6,433 research outputs found
Harnessing Predictive Models for Assisting Network Forensic Investigations of DNS Tunnels
In recent times, DNS tunneling techniques have been used for malicious purposes, however network security mechanisms struggle to detect them. Network forensic analysis has been proven effective, but is slow and effort intensive as Network Forensics Analysis Tools struggle to deal with undocumented or new network tunneling techniques. In this paper, we present a machine learning approach, based on feature subsets of network traffic evidence, to aid forensic analysis through automating the inference of protocols carried within DNS tunneling techniques. We explore four network protocols, namely, HTTP, HTTPS, FTP, and POP3. Three features are extracted from the DNS tunneled traffic: IP packet length, DNS Query Name Entropy, and DNS Query Name Length. We benchmark the performance of four classification models, i.e., decision trees, support vector machines, k-nearest neighbours, and neural networks, on a data set of DNS tunneled traffic. Classification accuracy of 95% is achieved and the feature set reduces the original evidence data size by a factor of 74%. More importantly, our findings provide strong evidence that predictive modeling machine learning techniques can be used to identify network protocols within DNS tunneled traffic in real-time with high accuracy from a relatively small-sized feature-set, without necessarily infringing on privacy from the outset, nor having to collect complete DNS Tunneling sessions
Hybrid Simulation Safety: Limbos and Zero Crossings
Physical systems can be naturally modeled by combining continuous and
discrete models. Such hybrid models may simplify the modeling task of complex
system, as well as increase simulation performance. Moreover, modern simulation
engines can often efficiently generate simulation traces, but how do we know
that the simulation results are correct? If we detect an error, is the error in
the model or in the simulation itself? This paper discusses the problem of
simulation safety, with the focus on hybrid modeling and simulation. In
particular, two key aspects are studied: safe zero-crossing detection and
deterministic hybrid event handling. The problems and solutions are discussed
and partially implemented in Modelica and Ptolemy II
Security in Wireless Sensor Networks: Issues and Challenges
Wireless Sensor Network (WSN) is an emerging technology that shows great
promise for various futuristic applications both for mass public and military.
The sensing technology combined with processing power and wireless
communication makes it lucrative for being exploited in abundance in future.
The inclusion of wireless communication technology also incurs various types of
security threats. The intent of this paper is to investigate the security
related issues and challenges in wireless sensor networks. We identify the
security threats, review proposed security mechanisms for wireless sensor
networks. We also discuss the holistic view of security for ensuring layered
and robust security in wireless sensor networks.Comment: 6 page
Critical Transitions In a Model of a Genetic Regulatory System
We consider a model for substrate-depletion oscillations in genetic systems,
based on a stochastic differential equation with a slowly evolving external
signal. We show the existence of critical transitions in the system. We apply
two methods to numerically test the synthetic time series generated by the
system for early indicators of critical transitions: a detrended fluctuation
analysis method, and a novel method based on topological data analysis
(persistence diagrams).Comment: 19 pages, 8 figure
Real time detection of malicious DoH traffic using statistical analysis
The DNS protocol plays a fundamental role in the operation of ubiquitous networks. All devices connected to these networks need DNS to work, both for traditional domain name to IP address translation, and for more advanced services such as resource discovery. DNS over HTTPS (DoH) solves certain security problems present in the DNS protocol. However, malicious DNS tunnels, a covert way of encapsulating malicious traffic in a DNS connection, are difficult to detect because the encrypted data prevents performing an analysis of the content of the DNS traffic.
In this study, we introduce a real-time system for detecting malicious DoH tunnels, which is based on analyzing DoH traffic using statistical methods. Our research demonstrates that it is feasible to identify in real-time malicious traffic by analyzing specific parameters extracted from DoH traffic. In addition, we conducted statistical analysis to identify the most significant features that distinguish malicious traffic from benign traffic. Using the selected features, we achieved satisfactory results in classifying DoH traffic as either benign or malicious
- …