Signature driven e-mail spam detection using network intrusion detection methodology

The scope of this research paper is one of the most important aspects nowadays, the security and management of one of the most important services the e-mail and all of the alike online services today. This paper attempts to investigate the possible benefits of using standard signature-driven spam detection logic in combination with algorithm for network intrusion detection system (NIDS). The primary objective is to verify that proposed solution (standard signature-driven spam detection logic and NIDSalgorithm) will be an effective strategy for dealing with e-mail spam detection. The main aim is to determine best possible integration of standard signature-driven spam detection logic in combination with algorithm for network intrusion detection system, for creating more effective solution for dealing with e-mail spam compared to the previous solutions available. This will be achieved by testing the effectiveness of the solution compared to other solutions until today, by using network simulators NS-3. Keyword: e-mail, spam, network intrusion detection system, network security, agent based security

A taxonomy of approaches for integrating attack awareness in applications

Software applications are subject to an increasing number of attacks, resulting in data breaches and financial damage. Many solutions have been considered to help mitigate these attacks, such as the integration of attack-awareness techniques. In this paper, we propose a taxonomy illustrating how existing attack awareness techniques can be integrated into applications. This work provides a guide for security researchers and developers, aiding them when choosing the approach which best fits the needs of their application

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Stochastic Tools for Network Intrusion Detection

With the rapid development of Internet and the sharp increase of network crime, network security has become very important and received a lot of attention. We model security issues as stochastic systems. This allows us to find weaknesses in existing security systems and propose new solutions. Exploring the vulnerabilities of existing security tools can prevent cyber-attacks from taking advantages of the system weaknesses. We propose a hybrid network security scheme including intrusion detection systems (IDSs) and honeypots scattered throughout the network. This combines the advantages of two security technologies. A honeypot is an activity-based network security system, which could be the logical supplement of the passive detection policies used by IDSs. This integration forces us to balance security performance versus cost by scheduling device activities for the proposed system. By formulating the scheduling problem as a decentralized partially observable Markov decision process (DEC-POMDP), decisions are made in a distributed manner at each device without requiring centralized control. The partially observable Markov decision process (POMDP) is a useful choice for controlling stochastic systems. As a combination of two Markov models, POMDPs combine the strength of hidden Markov Model (HMM) (capturing dynamics that depend on unobserved states) and that of Markov decision process (MDP) (taking the decision aspect into account). Decision making under uncertainty is used in many parts of business and science.We use here for security tools.We adopt a high-quality approximation solution for finite-space POMDPs with the average cost criterion, and their extension to DEC-POMDPs. We show how this tool could be used to design a network security framework.Comment: Accepted by International Symposium on Sensor Networks, Systems and Security (2017

Improving the security level of the FUSION@ multi-agent architecture

The use of architectures based on services and multi-agent systems has become an increasingly important part of the solution set used for the development of distributed systems. Nevertheless, these models pose a variety of problems with regards to security. This article presents the Adaptive Intrusion Detection Multi-agent System (AIDeMaS), a mechanism that has been designed to detect and block malicious SOAP messages within distributed systems built by service based architectures. AIDeMaS has been implemented as part of FUSION@, a multi-agent architecture that facilitates the integration of distributed services and applications to optimize the construction of highly-dynamic multi-agent systems. One of the main features of AIDeMaS is that is employs case-based reasoning mechanisms, which provide it with great learning and adaptation capabilities that can be used for classifying SOAP messages. This research presents a case study that uses the ALZ-MAS system, a multi-agent system built around FUSION@, in order to confirm the effectiveness of AIDeMaS. The preliminary results are presented in this paper

Tracking advanced persistent threats in critical infrastructures through opinion dynamics

Advanced persistent threats pose a serious issue for modern industrial environments, due to their targeted and complex attack vectors that are difficult to detect. This is especially severe in critical infrastructures that are accelerating the integration of IT technologies. It is then essential to further develop effective monitoring and response systems that ensure the continuity of business to face the arising set of cyber-security threats. In this paper, we study the practical applicability of a novel technique based on opinion dynamics, that permits to trace the attack throughout all its stages along the network by correlating different anomalies measured over time, thereby taking the persistence of threats and the criticality of resources into consideration. The resulting information is of essential importance to monitor the overall health of the control system and cor- respondingly deploy accurate response procedures. Advanced Persistent Threat Detection Traceability Opinion Dynamics.Universidad de Málaga. Campus de Excelencia Internacional Andalucía Tech