Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems

Computer networks are undergoing a phenomenal growth, driven by the rapidly increasing number of nodes constituting the networks. At the same time, the number of security threats on Internet and intranet networks is constantly growing, and the testing and experimentation of cyber defense solutions requires the availability of separate, test environments that best emulate the complexity of a real system. Such environments support the deployment and monitoring of complex mission-driven network scenarios, thus enabling the study of cyber defense strategies under real and controllable traffic and attack scenarios. In this paper, we propose a methodology that makes use of a combination of techniques of network and security assessment, and the use of cloud technologies to build an emulation environment with adjustable degree of affinity with respect to actual reference networks or planned systems. As a byproduct, starting from a specific study case, we collected a dataset consisting of complete network traces comprising benign and malicious traffic, which is feature-rich and publicly available

Data acquisition system for the MuLan muon lifetime experiment

We describe the data acquisition system for the MuLan muon lifetime experiment at Paul Scherrer Institute. The system was designed to record muon decays at rates up to 1 MHz and acquire data at rates up to 60 MB/sec. The system employed a parallel network of dual-processor machines and repeating acquisition cycles of deadtime-free time segments in order to reach the design goals. The system incorporated a versatile scheme for control and diagnostics and a custom web interface for monitoring experimental conditions.Comment: 19 pages, 8 figures, submitted to Nuclear Instruments and Methods

Management of an Automatic System to Generate Reports on the Attendance Control of Teachers in a Educational Center

Many countries were affected by the appearance of SARS-COV-2 that was spreading rapidly, causing damage to humanity and causing a global crisis, this generated a generalized quarantine to avoid the physical approaches recommended by the health system, affecting all students in the world, since it was wanted to avoid forming foci of contagion in educational centers,  for this reason, some automated systems that are marketed in the markets were applied to combat the pandemic in educational centers, but they are inefficient when registering the work attendance of teachers, causing loss of time in the registration process and causing an agglomeration of people due to the failure in the registration process,  in addition to not allowing to manage the reports of the teacher's work attendance. In view of this problem, in this article the management of an automatic system was carried out to generate reports on the attendance control of the teaching staff in the educational center and control the working hours of each teacher to be visualized through a user interface, being able to control the labor discipline of each teacher since all the records will be stored in a database. Through the development of the system, it was observed that the system works effectively since an efficiency of 98.87% was obtained in its operation to control the time of entry and exit of each teacher, being an accepted value since the process is conducted safely

STCP: Receiver-agnostic Communication Enabled by Space-Time Cloud Pointers

Department of Electrical and Computer Engineering (Computer Engineering)During the last decade, mobile communication technologies have rapidly evolved and ubiquitous network connectivity is nearly achieved. However, we observe that there are critical situations where none of the existing mobile communication technologies is usable. Such situations are often found when messages need to be delivered to arbitrary persons or devices that are located in a specific space at a specific time. For instance at a disaster scene, current communication methods are incapable of delivering messages of a rescuer to the group of people at a specific area even when their cellular connections are alive because the rescuer cannot specify the receivers of the messages. We name this as receiver-unknown problem and propose a viable solution called SpaceMessaging. SpaceMessaging adopts the idea of Post-it by which we casually deliver our messages to a person who happens to visit a location at a random moment. To enable SpaceMessaging, we realize the concept of posting messages to a space by implementing cloud-pointers at a cloud server to which messages can be posted and from which messages can fetched by arbitrary mobile devices that are located at that space. Our Android-based prototype of SpaceMessaging, which particularly maps a cloud-pointer to a WiFi signal fingerprint captured from mobile devices, demonstrates that it first allows mobile devices to deliver messages to a specific space and to listen to the messages of a specific space in a highly accurate manner (with more than 90% of Recall)

Monitoring Class Attendance Via Mobile Application

Attendance taking has become a huge problems for institutions to keep track and record the number and other necessary details of the attendees. Traditional ways of taking attendance has been widely used which is mostly based on paper. Paper-based attendance taking is a heartache for institutions as this system is unreliable and difficult to keep track. This system allows attendance fabrication and do not have a systematic way of keeping the record indefinitely. Over the years, lots of innovative ideas to improve attendance taking systems have been developed to counter this problem. However, each of them has its own limitations and weaknesses. As a result, studies have been carried out to develop a more systematic and reliable way to improve current attendance taking system. There are three objectives to be achieved; To implement well-organized attendance monitoring and tracking system by developing an Android mobile application that helps lecturers to monitor attendance in the cloud; To prevent fabrication of students’ attendance; To save time in taking attendances

A profile of prolonged, persistent SSH attack on a Kippo Based Honeynet

This paper is an investigation focusing on activities detected by SSH honeypots that utilised kippo honeypot software. The honeypots were located across a variety of geographical locations and operational platforms. The honeynet has suffered prolonged, persistent and attack from a /24 network which appears to be of Chinese geographical origin. In addition to these attacks, other attackers have been successful in compromising real hosts in a wide range of other countries that were subsequently involved in attacking the honeypot machines in the honeynet

Anomaly based intrusion detection for network monitoring using a dynamic honeypot.

This thesis proposes a network based intrusion detection approach using anomaly detection and achieving low configuration and maintenance costs. A honeypots is an emerging security tool that has several beneficial characteristics, one of which is that all traffic to it is anomalous. A dynamic honeypot reduces the configuration and maintenance costs of honeypot deployment. An anomaly based intrusion detection system with low configuration and maintenance costs can be constructed by simply observing the egress and ingress to a dynamic honeypot. This thesis explores the design and implementation of a dynamic honeypot using a variety of publicly available tools. The main contributions of the design consist of a database containing network relevant information and a dynamic honeypot engine that generates honeypot configurations from the relevant network information. The thesis also explores a simple intrusion detection system built around the dynamic honeypot. These systems were experimentally implemented and preliminary testing identified anomalous traffic, though in some cases it was not necessarily intrusive. In one instance the dynamic honeypot based intrusion detection system identified an intrusion, which was not detected by conventional means

Invited Paper - A Profile of Prolonged, Persistent SSH Attack on a Kippo Based Honeynet

This paper is an investigation focusing on activities detected by SSH honeypots that utilised kippo honeypot software. The honeypots were located across a variety of geographical locations and operational platforms. The honeynet has suffered prolonged, persistent and attack from a /24 network which appears to be of Chinese geographical origin. In addition to these attacks, other attackers have been successful in compromising real hosts in a wide range of other countries that were subsequently involved in attacking the honeypot machines in the honeynet. Keywords: Cyber Security, SSH, Secure Shell, Honeypots, Kipp