Protecting SNMP Through MarketNet

As dependency on information technology becomes more critical so does the need for network computer security. Because of the distributed nature of networks, large-scale information systems are highly vulnerable to negative elements such as intruders and attackers. The types of attack on a system can be diverse and from different sources. Some of the factors contributing to creating an insecure system are the relentless pace of technology, the need for information processing, and the heterogeneity of hardware and software. In addition to these insecurities, the growth and success of e-commerce make networks a desirable target for intruders to steal credit card numbers, bank account balances, and other valuable information. This paper looks at two different security technologies, SNMP v3 and MarketNet, their architectures and how they have been developed to protect network resources and services, such as, internet applications, devices, and other services, against attacks

Nonintrusive tracing in the Internet

Intruders that log in through a series of machines when conducting an attack are hard to trace because of the complex architecture of the Internet. The thumbprinting method provides an efficient way of tracing such intruders by determining whether two connections are part of the same connection chain. Because many connections are transient and therefore short in length, choosing the best time interval to thumbprint over can be an issue. In this paper, we provide a way to shorten the time interval used for thumbprinting. We then study some special properties of the thumbprinting function. We also study another mechanism for tracing intruders in the Internet based on a timestamping approach, which passively monitors flows between source and destination pairs. Given a potentially suspicious source, we identify its true destination. We compute the error probability of our algorithm and show that its value decreases exponentially as the observation time increases. Our simulation results show that our approach performs well

Solving time gap problems through the optimization of detecting stepping stone algorithm

This paper describes an analysis of detecting stepping stone algorithm to defeat the time gap problem. It is found that current algorithm of detecting stepping stone is not optimized. Several weaknesses are identified and suggestions are proposed to overcome this problem. The suggestions are applied in the improved algorithm. Since the detecting stepping stone is listed as one of the response technique, it is suggested that the improved algorithm should be used as a remedial to the time gap problem

A quick-response real-time stepping stone detection scheme

Stepping stone attacks are often used by network intruders to hide their identities. To detect and block stepping stone attacks, a stepping stone detection scheme should be able to correctly identify a stepping-stone in a very short time and in real-time. However, the majority of past research has failed to indicate how long or how many packets it takes for the monitor to detect a stepping stone. In this paper, we propose a novel quick-response real-time stepping stones detection scheme which is based on packet delay properties. Our experiments show that it can identify a stepping stone within 20 seconds which includes false positives and false negatives of less than 3%

Towards Provably Invisible Network Flow Fingerprints

Network traffic analysis reveals important information even when messages are encrypted. We consider active traffic analysis via flow fingerprinting by invisibly embedding information into packet timings of flows. In particular, assume Alice wishes to embed fingerprints into flows of a set of network input links, whose packet timings are modeled by Poisson processes, without being detected by a watchful adversary Willie. Bob, who receives the set of fingerprinted flows after they pass through the network modeled as a collection of independent and parallel $M/M/1$ queues, wishes to extract Alice's embedded fingerprints to infer the connection between input and output links of the network. We consider two scenarios: 1) Alice embeds fingerprints in all of the flows; 2) Alice embeds fingerprints in each flow independently with probability $p$. Assuming that the flow rates are equal, we calculate the maximum number of flows in which Alice can invisibly embed fingerprints while having those fingerprints successfully decoded by Bob. Then, we extend the construction and analysis to the case where flow rates are distinct, and discuss the extension of the network model

Stepping-stone detection technique for recognizing legitimate and attack connections

A stepping-stone connection has always been assumed as an intrusion since the first research on stepping-stone connections twenty years ago. However, not all stepping-stone connections are malicious.This paper proposes an enhanced stepping-stone detection (SSD) technique which is capable to identify legitimate connections from stepping-stone connections.Stepping-stone connections are identified from raw network traffics using timing-based SSD approach.Then, they go through an anomaly detection technique to differentiate between legitimate and attack connections.This technique has a promising solution to accurately detecting intrusions from stepping-stone connections.It will prevent incorrect responses that punish legitimate users

The Flow Fingerprinting Game

Linking two network flows that have the same source is essential in intrusion detection or in tracing anonymous connections. To improve the performance of this process, the flow can be modified (fingerprinted) to make it more distinguishable. However, an adversary located in the middle can modify the flow to impair the correlation by delaying the packets or introducing dummy traffic. We introduce a game-theoretic framework for this problem, that is used to derive the Nash Equilibrium. As obtaining the optimal adversary delays distribution is intractable, some approximations are done. We study the concrete example where these delays follow a truncated Gaussian distribution. We also compare the optimal strategies with other fingerprinting schemes. The results are useful for understanding the limits of flow correlation based on packet timings under an active attacker.Comment: Workshop on Information Forensics and Securit