13,098 research outputs found
Flooding attacks to internet threat monitors (ITM): Modeling and counter measures using botnet and honeypots
The Internet Threat Monitoring (ITM),is a globally scoped Internet monitoring
system whose goal is to measure, detect, characterize, and track threats such
as distribute denial of service(DDoS) attacks and worms. To block the
monitoring system in the internet the attackers are targeted the ITM system. In
this paper we address flooding attack against ITM system in which the attacker
attempt to exhaust the network and ITM's resources, such as network bandwidth,
computing power, or operating system data structures by sending the malicious
traffic. We propose an information-theoretic frame work that models the
flooding attacks using Botnet on ITM. Based on this model we generalize the
flooding attacks and propose an effective attack detection using Honeypots
Real-time cross-layer design for large-scale flood detection and attack trace-back mechanism in IEEE 802.11 wireless mesh networks
IEEE 802.11 WMN is an emerging next generation low-cost multi-hop wireless broadband provisioning technology. It has the capability of integrating wired and wireless networks such as LANs, IEEE 802.11 WLANs, IEEE 802.16 WMANs, and sensor networks. This kind of integration: large-scale coverage, decentralised and multi-hop architecture, multi-radios, multi-channel assignments, ad hoc connectivity support the maximum freedom of users to join or leave the network from anywhere and at anytime has made the situation far more complex. As a result broadband resources are exposed to various kinds of security attacks, particularly DoS attacks
Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
In this survey, we first briefly review the current state of cyber attacks,
highlighting significant recent changes in how and why such attacks are
performed. We then investigate the mechanics of malware command and control
(C2) establishment: we provide a comprehensive review of the techniques used by
attackers to set up such a channel and to hide its presence from the attacked
parties and the security tools they use. We then switch to the defensive side
of the problem, and review approaches that have been proposed for the detection
and disruption of C2 channels. We also map such techniques to widely-adopted
security controls, emphasizing gaps or limitations (and success stories) in
current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages.
Listing abstract compressed from version appearing in repor
Active router approach to defeating denial-of-service attacks in networks
Denial-of-service attacks represent a major threat to modern organisations who are increasingly dependent on the integrity of their computer networks. A new approach to combating such threats introduces active routers into the network architecture. These active routers offer the combined benefits of intrusion detection, firewall functionality and data encryption and work collaboratively to provide a distributed defence mechanism. The paper provides a detailed description of the design and operation of the algorithms used by the active routers and demonstrates how this approach is able to defeat a SYN and SMURF attack. Other approaches to network design, such as the introduction of a firewall and intrusion detection systems, can be used to protect networks, however, weaknesses remain. It is proposed that the adoption of an active router approach to protecting networks overcomes many of these weaknesses and therefore offers enhanced protection
Extension and hardware implementation of the comprehensive integrated security system concept
Merged with duplicate record (10026.1/700) on 03.01.2017 by CS (TIS)This is a digitised version of a thesis that was deposited in the University Library. If you are the author please contact PEARL Admin ([email protected]) to discuss options.The current strategy to computer networking is to increase the accessibility that legitimate
users have to their respective systems and to distribute functionality. This creates a more
efficient working environment, users may work from home, organisations can make better
use of their computing power. Unfortunately, a side effect of opening up computer systems
and placing them on potentially global networks is that they face increased threats from
uncontrolled access points, and from eavesdroppers listening to the data communicated
between systems. Along with these increased threats the traditional ones such as
disgruntled employees, malicious software, and accidental damage must still be countered.
A comprehensive integrated security system ( CISS ) has been developed to provide
security within the Open Systems Interconnection (OSI) and Open Distributed Processing
(ODP) environments. The research described in this thesis investigates alternative methods
for its implementation and its optimisation through partial implementation within hardware
and software and the investigation of mechanismsto improve its security.
A new deployment strategy for CISS is described where functionality is divided amongst
computing platforms of increasing capability within a security domain. Definitions are given
of a: local security unit, that provides terminal security; local security servers that serve the
local security units and domain management centres that provide security service coordination
within a domain.
New hardware that provides RSA and DES functionality capable of being connected to Sun
microsystems is detailed. The board can be used as a basic building block of CISS,
providing fast cryptographic facilities, or in isolation for discrete cryptographic services.
Software written for UNIX in C/C++ is described, which provides optimised security
mechanisms on computer systems that do not have SBus connectivity.
A new identification/authentication mechanism is investigated that can be added to existing
systems with the potential for extension into a real time supervision scenario. The
mechanism uses keystroke analysis through the application of neural networks and genetic
algorithms and has produced very encouraging results.
Finally, a new conceptual model for intrusion detection capable of dealing with real time
and historical evaluation is discussed, which further enhances the CISS concept
- …