CHID : conditional hybrid intrusion detection system for reducing false positives and resource consumption on malicous datasets

Inspecting packets to detect intrusions faces challenges when coping with a high volume of network traffic. Packet-based detection processes every payload on the wire, which degrades the performance of network intrusion detection system (NIDS). This issue requires an introduction of a flow-based NIDS that reduces the amount of data to be processed by examining aggregated information of related packets. However, flow-based detection still suffers from the generation of the false positive alerts due to incomplete data input. This study proposed a Conditional Hybrid Intrusion Detection (CHID) by combining the flow-based with packet-based detection. In addition, it is also aimed to improve the resource consumption of the packet-based detection approach. CHID applied attribute wrapper features evaluation algorithms that marked malicious flows for further analysis by the packet-based detection. Input Framework approach was employed for triggering packet flows between the packetbased and flow-based detections. A controlled testbed experiment was conducted to evaluate the performance of detection mechanism’s CHID using datasets obtained from on different traffic rates. The result of the evaluation showed that CHID gains a significant performance improvement in terms of resource consumption and packet drop rate, compared to the default packet-based detection implementation. At a 200 Mbps, CHID in IRC-bot scenario, can reduce 50.6% of memory usage and decreases 18.1% of the CPU utilization without packets drop. CHID approach can mitigate the false positive rate of flow-based detection and reduce the resource consumption of packet-based detection while preserving detection accuracy. CHID approach can be considered as generic system to be applied for monitoring of intrusion detection systems

Network Security - Is IP Telephony helping the cause?

The major players in the Public Branch Exchange (PBX) market are moving rapidly towards the implementation of IP Telephony. What will be the effect on network security overall? Will the push to IP Telephony damage the good work already devoted to security networks? As more doorways open up on our networks there is an increased chance we have opened another unseen vector for hackers and other malicious organisation or individuals to access the data stored on server and users workstations, corrupting that data or destroying it. Is it better from a security perspective to have IP telephony only between PBX equipment – a significant saving in itself or is it imperative that an organisation have IP telephony to the desktop? Is there any real difference, once IP Telephony is past the network boundary does it matter if it also appears at the desktop? What about the future with collaboration and unified collaboration? This paper will discuss a number of implementations and attempt to understand the pros and cons of each. No one solution is going to fit all networks but hopefully this paper will be able to increase our understanding of the dangers and therefore allow for the development of robust solutions

