Determining wireless local area network (WLAN) vulnerabilities on academic network

The advancement and proliferation of wireless local area network nowadays have driven for an alarm on the whole network operation.The concern applies to both business and academic computer network environments.This paper describes our research and experiences in performing network vulnerabilities analysis in academic local area network.The research uses network vulnerability analysis methodology to perform vulnerability analysis on Academic and Administration building. From the analysis, the overall network security level can be determined.Remedies and solution to counter any vulnerability can also be prescribed and this will reduce network vulnerability threat to academic local area network

Developing An IT Risk Assessment Framework

In today’s business environment, almost all information is captured and stored in electronic form. This digital storage of data in a networked environment provides far greater access to information than ever before. But unfortunately, this also exposes the organization to a variety of new threats that can have impact on the confidentiality, integrity, and availability of information. Organizations need a way to understand their information risks and to create new strategies for addressing those risks. A systematic approach to assessing information security risks and developing an appropriate protection strategy is a major component of an effective information security and risk management program. This paper outlines an Analytic Hierarchy Process based approach for analyzing risk factors and sub factors and ascertaining the major areas of security elements where an organization should focus on

Development of Threat Evaluation Tool for Distributed Network Environment

Current information protection systems only detect and warn against individual intrusion, and are not able to provide a collective and synthesized alert message. In this paper, we propose a new Meta-IDS system which is called ``SIA System''. The SIA system can filter redundant alert messages, analyze mixed attacks using correlation alert messages from each sensor and respond to security threats quickly, after classifying them into one of four different statuses. Then we implement the SIA system and test the efficiency of it in the managed networks. Thus we confirm that the SIA system enables security managers to deal with security threats efficiently

Visualization and clustering for SNMP intrusion detection

Accurate intrusion detection is still an open challenge. The present work aims at being one step toward that purpose by studying the combination of clustering and visualization techniques. To do that, the mobile visualization connectionist agent-based intrusion detection system (MOVICAB-IDS), previously proposed as a hybrid intelligent IDS based on visualization techniques, is upgraded by adding automatic response thanks to clustering methods. To check the validity of the proposed clustering extension, it has been applied to the identification of different anomalous situations related to the simple network management network protocol by using real-life data sets. Different ways of applying neural projection and clustering techniques are studied in the present article. Through the experimental validation it is shown that the proposed techniques could be compatible and consequently applied to a continuous network flow for intrusion detectionSpanish Ministry of Economy and Competitiveness with ref: TIN2010-21272-C02-01 (funded by the European Regional Development Fund) and SA405A12-2 from Junta de Castilla y Leon

Understanding Honeypot Data by an Unsupervised Neural Visualization

Neural projection techniques can adaptively map high-dimensional data into a low-dimensional space, for the user-friendly visualization of data collected by different security tools. Such techniques are applied in this study for the visual inspection of honeypot data, which may be seen as a complementary network security tool that sheds light on internal data structures through visual inspection. Empirical verification of the proposed projection methods was performed in an experimental domain where data were captured from a honeypot network. Experiments showed that visual inspection of these data, contributes to easily gain a deep understanding of attack patterns and strategies

Visualization of Misuse-Based Intrusion Detection: Application to Honeynet Data

This study presents a novel soft computing system that provides network managers with a synthetic and intuitive representation of the situation of the monitored network, in order to reduce the widely known high false-positive rate associated to misuse-based Intrusion Detection Systems (IDSs). The proposed system is based on the use of different projection methods for the visual inspection of honeypot data, and may be seen as a complementary network security tool that sheds light on internal data structures through visual inspection. Furthermore, it is intended to understand the performance of Snort (a well-known misuse-based IDS) through the visualization of attack patterns. Empirical verification and comparison of the proposed projection methods are performed in a real domain where real-life data are defined and analyzed

