Sistema de detección de intrusiones con mantenimiento asistido de bases de datos de ataques mediante aprendizaje automático

Los sistemas de detecci´on de intrusiones (o IDS, del ingl´es Intrusion Detection System) tienen como fin la detecci´on de ataques en redes de comunicaciones. Como tales, constituyen un elemento de inter´es en la provisi´on de seguridad en gesti´on de redes ante la asunci´on de existencia de agujeros de seguridad en los sistemas hardware y software. Por otro lado, existen sistemas de detecci´on de intrusiones de c´odigo abierto basados en reglas, cuya principal desventaja consiste en el esfuerzo t´ecnico de matenimiento de la base de datos de reglas. En este documento se analizan las t´ecnicas m´as utilizadas en sistemas de detecci´on de intrusiones y se reutilizan sistemas de intrusiones basados en reglas para proponer un sistema de detecci´on de intrusiones con mantenimiento asistido de bases de datos de ataques mediante aprendizaje autom´atico

An Architecture for QoS-capable Integrated Security Gateway to Protect Avionic Data Network

International audienceWhile the use of Internet Protocol (IP) in aviation allows new applications and benefits, it opens the doors for security risks and attacks. Many security mechanisms and solutions have evolved to mitigate the ever continuously increasing number of network attacks. Although these conventional solutions have solved some security problems, they also leave some security holes. Securing open and complex systems have become more and more complicated and obviously, the dependence on a single security mechanism gives a false sense of security while opening the doors for attackers. Hence, to ensure secure networks, several security mechanisms must work together in a harmonic multi-layered way. In addition, if we take QoS requirements into account, the problem becomes more complicated and necessitates in-depth reflexions. In this paper, we present the architecture of our QoS-capable integrated security gateway: a gateway that highly integrates well chosen technologies in the area of network security as well as QoS mechanisms to provide the strongest level of security for avionic data network; our main aim is to provide both multi-layered security and stable performances for critical network applications

DoS attack detection and prevention in fog-based intelligent environments / Detecção e prevenção de ataques DoS em ambientes inteligentes baseados em nevoeiro

The Internet of Things and Fog Computing are technologies currently used in many areas. They can be applied to provide a residential automation environment, for example, fire alarm applications, gas leak alarms, among others. Security-related searches for these fog-based environments are still in the early stages. Also, the fact that these environments are connected to the Internet makes them vulnerable to various threats, such as Denial of Service (DoS) attacks. In this work, we propose a module for detection and prevention of DoS attacks, that operates in the system’s fog layer, to protect the system from external attacks. Practical experiments were carried out with the proposed module, considering a Raspberry Pi 3B as our fog server. The results obtained demonstrates that the approach is capable of detecting external attacks, as well as blocking the IPs from attackers, using less than 20% of cpu and less than 1% of RAM memory usage.

Analisis dan Implementasi Sistem Redundant Firewall Menggunakan Metode Intrusion Prevention Systems (IPS)

ABSTRAKSI: Sistem Redundant Firewall adalah system firewall yang terdiri dari dua firewall atau lebih yang jikasalah satu firewall berhenti bekerja karena suatu hal (contoh: malicious attack), maka akan langsung digantikan oleh firewall lainnya. Penggunaan firewall tunggal sangat rentan bagi sebuah jaringan karena mempunyai banyak kelemahan, diantaranya adalah rawan terhadap para hacker yang dapat memanfaatkan kelemahan dari hardware maupun konfigurasi firewall yang dapat mengakibatkan firewall tidak berfungsi secara semestinya.Hadirnya firewall telah banyak membantu dalam pengamanan, akan tetapi seiring berkembangnya teknologi sekarang ini, jika hanya dengan firewall keamanan tersebut belum dapat dijamin sepenuhnya. Oleh karena itulah dikembangkan teknologi pengamanan jaringan yang bernama IDS dan IPS, yaitu sebagai pembantu pengamanan data pada suatu jaringan komputer.Pada implementasi sistem Redundant Firewall, sudah diujicobakan pada macam-macam tipe serangan, seperti serangan DDoS ( Distributed Denial of Service ) yang merupakan salah satu tipe serangan yang mengeksploitasi system dimana system akan dikirimkan request dalam jumlah sangat besar, sistem yang tidak mampu menangani request tersebut akan habis sumber daya sistemnya sehingga kinerja system secara utuh akan terganggu. Maka dari itu digunakanlah Redundant Firewall disertai dengan Intrusion Prevention System yang dapat membuat jaringan lebih tahan terhadap serangan semacam DDoS.Kata Kunci : Firewall, Redundant, IDS, IPS, DDoSABSTRACT: Redundant System Firewall is a firewall system that consists of two or more firewalls that if one firewall to stop working for some reason (eg, malicious attack), it will be immediately replaced by another firewall. The use of a single firewall is vulnerable to a network because it has many shortcomings, among them are vulnerable to hackers who can exploit the weaknesses of the hardware or firewall configuration may lead to the firewall is not functioning properly.The presence of a firewall has a lot of help in security, but as the development of technology nowadays, if only with security firewalls are yet to be fully guaranteed. Hence, network security technology developed by the name of IDS and IPS, which is as an auxiliary securing data on a computer network.Redundant Firewall on system implementation, has been tested on arange of different types of attacks such as DdoS attacks (Distributed Denial of Service) which is one type of attacks that exploit the system where the system will be sent in a number of very large requests, the system is not capable of handling such requests will the system runs out of resources so that performance of the system as a whole will be disrupted. Thus it is used along with Redundant Firewalls Intrusion Prevention System that can make the network more resilient to such attacks DDoS.Keyword: Firewall, Redundant, IDS, IPS, DDo

