1,534 research outputs found
CONDOR: A Hybrid IDS to Offer Improved Intrusion Detection
Intrusion Detection Systems are an accepted and very
useful option to monitor, and detect malicious activities.
However, Intrusion Detection Systems have inherent limitations which lead to false positives and false negatives; we propose that combining signature and anomaly based IDSs should be examined. This paper contrasts signature and anomaly-based IDSs, and critiques some proposals about hybrid IDSs with signature and heuristic capabilities, before considering some of their contributions in order to include them as main features of a new hybrid IDS named CONDOR (COmbined Network intrusion Detection ORientate), which is designed to offer superior pattern analysis and anomaly detection by reducing false positive rates and administrator intervention
Selective Jamming of LoRaWAN using Commodity Hardware
Long range, low power networks are rapidly gaining acceptance in the Internet
of Things (IoT) due to their ability to economically support long-range sensing
and control applications while providing multi-year battery life. LoRa is a key
example of this new class of network and is being deployed at large scale in
several countries worldwide. As these networks move out of the lab and into the
real world, they expose a large cyber-physical attack surface. Securing these
networks is therefore both critical and urgent. This paper highlights security
issues in LoRa and LoRaWAN that arise due to the choice of a robust but slow
modulation type in the protocol. We exploit these issues to develop a suite of
practical attacks based around selective jamming. These attacks are conducted
and evaluated using commodity hardware. The paper concludes by suggesting a
range of countermeasures that can be used to mitigate the attacks.Comment: Mobiquitous 2017, November 7-10, 2017, Melbourne, VIC, Australi
Detecting TCP SYN Flood Attack in the Cloud
In this paper, an approach to protecting virtual machines (VMs) against TCP SYN flood attack in a cloud environment is proposed. An open source cloud platform Eucalyptus is deployed and experimentation is carried out on this setup. We investigate attacks emanating from one VM to another in a multi-tenancy cloud environment. Various scenarios of the attack are executed on a webserver VM. To detect such attacks from a cloud provider’s perspective, a security mechanism involving a packet sniffer, feature extraction process, a classifier and an alerting component is proposed and implemented. We experiment with k-nearest neighbor and artificial neural network for classification of the attack. The dataset obtained from the attacks on the webserver VM is passed through the classifiers. The artificial neural network produced a F1 score of 1 with the test cases implying a 100% detection accuracy of the malicious attack traffic from legitimate traffic. The proposed security mechanism shows promising results in detecting TCP SYN flood attack behaviors in the cloud
Stealthy Deception Attacks Against SCADA Systems
SCADA protocols for Industrial Control Systems (ICS) are vulnerable to
network attacks such as session hijacking. Hence, research focuses on network
anomaly detection based on meta--data (message sizes, timing, command
sequence), or on the state values of the physical process. In this work we
present a class of semantic network-based attacks against SCADA systems that
are undetectable by the above mentioned anomaly detection. After hijacking the
communication channels between the Human Machine Interface (HMI) and
Programmable Logic Controllers (PLCs), our attacks cause the HMI to present a
fake view of the industrial process, deceiving the human operator into taking
manual actions. Our most advanced attack also manipulates the messages
generated by the operator's actions, reversing their semantic meaning while
causing the HMI to present a view that is consistent with the attempted human
actions. The attacks are totaly stealthy because the message sizes and timing,
the command sequences, and the data values of the ICS's state all remain
legitimate.
We implemented and tested several attack scenarios in the test lab of our
local electric company, against a real HMI and real PLCs, separated by a
commercial-grade firewall. We developed a real-time security assessment tool,
that can simultaneously manipulate the communication to multiple PLCs and cause
the HMI to display a coherent system--wide fake view. Our tool is configured
with message-manipulating rules written in an ICS Attack Markup Language (IAML)
we designed, which may be of independent interest. Our semantic attacks all
successfully fooled the operator and brought the system to states of blackout
and possible equipment damage
A high throughput Intrusion Detection System (IDS) to enhance the security of data transmission among research centers
Data breaches and cyberattacks represent a severe problem in higher education
institutions and universities that can result in illegal access to sensitive
information and data loss. To enhance the security of data transmission,
Intrusion Prevention Systems (IPS, i.e., firewalls) and Intrusion Detection
Systems (IDS, i.e., packet sniffers) are used to detect potential threats in
the exchanged data. IPSs and IDSs are usually designed as software programs
running on a server machine. However, when the speed of exchanged data is too
high, this solution can become unreliable. In this case, IPSs and IDSs designed
on a real hardware platform, such as ASICs and FPGAs, represent a more reliable
solution. This paper presents a packet sniffer that was designed using a
commercial FPGA development board. The system can support a data throughput of
10 Gbit/s with preliminary results showing that the speed of data transmission
can be reliably extended to 100 Gbit/s. The designed system is highly
configurable by the user and can enhance the data protection of information
transmitted using the Ethernet protocol. It is particularly suited for the
security of universities and research centers, where point-to-point network
connections are dominant and large amount of sensitive data are shared among
different hosts.Comment: 10 pages, 10 figures, 16th Topical Seminar on Innovative Particle and
Radiation Detectors (IPRD23), 25-29 September 2023, Siena, Ital
BotSpine - A Generic Simple Development Platform of Smartphones and Sensors or Robotics
The Internet of Things (IoT) emergence leads to an “intelligence” technology revolution in industrial, social, environmental and almost every aspect of life and objectives. Sensor and actuators are heavily employed in industrial production and, under the trend of IoT, smart sensors are in great demand. Smartphones stand out from other computing terminals as a result of their incomparable popularity, mobility and computer comparable computing capability. However, current IoT designs are developed among diverse platforms and systems and are usually specific to applications and patterns. There is no a standardized developing interface between smartphones and sensors/electronics that is facile and rapid for either developers or consumers to connect and control through smartphones.
