1,089,039 research outputs found
Introduction to Security Onion
Security Onion is a Network Security Manager (NSM) platform that provides multiple Intrusion Detection Systems (IDS) including Host IDS (HIDS) and Network IDS (NIDS). Many types of data can be acquired using Security Onion for analysis. This includes data related to: Host, Network, Session, Asset, Alert and Protocols. Security Onion can be implemented as a standalone deployment with server and sensor included or with a master server and multiple sensors allowing for the system to be scaled as required. Many interfaces and tools are available for management of the system and analysis of data such as Sguil, Snorby, Squert and Enterprise Log Search and Archive (ELSA). These interfaces can be used for analysis of alerts and captured events and then can be further exported for analysis in Network Forensic Analysis Tools (NFAT) such as NetworkMiner, CapME or Xplico. The Security Onion platform also provides various methods of management such as Secure SHell (SSH) for management of server and sensors and Web client remote access. All of this with the ability to replay and analyse example malicious traffic makes the Security Onion a suitable low cost alternative for Network Security Management. In this paper, we have a feature and functionality review for the Security Onion in terms of: types of data, configuration, interface, tools and system management
Stochastic Tools for Network Intrusion Detection
With the rapid development of Internet and the sharp increase of network
crime, network security has become very important and received a lot of
attention. We model security issues as stochastic systems. This allows us to
find weaknesses in existing security systems and propose new solutions.
Exploring the vulnerabilities of existing security tools can prevent
cyber-attacks from taking advantages of the system weaknesses. We propose a
hybrid network security scheme including intrusion detection systems (IDSs) and
honeypots scattered throughout the network. This combines the advantages of two
security technologies. A honeypot is an activity-based network security system,
which could be the logical supplement of the passive detection policies used by
IDSs. This integration forces us to balance security performance versus cost by
scheduling device activities for the proposed system. By formulating the
scheduling problem as a decentralized partially observable Markov decision
process (DEC-POMDP), decisions are made in a distributed manner at each device
without requiring centralized control. The partially observable Markov decision
process (POMDP) is a useful choice for controlling stochastic systems. As a
combination of two Markov models, POMDPs combine the strength of hidden Markov
Model (HMM) (capturing dynamics that depend on unobserved states) and that of
Markov decision process (MDP) (taking the decision aspect into account).
Decision making under uncertainty is used in many parts of business and
science.We use here for security tools.We adopt a high-quality approximation
solution for finite-space POMDPs with the average cost criterion, and their
extension to DEC-POMDPs. We show how this tool could be used to design a
network security framework.Comment: Accepted by International Symposium on Sensor Networks, Systems and
Security (2017
SPAN security policies and guidelines
A guide is provided to system security with emphasis on requirements and guidelines that are necessary to maintain an acceptable level of security on the network. To have security for the network, each node on the network must be secure. Therefore, each system manager, must strictly adhere to the requirements and must consider implementing the guidelines discussed. There are areas of vulnerability within the operating system that may not be addressed. However, when a requirement or guideline is discussed, implementation techniques are included. Information related to computer and data security is discussed to provide information on implementation options. The information is presented as it relates to a VAX computer environment
Hierarchical Design Based Intrusion Detection System For Wireless Ad hoc Network
In recent years, wireless ad hoc sensor network becomes popular both in civil
and military jobs. However, security is one of the significant challenges for
sensor network because of their deployment in open and unprotected environment.
As cryptographic mechanism is not enough to protect sensor network from
external attacks, intrusion detection system needs to be introduced. Though
intrusion prevention mechanism is one of the major and efficient methods
against attacks, but there might be some attacks for which prevention method is
not known. Besides preventing the system from some known attacks, intrusion
detection system gather necessary information related to attack technique and
help in the development of intrusion prevention system. In addition to
reviewing the present attacks available in wireless sensor network this paper
examines the current efforts to intrusion detection system against wireless
sensor network. In this paper we propose a hierarchical architectural design
based intrusion detection system that fits the current demands and restrictions
of wireless ad hoc sensor network. In this proposed intrusion detection system
architecture we followed clustering mechanism to build a four level
hierarchical network which enhances network scalability to large geographical
area and use both anomaly and misuse detection techniques for intrusion
detection. We introduce policy based detection mechanism as well as intrusion
response together with GSM cell concept for intrusion detection architecture.Comment: 16 pages, International Journal of Network Security & Its
Applications (IJNSA), Vol.2, No.3, July 2010. arXiv admin note: text overlap
with arXiv:1111.1933 by other author
Representing Network Trust and Using It to Improve Anonymous Communication
Motivated by the effectiveness of correlation attacks against Tor, the
censorship arms race, and observations of malicious relays in Tor, we propose
that Tor users capture their trust in network elements using probability
distributions over the sets of elements observed by network adversaries. We
present a modular system that allows users to efficiently and conveniently
create such distributions and use them to improve their security. The major
components of this system are (i) an ontology of network-element types that
represents the main threats to and vulnerabilities of anonymous communication
over Tor, (ii) a formal language that allows users to naturally express trust
beliefs about network elements, and (iii) a conversion procedure that takes the
ontology, public information about the network, and user beliefs written in the
trust language and produce a Bayesian Belief Network that represents the
probability distribution in a way that is concise and easily sampleable. We
also present preliminary experimental results that show the distribution
produced by our system can improve security when employed by users; further
improvement is seen when the system is employed by both users and services.Comment: 24 pages; talk to be presented at HotPETs 201
- …