IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

An improved chaos method for monitoring the depth of anaesthesia

This paper proposed a new method to monitor the depth of anaesthesia (DoA) by modifying the Hurst parameters in Chaos method. Two new indices (CDoA and CsDoA) are proposed to estimate the anaesthesia states of patients. In order to reduce the fluctuation of CDoA and CsDoA trends, the Chaos and Modified Detrended Average methods (C-MDMA) are combined together. Compared with Bispectrum (BIS) index, CDoA, the CsDoA and C-MDMA trends are close to the BIS trend in the whole scale from 100 to 0 with a full recording time

Implementation of hybrid artificial intelligence technique to detect covert channels in new generation network protocol IPv6

Intrusion detection systems offer monolithic way to detect attacks through monitoring, searching for abnormal characteristics and malicious behavior in network communications. Cyber-attack is performed through using covert channel which currently, is one of the most sophisticated challenges facing network security systems. Covert channel is used to ex/infiltrate classified information from legitimate targets, consequently, this manipulation violates network security policy and privacy. The New Generation Internet Protocol version 6 (IPv6) has certain security vulnerabilities and need to be addressed using further advanced techniques. Fuzzy rule is implemented to classify different network attacks as an advanced machine learning technique, meanwhile, Genetic algorithm is considered as an optimization technique to obtain the ideal fuzzy rule. This paper suggests a novel hybrid covert channel detection system implementing two Artificial Intelligence (AI) techniques; Fuzzy Logic and Genetic Algorithm (FLGA) to gain sufficient and optimal detection rule against covert channel. Our approach counters sophisticated network unknown attacks through an advanced analysis of deep packet inspection. Results of our suggested system offer high detection rate of 97.7% and a better performance in comparison to previous tested techniques

Cyber security picture 2013

Summary: This report summarises cyber intrusion activity identified by or reported to the Cyber Security Operations Centre (CSOC) during 2013. It provides a broad overview of cyber threats to Australian government networks, as observed by the CSOC. The Strategies to Mitigate Targeted Cyber Intrusions remain your best defence against the cyber threat. Implementing the Top 4 strategies as a package is at the core of this protection, as they mitigate at least 85% of cyber intrusions responded to by the CSOC. The Top 4 strategies prevent execution of malicious software, and minimise software vulnerabilities and the ability of a cyber adversary to propagate across a network. The remaining 31 strategies form an excellent basis from which to assess further network security initiatives based on a risk assessment. Your risk assessment processes should take into account the specific risks faced by your agency, the information you are protecting, and your current network security posture. While socially-engineered emails remain the most prevalent threat to Australian government networks, the CSOC observed the emergence of several new techniques used in these emails during 2013, such as the use of cloud storage providers, Java files, and the repurposing of genuine emails. The increasing skill and resourcefulness of cyber adversaries highlights the importance of being continually vigilant and up-to-date in your network security. The Strategies to Mitigate Targeted Cyber Intrusions have been updated in 2014 to reflect the evolution of the threat environment. Although the initial cost of implementing the Strategies to Mitigate Targeted Cyber Intrusions can seem high for some agencies, they actually represent an important investment in your organisation, reducing long-term costs and risk. If you experience a network compromise, not only will you be faced with the cost of implementing these strategies to prevent further compromise, but you will also incur both higher direct and indirect costs associated with remediating the compromise. These costs include, but are not limited to, investigating the compromise, tactical remediation, reputational costs, opportunity costs from the loss of information, and lost productivity

A Brave New World: Studies on the Deployment and Security of the Emerging IPv6 Internet.

Recent IPv4 address exhaustion events are ushering in a new era of rapid transition to the next generation Internet protocol---IPv6. Via Internet-scale experiments and data analysis, this dissertation characterizes the adoption and security of the emerging IPv6 network. The work includes three studies, each the largest of its kind, examining various facets of the new network protocol's deployment, routing maturity, and security. The first study provides an analysis of ten years of IPv6 deployment data, including quantifying twelve metrics across ten global-scale datasets, and affording a holistic understanding of the state and recent progress of the IPv6 transition. Based on cross-dataset analysis of relative global adoption rates and across features of the protocol, we find evidence of a marked shift in the pace and nature of adoption in recent years and observe that higher-level metrics of adoption lag lower-level metrics. Next, a network telescope study covering the IPv6 address space of the majority of allocated networks provides insight into the early state of IPv6 routing. Our analyses suggest that routing of average IPv6 prefixes is less stable than that of IPv4. This instability is responsible for the majority of the captured misdirected IPv6 traffic. Observed dark (unallocated destination) IPv6 traffic shows substantial differences from the unwanted traffic seen in IPv4---in both character and scale. Finally, a third study examines the state of IPv6 network security policy. We tested a sample of 25 thousand routers and 520 thousand servers against sets of TCP and UDP ports commonly targeted by attackers. We found systemic discrepancies between intended security policy---as codified in IPv4---and deployed IPv6 policy. Such lapses in ensuring that the IPv6 network is properly managed and secured are leaving thousands of important devices more vulnerable to attack than before IPv6 was enabled. Taken together, findings from our three studies suggest that IPv6 has reached a level and pace of adoption, and shows patterns of use, that indicates serious production employment of the protocol on a broad scale. However, weaker IPv6 routing and security are evident, and these are leaving early dual-stack networks less robust than the IPv4 networks they augment.PhDComputer Science and EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttp://deepblue.lib.umich.edu/bitstream/2027.42/120689/1/jczyz_1.pd

New intelligent heuristic algorithm to mitigate security vulnerabilities in IPv6

Zero day Cyber-attacks created potential impacts on the way information is held and protected, however one of the vital priorities for governments, agencies and organizations is to secure their network businesses, transactions and communications, simultaneously to avoid security policy and privacy violations under any circumstances. Covert Channel is used to in/ex-filtrate classified data secretly, whereas encryption is used merely to protect communication from being decoded by unauthorized access. In this paper, we propose a new Security Model to mitigate security attacks on legitimate targets misusing IPv6 vulnerabilities. The approach analyses, detects and classifies hidden communication channels through implementing an enhanced feature selection algorithm with a coherent Naive Bayesian Classifier. NBC is one of the most prominent classification algorithm defining the highest probability in data mining area. The proposed framework uses Intelligent Heuristic Algorithm (IHA) to analyse and create a novel primary training data, furthermore a modified Decision Tree C4.5 technique is suggested to classify the richest attribute presenting hidden channels in IPv6 network. The results evaluation showed better detection performance, high accuracy in True Positive Rate (TPR) and a low False Negative Rate (FNR) and a clear attribute ranking

Collaborative, Trust-Based Security Mechanisms for a National Utility Intranet

This thesis investigates security mechanisms for utility control and protection networks using IP-based protocol interaction. It proposes flexible, cost-effective solutions in strategic locations to protect transitioning legacy and full IP-standards architectures. It also demonstrates how operational signatures can be defined to enact organizationally-unique standard operating procedures for zero failure in environments with varying levels of uncertainty and trust. The research evaluates layering encryption, authentication, traffic filtering, content checks, and event correlation mechanisms over time-critical primary and backup control/protection signaling to prevent disruption by internal and external malicious activity or errors. Finally, it shows how a regional/national implementation can protect private communities of interest and foster a mix of both centralized and distributed emergency prediction, mitigation, detection, and response with secure, automatic peer-to-peer notifications that share situational awareness across control, transmission, and reliability boundaries and prevent wide-spread, catastrophic power outages