is introduced and the processes and procedures are summarized into an investigation process model. The advantages and benefits of applying the metric are demonstrated and the importance of trace back preparation discussed

A simple moving target defense for power grid security using network address translation

The Smart Grid is a Cyber Physical system which relies on the interaction between complex Information Technology (IT) networks and Operational Technology (OT) networks. In the Smart Grid, control and monitoring of physical devices is facilitated through the SCADA network. Recent attacks, such at the Ukrainian Power Grid Attack, show a rising trend of sophisticated and persistent attackers targeting the static vulnerabilities of power systems and SCADA networks [2]

DDoS victim service containment to minimize the internal collateral damages in cloud computing

Recent Distributed Denial of Service (DDoS) attacks on cloud services demonstrate new attack effects, including collateral and economic losses. In this work, we show that DDoS mitigation methods may not provide the expected timely mitigation due to the heavy resource outage created by the attacks. We observe an important Operating System (OS) level internal collateral damage, in which the other critical services are also affected. We formulate the DDoS mitigation problem as an OS level resource management problem. We argue that providing extra resources to the victim's server is only helpful if we can ensure the availability of other services. To achieve these goals, we propose a novel resource containment approach to enforce the victim's resource limits. Our real-time experimental evaluations show that the proposed approach results in reduction in the attack reporting time and victim service downtime by providing isolated and timely resources to ensure availability of other critical services

SDN-Based Double Hopping Communication against Sniffer Attack

Sniffer attack has been a severe threat to network communication security. Traditional network usually uses static network configuration, which provides convenience to sniffer attack. In this paper, an SDN-based double hopping communication (DHC) approach is proposed to solve this problem. In DHC, ends in communication packets as well as the routing paths are changed dynamically. Therefore, the traffic will be distributed to multiple flows and transmitted along different paths. Moreover, the data from multiple users will be mixed, bringing difficulty for attackers in obtaining and recovering the communication data, so that sniffer attack will be prevented effectively. It is concluded that DHC is able to increase the overhead of sniffer attack, as well as the difficulty of communication data recovery

Moving Target Defense for Securing SCADA Communications

In this paper, we introduce a framework for building a secure and private peer to peer communication used in supervisory control and data acquisition networks with a novel Mobile IPv6-based moving target defense strategy. Our approach aids in combating remote cyber-attacks against peer hosts by thwarting any potential attacks at their reconnaissance stage. The IP address of each host is randomly changed at a certain interval creating a moving target to make it difficult for an attacker to find the host. At the same time, the peer host is updated through the use of the binding update procedure (standard Mobile IPv6 protocol). Compared with existing results that can incur significant packet-loss during address rotations, the proposed solution is loss-less. Improving privacy and anonymity for communicating hosts by removing permanent IP addresses from all packets is also one of the major contributions of this paper. Another contribution is preventing black hole attacks and bandwidth depletion DDoS attacks through the use of extra paths between the peer hosts. Recovering the communication after rebooting a host is also a new contribution of this paper. Lab-based simulation results are presented to demonstrate the performance of the method in action, including its overheads. The testbed experiments show zero packet-loss rate during handoff delay

Moving target defense for securing smart grid communications: Architectural design, implementation and evaluation

Supervisory Control And Data Acquisition (SCADA) communications are often subjected to various kinds of sophisticated cyber-attacks which can have a serious impact on the Critical Infrastructure such as the power grid. Most of the time, the success of the attack is based on the static characteristics of the system, thereby enabling an easier profiling of the target system(s) by the adversary and consequently exploiting their limited resources. In this thesis, a novel approach to mitigate such static vulnerabilities is proposed by implementing a Moving Target Defense (MTD) strategy in a power grid SCADA environment, which leverages the existing communication network with an end-to-end IP Hopping technique among the trusted peer devices. This offers a proactive L3 layer network defense, minimizing IP-specific threats and thwarting worm propagation, APTs, etc., which utilize the cyber kill chain for attacking the system through the SCADA network. The main contribution of this thesis is to show how MTD concepts provide proactive defense against targeted cyber-attacks, and a dynamic attack surface to adversaries without compromising the availability of a SCADA system. Specifically, the thesis presents a brief overview of the different type of MTD designs, the proposed MTD architecture and its implementation with IP hopping technique over a Control Center–Substation network link along with a 3-way handshake protocol for synchronization on the Iowa State’s Power Cyber testbed. The thesis further investigates the delay and throughput characteristics of the entire system with and without the MTD to choose the best hopping rate for the given link. It also includes additional contributions for making the testbed scenarios more realistic to real world scenarios with multi-hop, multi-path WAN. Using that and studying a specific attack model, the thesis analyses the best ranges of IP address for different hopping rate and different number of interfaces. Finally, the thesis describes two case studies to explore and identify potential weaknesses of the proposed mechanism, and also experimentally validate the proposed mitigation alterations to resolve the discovered vulnerabilities. As part of future work, we plan to extend this work by optimizing the MTD algorithm to be more resilient by incorporating other techniques like network port mutation to further increase the attack complexity and cost

Intrusion Detection and Countermeasure of Virtual Cloud Systems - State of the Art and Current Challenges

Clouds are distributed Internet-based platforms that provide highly resilient and scalable environments to be used by enterprises in a multitude of ways. Cloud computing offers enterprises technology innovation that business leaders and IT infrastructure managers can choose to apply based on how and to what extent it helps them fulfil their business requirements. It is crucial that all technical consultants have a rigorous understanding of the ramifications of cloud computing as its influence is likely to spread the complete IT landscape. Security is one of the major concerns that is of practical interest to decision makers when they are making critical strategic operational decisions. Distributed Denial of Service (DDoS) attacks are becoming more frequent and effective over the past few years, since the widely publicised DDoS attacks on the financial services industry that came to light in September and October 2012 and resurfaced in the past two years. In this paper, we introduce advanced cloud security technologies and practices as a series of concepts and technology architectures, from an industry-centric point of view. This is followed by classification of intrusion detection and prevention mechanisms that can be part of an overall strategy to help understand identify and mitigate potential DDoS attacks on business networks. The paper establishes solid coverage of security issues related to DDoS and virtualisation with a focus on structure, clarity, and well-defined blocks for mainstream cloud computing security solutions and platforms. In doing so, we aim to provide industry technologists, who may not be necessarily cloud or security experts, with an effective tool to help them understand the security implications associated with cloud adoption in their transition towards more knowledge-based systems

WICC 2017 : XIX Workshop de Investigadores en Ciencias de la Computación

Actas del XIX Workshop de Investigadores en Ciencias de la Computación (WICC 2017), realizado en el Instituto Tecnológico de Buenos Aires (ITBA), el 27 y 28 de abril de 2017.Red de Universidades con Carreras en Informática (RedUNCI