The goal of this thesis is to develop a simple and generic platform interconnecting smartphones and sensors and/or robotics, allowing users to develop, monitor and control all types of sensors, robotics or customer electronics simply over their smartphones through the developed platform. The research is in cooperation with a local company, Environmental Instruments Canada Inc. From the perspective of research and industrial interests, the proposed platform is designed for generally applicable, low cost, low energy, easily programmed, and smartphone based sensor and/or robotic development purposes.
I will build a platform interfacing smartphones and sensors including hardware, firmware structures and software application. The platform is named BotSpine and it provides an energy-efficient real-time wireless communication. This thesis also implements BotSpine by redesigning a radon sniffer robot with the developed interface, demonstrated that BotSpine is able to achieve expectations. BotSpine performs a fast and secure connection with smartphones and its command/BASIC program features render controlling and developing robotics and electronics easy and simple
An adaptive distributed Intrusion detection system architecture using multi agents
Intrusion detection systems are used for monitoring the network data, analyze them and find the intrusions if any. The major issues with these systems are the time taken for analysis, transfer of bulk data from one part of the network to another, high false positives and adaptability to the future threats. These issues are addressed here by devising a framework for intrusion detection. Here, various types of co-operating agents are distributed in the network for monitoring, analyzing, detecting and reporting. Analysis and detection agents are the mobile agents which are the primary detection modules for detecting intrusions. Their mobility eliminates the transfer of bulk data for processing. An algorithm named territory is proposed to avoid interference of one analysis agent with another one. A communication layout of the analysis and detection module with other modules is depicted. The inter-agent communication reduces the false positives significantly. It also facilitates the identification of distributed types of attacks. The co-ordinator agents log various events and summarize the activities in its network. It also communicates with co-ordinator agents of other networks. The system is highly scalable by increasing the number of various agents if needed. Centralized processing is avoided here to evade single point of failure. We created a prototype and the experiments done gave very promising results showing the effectiveness of the system
Sonification of Network Traffic Flow for Monitoring and Situational Awareness
Maintaining situational awareness of what is happening within a network is
challenging, not least because the behaviour happens within computers and
communications networks, but also because data traffic speeds and volumes are
beyond human ability to process. Visualisation is widely used to present
information about the dynamics of network traffic dynamics. Although it
provides operators with an overall view and specific information about
particular traffic or attacks on the network, it often fails to represent the
events in an understandable way. Visualisations require visual attention and so
are not well suited to continuous monitoring scenarios in which network
administrators must carry out other tasks. Situational awareness is critical
and essential for decision-making in the domain of computer network monitoring
where it is vital to be able to identify and recognize network environment
behaviours.Here we present SoNSTAR (Sonification of Networks for SiTuational
AwaReness), a real-time sonification system to be used in the monitoring of
computer networks to support the situational awareness of network
administrators. SoNSTAR provides an auditory representation of all the TCP/IP
protocol traffic within a network based on the different traffic flows between
between network hosts. SoNSTAR raises situational awareness levels for computer
network defence by allowing operators to achieve better understanding and
performance while imposing less workload compared to visual techniques. SoNSTAR
identifies the features of network traffic flows by inspecting the status flags
of TCP/IP packet headers and mapping traffic events to recorded sounds to
generate a soundscape representing the real-time status of the network traffic
environment. Listening to the soundscape allows the administrator to recognise
anomalous behaviour quickly and without having to continuously watch a computer
screen.Comment: 17 pages, 7 figures plus supplemental material in Github repositor
- …