Performance Assessment of Routing Protocols for IoT/6LoWPAN Networks

The Internet of Things (IoT) proposes a disruptive communication paradigm that allows smart objects to exchange data among themselves to reach a common goal. IoT application scenarios are multiple and can range from a simple smart home lighting system to fully controlled automated manufacturing chains. In the majority of IoT deployments, things are equipped with small devices that can suffer from severe hardware and energy restrictions that are responsible for performing data processing and wireless communication tasks. Thus, due to their features, communication networks that are used by these devices are generally categorized as Low Power and Lossy Networks (LLNs). The considerable variation in IoT applications represents a critical issue to LLN networks, which should offer support to different requirements as well as keeping reasonable quality-of-service (QoS) levels. Based on this challenge, routing protocols represent a key issue in IoT scenarios deployment. Routing protocols are responsible for creating paths among devices and their interactions. Hence, network performance and features are highly dependent on protocol behavior. Also, based on the adopted protocol, the support for some specific requirements of IoT applications may or may not be provided. Thus, a routing protocol should be projected to attend the needs of the applications considering the limitations of the device that will execute them. Looking to attend the demand of routing protocols for LLNs and, consequently, for IoT networks, the Internet Engineering Task Force (IETF) has designed and standardized the IPv6 Routing Protocol for Low Power and Lossy Networks (RPL). This protocol, although being robust and offering features to fulfill the need of several applications, still presents several faults and weaknesses (mainly related to its high complexity and memory requirement), which limits its adoption in IoT scenarios. An alternative to RPL, the Lightweight On-demand Ad Hoc Distancevector Routing Protocol – Next Generation (LOADng) has emerged as a less complicated routing solution for LLNs. However, the cost of its simplicity is paid for with the absence of adequate support for a critical set of features required for many IoT environments. Thus, based on the challenging open issues related to routing in IoT networks, this thesis aims to study and propose contributions to better attend the network requirements of IoT scenarios. A comprehensive survey, reviewing state-of-the-art routing protocols adopted for IoT, identified the strengths and weaknesses of current solutions available in the literature. Based on the identified limitations, a set of improvements is designed to overcome these issues and enhance IoT network performance. The novel solutions are proposed to include reliable and efficient support to attend the needs of IoT applications, such as mobility, heterogeneity, and different traffic patterns. Moreover, mechanisms to improve the network performance in IoT scenarios, which integrate devices with different communication technologies, are introduced. The studies conducted to assess the performance of the proposed solutions showed the high potential of the proposed solutions. When the approaches presented in this thesis were compared with others available in the literature, they presented very promising results considering the metrics related to the Quality of Service (QoS), network and energy efficiency, and memory usage as well as adding new features to the base protocols. Hence, it is believed that the proposed improvements contribute to the state-of-the-art of routing solutions for IoT networks, increasing the performance and adoption of enhanced protocols.A Internet das Coisas, do inglês Internet of Things (IoT), propõe um paradigma de comunicação disruptivo para possibilitar que dispositivos, que podem ser dotados de comportamentos autónomos ou inteligentes, troquem dados entre eles buscando alcançar um objetivo comum. Os cenários de aplicação do IoT são muito variados e podem abranger desde um simples sistema de iluminação para casa até o controle total de uma linha de produção industrial. Na maioria das instalações IoT, as “coisas” são equipadas com um pequeno dispositivo, responsável por realizar as tarefas de comunicação e processamento de dados, que pode sofrer com severas restrições de hardware e energia. Assim, devido às suas características, a rede de comunicação criada por esses dispositivos é geralmente categorizada como uma Low Power and Lossy Network (LLN). A grande variedade de cenários IoT representam uma questão crucial para as LLNs, que devem oferecer suporte aos diferentes requisitos das aplicações, além de manter níveis de qualidade de serviço, do inglês Quality of Service (QoS), adequados. Baseado neste desafio, os protocolos de encaminhamento constituem um aspecto chave na implementação de cenários IoT. Os protocolos de encaminhamento são responsáveis por criar os caminhos entre os dispositivos e permitir suas interações. Assim, o desempenho e as características da rede são altamente dependentes do comportamento destes protocolos. Adicionalmente, com base no protocolo adotado, o suporte a alguns requisitos específicos das aplicações de IoT podem ou não ser fornecidos. Portanto, estes protocolos devem ser projetados para atender as necessidades das aplicações assim como considerando as limitações do hardware no qual serão executados. Procurando atender às necessidades dos protocolos de encaminhamento em LLNs e, consequentemente, das redes IoT, a Internet Engineering Task Force (IETF) desenvolveu e padronizou o IPv6 Routing Protocol for Low Power and Lossy Networks (RPL). O protocolo, embora seja robusto e ofereça recursos para atender às necessidades de diferentes aplicações, apresenta algumas falhas e fraquezas (principalmente relacionadas com a sua alta complexidade e necessidade de memória) que limitam sua adoção em cenários IoT. Em alternativa ao RPL, o Lightweight On-demand Ad hoc Distance-vector Routing Protocol – Next Generation (LOADng) emergiu como uma solução de encaminhamento menos complexa para as LLNs. Contudo, o preço da simplicidade é pago com a falta de suporte adequado para um conjunto de recursos essenciais necessários em muitos ambientes IoT. Assim, inspirado pelas desafiadoras questões ainda em aberto relacionadas com o encaminhamento em redes IoT, esta tese tem como objetivo estudar e propor contribuições para melhor atender os requisitos de rede em cenários IoT. Uma profunda e abrangente revisão do estado da arte sobre os protocolos de encaminhamento adotados em IoT identificou os pontos fortes e limitações das soluções atuais. Com base nas debilidades encontradas, um conjunto de soluções de melhoria é proposto para superar carências existentes e melhorar o desempenho das redes IoT. As novas soluções são propostas para incluir um suporte confiável e eficiente capaz atender às necessidades das aplicações IoT relacionadas com suporte à mobilidade, heterogeneidade dos dispositivos e diferentes padrões de tráfego. Além disso, são introduzidos mecanismos para melhorar o desempenho da rede em cenários IoT que integram dispositivos com diferentes tecnologias de comunicação. Os vários estudos realizados para mensurar o desempenho das soluções propostas mostraram o grande potencial do conjunto de melhorias introduzidas. Quando comparadas com outras abordagens existentes na literatura, as soluções propostas nesta tese demonstraram um aumento do desempenho consistente para métricas relacionadas a qualidade de serviço, uso de memória, eficiência energética e de rede, além de adicionar novas funcionalidades aos protocolos base. Portanto, acredita-se que as melhorias propostas contribuiem para o avanço do estado da arte em soluções de encaminhamento para redes IoT e aumentar a adoção e utilização dos protocolos estudados