RT-MOVICAB-IDS: Addressing real-time intrusion detection

This study presents a novel Hybrid Intelligent Intrusion Detection System (IDS) known as RT-MOVICAB-IDS that incorporates temporal control. One of its main goals is to facilitate real-time Intrusion Detection, as accurate and swift responses are crucial in this field, especially if automatic abortion mechanisms are running. The formulation of this hybrid IDS combines Artificial Neural Networks (ANN) and Case-Based Reasoning (CBR) within a Multi-Agent System (MAS) to detect intrusions in dynamic computer networks. Temporal restrictions are imposed on this IDS, in order to perform real/execution time processing and assure system response predictability. Therefore, a dynamic real-time multi-agent architecture for IDS is proposed in this study, allowing the addition of predictable agents (both reactive and deliberative). In particular, two of the deliberative agents deployed in this system incorporate temporal-bounded CBR. This upgraded CBR is based on an anytime approximation, which allows the adaptation of this Artificial Intelligence paradigm to real-time requirements. Experimental results using real data sets are presented which validate the performance of this novel hybrid IDSMinisterio de Economía y Competitividad (TIN2010-21272-C02-01, TIN2009-13839-C03-01), Ministerio de Ciencia e Innovación (CIT-020000-2008-2, CIT-020000-2009-12

Neural visualization of network traffic data for intrusion detection

This study introduces and describes a novel intrusion detection system (IDS) called MOVCIDS (mobile visualization connectionist IDS). This system applies neural projection architectures to detect anomalous situations taking place in a computer network. By its advanced visualization facilities, the proposed IDS allows providing an overview of the network traffic as well as identifying anomalous situations tackled by computer networks, responding to the challenges presented by volume, dynamics and diversity of the traffic, including novel (0-day) attacks. MOVCIDS provides a novel point of view in the field of IDSs by enabling the most interesting projections (based on the fourth order statistics; the kurtosis index) of a massive traffic dataset to be extracted. These projections are then depicted through a functional and mobile visualization interface, providing visual information of the internal structure of the traffic data. The interface makes MOVCIDS accessible from any mobile device to give more accessibility to network administrators, enabling continuous visualization, monitoring and supervision of computer networks. Additionally, a novel testing technique has been developed to evaluate MOVCIDS and other IDSs employing numerical datasets. To show the performance and validate the proposed IDS, it has been tested in different real domains containing several attacks and anomalous situations. In addition, the importance of the temporal dimension on intrusion detection, and the ability of this IDS to process it, are emphasized in this workJunta de Castilla and Leon project BU006A08, Business intelligence for production within the framework of the Instituto Tecnologico de Cas-tilla y Leon (ITCL) and the Agencia de Desarrollo Empresarial (ADE), and the Spanish Ministry of Education and Innovation project CIT-020000-2008-2. The authors would also like to thank the vehicle interior manufacturer, Grupo Antolin Ingenieria S. A., within the framework of the project MAGNO2008-1028-CENIT Project funded by the Spanish Government

Neural projection techniques for the visual inspection of network traffic

A crucial aspect in network monitoring for security purposes is the visual inspection of the traffic pattern, mainly aimed to provide the network manager with a synthetic and intuitive representation of the current situation. Towards that end, neural projection techniques can map high-dimensional data into a low-dimensional space adaptively, for the user-friendly visualization of monitored network traffic. This work proposes two projection methods, namely, cooperative maximum likelihood Hebbian learning and auto-associative back-propagation networks, for the visual inspection of network traffic. This set of methods may be seen as a complementary tool in network security as it allows the visual inspection and comprehension of the traffic data internal structure. The proposed methods have been evaluated in two complementary and practical network-security scenarios: the on-line processing of network traffic at packet level, and the off-line processing of connection records, e.g. for post-mortem analysis or batch investigation. The empirical verification of the projection methods involved two experimental domains derived from the standard corpora for evaluation of computer network intrusion detection: the MIT Lincoln Laboratory DARPA dataset