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY A PATH FOR HORIZING YOUR INNOVATIVE WORK THE HUMAN IMMUNE SYSTEM AND NETWORK SECURITY SYSTEM

Abstract Most of the current security systems do not provide adequate level of protection against ever-increasing threats. The main reason for their failure is the use of point solutions to protect hosts and reactive approach against intrusions. We studied human immune system, which survives under dynamic changing conditions and provides protection against biological viruses and bacteria. By taking immune system as an analogy, we propose an end-to-end network security system using mobile agents. Our solution not only overcomes limitations of traditional security solutions, but also enhances overall security by providing protection at each stage of the attack timeline. It functions in proactive and also reactive manner and has ability to learn and improve its strategies, equivalent to what human immune system does against viruses and bacteria

Design and Implementation of Military Barracks Security Monitoring System

面对我军大力发展现代化建设的机遇和挑战，只有不断超越自我，提升部队营区的安全防范，才能实现部队信息化力量的跨越式发展。部队作为国家武器、人民的卫士，肩负着极其重要的责任，部队建设关系着国家的安全和稳定、国民经济发展、人民生活安居乐业。部队营区作为人民卫士的集中场所，肩负着极其重要的职责，部队营区的安全预警防范建设关系到官兵的人身以及军事设施的安全。因此，如何更好地加强部队营区的防范监控系统的设计，通过推进部队监控防范预警系统的信息化建设，加强部队营区的治安环境建设，保障官兵自身及军事设施的安全，免于遭受敌对势力的破坏，是一个具有十分现实意义的课题。 建成一个切实可行的部队营区安防监控系统，应...Facing the opportunities and challenges to develop our military modernization, and only continue to better ourselves, to enhance security forces camp in order to realize the power of information technology forces by leaps and bounds. As national weapons, The defenders of the people, entrusted with a very important responsibility, army building relationships with the country's security and stabilit...学位：工程硕士院系专业：软件学院_工程硕士(软件工程)学号：X201223022

Hybrid Network Defense Model Based on Fuzzy Evaluation

With sustained and rapid developments in the field of information technology, the issue of network security has become increasingly prominent. The theme of this study is network data security, with the test subject being a classified and sensitive network laboratory that belongs to the academic network. The analysis is based on the deficiencies and potential risks of the network’s existing defense technology, characteristics of cyber attacks, and network security technologies. Subsequently, a distributed network security architecture using the technology of an intrusion prevention system is designed and implemented. In this paper, first, the overall design approach is presented. This design is used as the basis to establish a network defense model, an improvement over the traditional single-technology model that addresses the latter’s inadequacies. Next, a distributed network security architecture is implemented, comprising a hybrid firewall, intrusion detection, virtual honeynet projects, and connectivity and interactivity between these three components. Finally, the proposed security system is tested. A statistical analysis of the test results verifies the feasibility and reliability of the proposed architecture. The findings of this study will potentially provide new ideas and stimuli for future designs of network security architecture

Hierarchical TCP network traffic classification with adaptive optimisation

Nowadays, with the increasing deployment of modern packet-switching networks, traffic classification is playing an important role in network administration. To identify what kinds of traffic transmitting across networks can improve network management in various ways, such as traffic shaping, differential services, enhanced security, etc. By applying different policies to different kinds of traffic, Quality of Service (QoS) can be achieved and the granularity can be as fine as flow-level. Since illegal traffic can be identified and filtered, network security can be enhanced by employing advanced traffic classification. There are various traditional techniques for traffic classification. However, some of them cannot handle traffic generated by applications using non-registered ports or forged ports, some of them cannot deal with encrypted traffic and some techniques require too much computational resources. The newly proposed technique by other researchers, which uses statistical methods, gives an alternative approach. It requires less resources, does not rely on ports and can deal with encrypted traffic. Nevertheless, the performance of the classification using statistical methods can be further improved. In this thesis, we are aiming for optimising network traffic classification based on the statistical approach. Because of the popularity of the TCP protocol, and the difficulties for classification introduced by TCP traffic controls, our work is focusing on classifying network traffic based on TCP protocol. An architecture has been proposed for improving the classification performance, in terms of accuracy and response time. Experiments have been taken and results have been evaluated for proving the improved performance of the proposed optimised classifier. In our work, network packets are reassembled into TCP flows. Then, the statistical characteristics of flows are extracted. Finally the classes of input flows can be determined by comparing them with the profiled samples. Instead of using only one algorithm for classifying all traffic flows, our proposed system employs a series of binary classifiers, which use optimised algorithms to detect different traffic classes separately. There is a decision making mechanism for dealing with controversial results from the binary classifiers. Machining learning algorithms including k-nearest neighbour, decision trees and artificial neural networks have been taken into consideration together with a kind of non-parametric statistical algorithm — Kolmogorov-Smirnov test. Besides algorithms, some parameters are also optimised locally, such as detection windows, acceptance thresholds. This hierarchical architecture gives traffic classifier more flexibility, higher accuracy and less response time

