2,209 research outputs found
Recommended from our members
Protecting SNMP Through MarketNet
As dependency on information technology becomes more critical so does the need for network computer security. Because of the distributed nature of networks, large-scale information systems are highly vulnerable to negative elements such as intruders and attackers. The types of attack on a system can be diverse and from different sources. Some of the factors contributing to creating an insecure system are the relentless pace of technology, the need for information processing, and the heterogeneity of hardware and software. In addition to these insecurities, the growth and success of e-commerce make networks a desirable target for intruders to steal credit card numbers, bank account balances, and other valuable information. This paper looks at two different security technologies, SNMP v3 and MarketNet, their architectures and how they have been developed to protect network resources and services, such as, internet applications, devices, and other services, against attacks
Recommended from our members
Nonintrusive tracing in the Internet
Intruders that log in through a series of machines when conducting an attack are hard to trace because of the complex architecture of the Internet. The thumbprinting method provides an efficient way of tracing such intruders by determining whether two connections are part of the same connection chain. Because many connections are transient and therefore short in length, choosing the best time interval to thumbprint over can be an issue. In this paper, we provide a way to shorten the time interval used for thumbprinting. We then study some special properties of the thumbprinting function. We also study another mechanism for tracing intruders in the Internet based on a timestamping approach, which passively monitors flows between source and destination pairs. Given a potentially suspicious source, we identify its true destination. We compute the error probability of our algorithm and show that its value decreases exponentially as the observation time increases. Our simulation results show that our approach performs well
Solving time gap problems through the optimization of detecting stepping stone algorithm
This paper describes an analysis of detecting stepping stone algorithm to defeat the time gap problem. It is found that current algorithm of detecting stepping stone is not optimized. Several weaknesses are identified and suggestions are proposed to overcome this problem. The suggestions are applied in the improved algorithm. Since the detecting stepping stone is listed as one of the response technique, it is suggested that the improved algorithm should be used as a remedial to the time gap problem
A quick-response real-time stepping stone detection scheme
Stepping stone attacks are often used by network intruders to hide their identities. To detect and block stepping stone attacks, a stepping stone detection scheme should be able to correctly identify a stepping-stone in a very short time and in real-time. However, the majority of past research has failed to indicate how long or how many packets it takes for the monitor to detect a stepping stone. In this paper, we propose a novel quick-response real-time stepping stones detection scheme which is based on packet delay properties. Our experiments show that it can identify a stepping stone within 20 seconds which includes false positives and false negatives of less than 3%
Towards Provably Invisible Network Flow Fingerprints
Network traffic analysis reveals important information even when messages are
encrypted. We consider active traffic analysis via flow fingerprinting by
invisibly embedding information into packet timings of flows. In particular,
assume Alice wishes to embed fingerprints into flows of a set of network input
links, whose packet timings are modeled by Poisson processes, without being
detected by a watchful adversary Willie. Bob, who receives the set of
fingerprinted flows after they pass through the network modeled as a collection
of independent and parallel queues, wishes to extract Alice's embedded
fingerprints to infer the connection between input and output links of the
network. We consider two scenarios: 1) Alice embeds fingerprints in all of the
flows; 2) Alice embeds fingerprints in each flow independently with probability
. Assuming that the flow rates are equal, we calculate the maximum number of
flows in which Alice can invisibly embed fingerprints while having those
fingerprints successfully decoded by Bob. Then, we extend the construction and
analysis to the case where flow rates are distinct, and discuss the extension
of the network model
Stepping-stone detection technique for recognizing legitimate and attack connections
A stepping-stone connection has always been assumed as an intrusion since the first research on stepping-stone connections twenty years ago. However, not all stepping-stone connections are malicious.This paper proposes an enhanced stepping-stone detection (SSD) technique which is capable to identify legitimate connections from stepping-stone connections.Stepping-stone connections are identified from raw network traffics using timing-based SSD approach.Then, they go through an anomaly detection technique to differentiate between legitimate and attack connections.This technique has a promising solution to accurately detecting intrusions from stepping-stone connections.It will prevent incorrect responses that punish legitimate users
The Flow Fingerprinting Game
Linking two network flows that have the same source is essential in intrusion
detection or in tracing anonymous connections. To improve the performance of
this process, the flow can be modified (fingerprinted) to make it more
distinguishable. However, an adversary located in the middle can modify the
flow to impair the correlation by delaying the packets or introducing dummy
traffic.
We introduce a game-theoretic framework for this problem, that is used to
derive the Nash Equilibrium. As obtaining the optimal adversary delays
distribution is intractable, some approximations are done. We study the
concrete example where these delays follow a truncated Gaussian distribution.
We also compare the optimal strategies with other fingerprinting schemes. The
results are useful for understanding the limits of flow correlation based on
packet timings under an active attacker.Comment: Workshop on Information Forensics and Securit
- …