A semantic approach for scalable and self-organized context-aware systems

Ph.DDOCTOR OF PHILOSOPH

A Comprehensive Survey of Voice over IP Security Research

We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products. We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems

Airborne Directional Networking: Topology Control Protocol Design

This research identifies and evaluates the impact of several architectural design choices in relation to airborne networking in contested environments related to autonomous topology control. Using simulation, we evaluate topology reconfiguration effectiveness using classical performance metrics for different point-to-point communication architectures. Our attention is focused on the design choices which have the greatest impact on reliability, scalability, and performance. In this work, we discuss the impact of several practical considerations of airborne networking in contested environments related to autonomous topology control modeling. Using simulation, we derive multiple classical performance metrics to evaluate topology reconfiguration effectiveness for different point-to-point communication architecture attributes for the purpose of qualifying protocol design elements

An Overlay Architecture for Personalized Object Access and Sharing in a Peer-to-Peer Environment

Due to its exponential growth and decentralized nature, the Internet has evolved into a chaotic repository, making it difficult for users to discover and access resources of interest to them. As a result, users have to deal with the problem of information overload. The Semantic Web's emergence provides Internet users with the ability to associate explicit, self-described semantics with resources. This ability will facilitate in turn the development of ontology-based resource discovery tools to help users retrieve information in an efficient manner. However, it is widely believed that the Semantic Web of the future will be a complex web of smaller ontologies, mostly created by various groups of web users who share a similar interest, referred to as a Community of Interest. This thesis proposes a solution to the information overload problem using a user driven framework, referred to as a Personalized Web, that allows individual users to organize themselves into Communities of Interests based on ontologies agreed upon by all community members. Within this framework, users can define and augment their personalized views of the Internet by associating specific properties and attributes to resources and defining constraint-functions and rules that govern the interpretation of the semantics associated with the resources. Such views can then be used to capture the user's interests and integrate these views into a user-defined Personalized Web. As a proof of concept, a Personalized Web architecture that employs ontology-based semantics and a structured Peer-to-Peer overlay network to provide a foundation of semantically-based resource indexing and advertising is developed. In order to investigate mechanisms that support the resource advertising and retrieval of the Personalized Web architecture, three agent-driven advertising and retrieval schemes, the Aggressive scheme, the Crawler-based scheme, and the Minimum-Cover-Rule scheme, were implemented and evaluated in both stable and churn environments. In addition to the development of a Personalized Web architecture that deals with typical web resources, this thesis used a case study to explore the potential of the Personalized Web architecture to support future web service workflow applications. The results of this investigation demonstrated that the architecture can support the automation of service discovery, negotiation, and invocation, allowing service consumers to actualize a personalized web service workflow. Further investigation will be required to improve the performance of the automation and allow it to be performed in a secure and robust manner. In order to support the next generation Internet, further exploration will be needed for the development of a Personalized Web that includes ubiquitous and pervasive resources

CHORUS Deliverable 2.1: State of the Art on Multimedia Search Engines

Based on the information provided by European projects and national initiatives related to multimedia search as well as domains experts that participated in the CHORUS Think-thanks and workshops, this document reports on the state of the art related to multimedia content search from, a technical, and socio-economic perspective. The technical perspective includes an up to date view on content based indexing and retrieval technologies, multimedia search in the context of mobile devices and peer-to-peer networks, and an overview of current evaluation and benchmark inititiatives to measure the performance of multimedia search engines. From a socio-economic perspective we inventorize the impact and legal consequences of these technical advances and point out future directions of research