Identification of military Cyber Red teams skills and proposed continuous training methodology for projecting power in cyber warfare

Dissertação (mestrado)—Universidade de Brasília, Faculdade de Tecnologia, Departamento de Engenharia Elétrica, Mestrado Profissional em Engenharia Elétrica, 2020.Defesa, reconhecimento e ataque são pré-requisitos para a projeção do poder militar na guerra cibernética e a eficácia das forças armadas nessas atividades determinam a imposição do Estado no mundo contemporâneo. Para melhorar suas habilidades cibernéticas, as organizações mili- tares, geralmente, criam exercícios para suas equipes ofensivas e defensivas. Esses exercícios aumentam as habilidades cibernéticas, mas são periódicos e dependem da disponibilidade de pro- fissionais. Para além disso, nota-se também que existe uma grande dificuldade, principalmente pelos Estados menos desenvolvidos, de estabelecer as habilidades necessárias a serem buscadas para suas equipes ofensivas. Isso acontece, pois determinados nichos como no caso das orga- nizações militares possuem certas peculiaridades que precisam ser bem compreendidas antes da implantação de um cyber red team. Neste trabalho são identificadas as competências que um cyber red team deve ter no contexto militar. Foram identificadas quatro competências macro, de onde se originaram mais oito competências, a partir das suas intersecções sucessivas. Com isso, pretende-se apresentar uma visão mais clara das competências necessárias para um cyber red team militar, de forma a aumentar a eficiência de sua montagem e ação nesse contexto. Para esse fim, este trabalho propõe também uma metodologia de treinamento contínuo que não exige que os profissionais se envolvam exclusivamente nos exercícios, mas que permite um aumento cons- tante das habilidades cibernéticas. Essa metodologia proposta trabalha com três redes diferentes em paralelo. Uma rede exclusiva para desenvolvimento de ataques, outra para confronto real em ambiente simulado e a rede de produção, que sofre correções de acordo com as falhas encontra- das no confronto simulado. Para eficácia dessa metodologia proposta, leva-se em consideração que existem três equipes, o cyber red team para ações ofensivas, o cyber blue team para ações defensivas e o cyber purple team que é responsável por gerenciar as infraestruturas das redes pro- postas na metodologia. A eficácia da metodologia foi demonstrada a partir de um experimento de aproximadamente nove meses que foi realizado com a participação de dezessete militares. Neste experimento foi constatado o aprimoramento das habilidades inerentes aos pré-requisitos para a projeção do poder militar na guerra cibernética, sem causar danos à atividade real.Defense, reconnaissance and attack are prerequisites for the military power projection when considering cyber warfare, also the effectiveness of the armed forces in these activities determi- nes the imposition of the its States in the contemporary world. In order to improve cyber skills of their personnel, military organizations often create exercises to put to the test cyber red and blue teams. Such exercises increase their cyber skills, but they are periodic and high dependent on the availability of professionals. In addition, it is also noted that there is a great difficulty, mainly by the less developed States to establish the necessary skills to be sought for their offensive teams. This happens because certain niches as in the case of military organizations have peculiarities that must be well understood before to implement a cyber red team. This work identifies the com- petencies required for a cyber red team in the military context. Four macro competences were specified, originating by their successive intersections eight more competences. In this context, we expect to provide a better vision of the skills needed for a military cyber red team, in order to increase the efficiency of its composition and action in this context. With such considerations in mind, this work proposes a cyber red team formation methodology with continuous training that does not require professionals to be exclusively involved in the exercises, but which permits a constant development of cyber skills. The proposed methodology also considers different kno- wledge domains with three different networks in parallel. An exclusive network for cyber attacks developments, another for attack and defense teams confrontation in a simulated environment and the production network, which is corrected according to the flaws found in the simulated confrontation. For the effectiveness of the proposed methodology, there must be three cyber te- ams, the cyber red team for offensive actions, the cyber blue team for defensive actions and the cyber purple team, which acts as judge and manages the infrastructures of the networks proposed in the methodology. Methodology effectiveness was demonstrated from an experiment of nine months approximately that was carried out with the participation of seventeen militaries. In this experiment, the skills inherent in prerequisites for the military power projection in cyber warfare inhanced and there was not causing real damage to cyber production environments