Intrusion Detection in Mobile Ad Hoc Networks Using Classification Algorithms

In this paper we present the design and evaluation of intrusion detection models for MANETs using supervised classification algorithms. Specifically, we evaluate the performance of the MultiLayer Perceptron (MLP), the Linear classifier, the Gaussian Mixture Model (GMM), the Naive Bayes classifier and the Support Vector Machine (SVM). The performance of the classification algorithms is evaluated under different traffic conditions and mobility patterns for the Black Hole, Forging, Packet Dropping, and Flooding attacks. The results indicate that Support Vector Machines exhibit high accuracy for almost all simulated attacks and that Packet Dropping is the hardest attack to detect.Comment: 12 pages, 7 figures, presented at MedHocNet 200

Dendritic Cells for Anomaly Detection

Artificial immune systems, more specifically the negative selection algorithm, have previously been applied to intrusion detection. The aim of this research is to develop an intrusion detection system based on a novel concept in immunology, the Danger Theory. Dendritic Cells (DCs) are antigen presenting cells and key to the activation of the human signals from the host tissue and correlate these signals with proteins know as antigens. In algorithmic terms, individual DCs perform multi-sensor data fusion based on time-windows. The whole population of DCs asynchronously correlates the fused signals with a secondary data stream. The behaviour of human DCs is abstracted to form the DC Algorithm (DCA), which is implemented using an immune inspired framework, libtissue. This system is used to detect context switching for a basic machine learning dataset and to detect outgoing portscans in real-time. Experimental results show a significant difference between an outgoing portscan and normal traffic.Comment: 8 pages, 10 tables, 4 figures, IEEE Congress on Evolutionary Computation (CEC2006), Vancouver, Canad

Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences

In this survey, we first briefly review the current state of cyber attacks, highlighting significant recent changes in how and why such attacks are performed. We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence from the attacked parties and the security tools they use. We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels. We also map such techniques to widely-adopted security controls, emphasizing gaps or limitations (and success stories) in current best practices.Comment: Work commissioned by CPNI, available at c2report.org. 38 pages. Listing abstract compressed from version appearing in repor

A reconnaissance geochemical drainage survey of the Criffel-Dalbeattie granodiorite complex and its environs

Regional geochemical reconnaissance by stream sediments and panned concentrates was undertaken over an area of 850 km 2 of south-west Scotland. Rocks of Ordovician to Permian age are exposed within the area but the major part is occupied by the Criffel-Dalbeattie granodiorite complex. Multi-element analysis of the samples collected demonstrates patterns of trace element distribution related to the geology and Broad-scale patterns in the distribution of some elements reflect compositional anumber of mineralisation. variations in both the Lower Palaeozoic turbidite sequence and the Criffel- Dalbeattie granodiorite complex, both of which may be sub-divided into specific units on the basis of the geochemical data. The follow-up of copper anomalies in drainage samples from the Black Stockarton Moor area led to the discovery of porphyry-style copper mineralisation within an arcuate belt at least 5 km by 1 km within the Black Stockarton Moor subvolcanic complex and of related disseminated copper mineralisation at Screel Burn. The area to the west of the Criffel-Dalbeattie plutonic complex is also characterised by relatively high boron levels in stream sediments reflecting the widespread occurrence of tourmaline both in association with and peripheral to the copper mineralisation. Vein mineralisation, usually containing baryte in addition to base.metals, is also identifiable from the drainage survey at the eastern margin of the Criffel-Dalbeattie granodiorite; in association with the Lower Carboniferous rocks along the Solway coast; and within the Lower Palaeozoic turbidites in the west of the area