Network Forensics Against Address Resolution Protocol Spoofing Attacks Using Trigger, Acquire, Analysis, Report, Action Method

This study aims to obtain attack evidence and reconstruct commonly used address resolution protocol attacks as a first step to launch a moderately malicious attack. MiTM and DoS are the initiations of ARP spoofing attacks that are used as a follow-up attack from ARP spoofing. The impact is quite severe, ranging from data theft and denial of service to crippling network infrastructure systems. In this study, data collection was conducted by launching an test attack against a real network infrastructure involving 27 computers, one router, and four switches. This study uses a Mikrotik router by building a firewall to generate log files and uses the Tazmen Sniffer Protocol, which is sent to a syslog-ng computer in a different virtual domain in a local area network. The Trigger, Acquire, Analysis, Report, Action method is used in network forensic investigations by utilising Wireshark and network miners to analyze network traffic during attacks. The results of this network forensics obtain evidence that there have been eight attacks with detailed information on when there was an attack on the media access control address and internet protocol address, both from the attacker and the victim. However, attacks carried out with the KickThemOut tool can provide further information about the attacker’s details through a number of settings, in particular using the Gratuitous ARP and ICMP protocols

Implementasi Intrusion Detection System (Ids)di Jaringan Universitas Bina Darma

Computer Security systems, in recent years has become a major focus in the world of computer networks, this is due to the high threat of suspicious (Suspicious Threat) and attacks from the internet. Bina Darma University is one of the agencies which activities using the internet network services, ranging from the processing of existing data, including the KRS online system, mail server and web portal in each unit and others. Bina Darma University network manager for this building system is a network Security by implementing a firewall and proxy server on each server in the network unit. To further optimize the network Security system at the University of Bina Darma, the author will implement a network Intrusion Detection System at the Bina Darma University as network Security solutions for both the intranet and internet network of Bina Darma University, where the author will build an IDS (Intrusion Detection System) using a snort. Keywords: Networking Security, Firewall, Proxy Server, IDS (Intrusion Detection System), Snort

Network Resilience Improvement and Evaluation Using Link Additions

Computer networks are getting more involved in providing services for most of our daily life activities related to education, business, health care, social life, and government. Publicly available computer networks are prone to targeted attacks and natural disasters that could disrupt normal operation and services. Building highly resilient networks is an important aspect of their design and implementation. For existing networks, resilience against such challenges can be improved by adding more links. In fact, adding links to form a full mesh yields the most resilient network but it incurs an unfeasibly high cost. In this research, we investigate the resilience improvement of real-world networks via adding a cost-efficient set of links. Adding a set of links to an obtain optimal solution using an exhaustive search is impracticable for large networks. Using a greedy algorithm, a feasible solution is obtained by adding a set of links to improve network connectivity by increasing a graph robustness metric such as algebraic connectivity or total graph diversity. We use a graph metric called flow robustness as a measure for network resilience. To evaluate the improved networks, we apply three centrality-based attacks and study their resilience. The flow robustness results of the attacks show that the improved networks are more resilient than the non-improved networks

Quantification of the Impact of Cyber Attack in Critical Infrastructures

In this paper we report on a recent study of the impact of cyber-attacks on the resilience of complex industrial systems. We describe our approach to building a hybrid model consisting of both the system under study and an Adversary, and we demonstrate its use on a complex case study - a reference power transmission network (NORDIC 32), enhanced with a detailed model of the computer and communication system used for monitoring, protection and control. We studied the resilience of the modelled system under different scenarios: i) a base-line scenario in which the modelled system operates in the presence of accidental failures without cyber-attacks; ii) scenarios in which cyber-attacks can occur. We discuss the usefulness of our findings and outline directions for further work

Detection and Classification of DDos Attack on Software Defined Network

Software-Defined Networking (SDN) is a new network paradigm that changes network architecture. However, it turns out that the SDN network also has several issues, one of which is security. The higher the traffic on the network, the higher the possibility of security threats that will occur. Therefore, it is necessary to detect attacks that might occur on this SDN network. This study will detect attacks on the SDN network with the stages carried out, namely the process of building an SDN architecture using a mininet emulator, then network simulation according to the topology, retrieval of traffic data using wireshark and performing data analysis using the Weka application on the NSL KDD dataset. The results of this research found that a DDos attack a ping of death is an attack that sends messages continuously to the recipient, causing the computer to crash, then analysis of attack classification data is carried out using a dataset to compare machine learning algorithms that have high accuracy was Random Forests. The targeted output in this research is published in the Journal of Computing

Comparative Analysis of Selected Filtered Feature Rankers Evaluators for Cyber Attacks Detection

An increase in global connectivity and rapid expansion of computer usage and computer networks has made the security of the computer system an important issue with the industries and cyber communities being faced with new kinds of attacks daily The high complexity of cyberattacks poses a great challenge to the protection of cyberinfrastructures Confidentiality Integrity and availability of sensitive information stored on it Intrusion detection systems monitors network traffic for suspicious Intrusive activity and issues alert when such activity is detected Building Intrusion detection system that is computationally efficient and effective requires the use of relevant features of the network traffics packets identified by feature selection algorithms This paper implemented K-Nearest Neighbor and Na ve Bayes Intrusion detection models using relevant features of the UNSW-NB15 Intrusion detection dataset selected by Gain Ratio Information Gain Relief F and Correlation rankers feature selection technique

Intrusion Detection System using Bayesian Network Modeling

Computer Network Security has become a critical and important issue due to ever increasing cyber-crimes. Cybercrimes are spanning from simple piracy crimes to information theft in international terrorism. Defence security agencies and other militarily related organizations are highly concerned about the confidentiality and access control of the stored data. Therefore, it is really important to investigate on Intrusion Detection System (IDS) to detect and prevent cybercrimes to protect these systems. This research proposes a novel distributed IDS to detect and prevent attacks such as denial service, probes, user to root and remote to user attacks. In this work, we propose an IDS based on Bayesian network classification modelling technique. Bayesian networks are popular for adaptive learning, modelling diversity network traffic data for meaningful classification details. The proposed model has an anomaly based IDS with an adaptive learning process. Therefore, Bayesian networks have been applied to build a robust and accurate IDS. The proposed IDS has been evaluated against the KDD DAPRA dataset which was designed for network IDS evaluation. The research methodology consists of four different Bayesian networks as classification models, where each of these classifier models are interconnected and communicated to predict on incoming network traffic data. Each designed Bayesian network model is capable of detecting a major category of attack such as denial of service (DoS). However, all four Bayesian networks work together to pass the information of the classification model to calibrate the IDS system. The proposed IDS shows the ability of detecting novel attacks by continuing learning with different datasets. The testing dataset constructed by sampling the original KDD dataset to contain balance number of attacks and normal connections. The experiments show that the proposed system is effective in detecting attacks in the test dataset and is highly accurate in detecting all major attacks recorded in DARPA dataset. The proposed IDS consists with a promising approach for anomaly based intrusion detection in distributed systems. Furthermore, the practical implementation of the proposed IDS system can be utilized to train and detect attacks in live network traffi