Botnet lab creation with open source tools and usefulness of such a tool for researchers

Botnets are large scale networks, which can span across the internet and comprise of computers, which have been infected by malicious software and are centrally controlled from a remote location. Botnets pose a great security risk and their size has been rising drastically over the past few years. The use of botnets by the underground community as a medium for online crime, bundled with their use for profit has shined the spotlight on them. Numerous researchers have proposed and designed infrastructures and frameworks that identify newly formed botnets and their traffic patterns. In this research, the design of a unified modular open source laboratory is proposed, with the use of virtual machines and open source tools, which can be used in analyzing and dissecting newly found bots in the wild. Furthermore, the usefulness and flexibility of the open source laboratory is evaluated by infecting my test machines with the Zeus Bot

Verifying service continuity in a satellite reconfiguration procedure: application to a satellite

The paper discusses the use of the TURTLE UML profile to model and verify service continuity during dynamic reconfiguration of embedded software, and space-based telecommunication software in particular. TURTLE extends UML class diagrams with composition operators, and activity diagrams with temporal operators. Translating TURTLE to the formal description technique RT-LOTOS gives the profile a formal semantics and makes it possible to reuse verification techniques implemented by the RTL, the RT-LOTOS toolkit developed at LAAS-CNRS. The paper proposes a modeling and formal validation methodology based on TURTLE and RTL, and discusses its application to a payload software application in charge of an embedded packet switch. The paper demonstrates the benefits of using TURTLE to prove service continuity for dynamic reconfiguration of embedded software

EMI Security Architecture

This document describes the various architectures of the three middlewares that comprise the EMI software stack. It also outlines the common efforts in the security area that allow interoperability between these middlewares. The assessment of the EMI Security presented in this document was performed internally by members of the Security Area of the EMI project

Machine Learning based Attacks Detection and Countermeasures in IoT

While the IoT offers important benefits and opportunities for users, the technology raises various security issues and threats. These threats may include spreading IoT botnets through IoT devices which are the common and most malicious security threat in the world of internet. Protecting the IoT devices against these threats and attacks requires efficient detection. While we need to take into consideration IoT devices memory capacity limitation and low power processors. In this paper, we will focus in proposing low power consumption Machine Learning (ML) techniques for detecting IoT botnet attacks using Random forest as ML-based detection method and describing IoT common attacks with its countermeasures. The experimental result of our proposed solution shows higher accuracy. From the results, we conclude that IoT botnet detection is possible; achieving a higher accuracy rate as an experimental result indicates an accuracy rate of over 99.99% where the true positive rate is 1.000 and the false-negative rate is 0.000

InSight2: An Interactive Web Based Platform for Modeling and Analysis of Large Scale Argus Network Flow Data

Monitoring systems are paramount to the proactive detection and mitigation of problems in computer networks related to performance and security. Degraded performance and compromised end-nodes can cost computer networks downtime, data loss and reputation. InSight2 is a platform that models, analyzes and visualizes large scale Argus network flow data using up-to-date geographical data, organizational information, and emerging threats. It is engineered to meet the needs of network administrators with flexibility and modularity in mind. Scalability is ensured by devising multi-core processing by implementing robust software architecture. Extendibility is achieved by enabling the end user to enrich flow records using additional user provided databases. Deployment is streamlined by providing an automated installation script. State-of-the-art visualizations are devised and presented in a secure, user friendly web interface giving greater insight about the network to the end user