511,118 research outputs found
Evaluation of network security based on next generation intrusion prevention system
Next Generation Intrusion Prevention System (NGIPS) is a system that works to monitor network traffic, to detect suspicious activity, and to conduct early prevention toward intrusion that can cause network does not run as it supposed to be, NGIPS provides vulnerability protection broader compared to the traditional IPS, especially in the application layer that has ability to detect and learn vulnerability asset and carried out layering inspection until layer 7 packet. This paper intended to analyze and evaluate the NGIPS to protect network from penetration system that utilize the weakness from firewall, that is exploitation to HTTP port. By the existence of NGIPS, it is expected can improve the network security, also network administrator could monitor and detect the threats rapidly. Research method includes scenario and topology penetration testing plan. The result of this research is the evaluation of penetration testing that utilizes HTTP port to exploit through malicious domain. The evaluation conducted to ensure the NGIPS system can secure the network environment through penetration testing. This study can be concluded that it can become reference to optimize network security with NGIPS as network security layer
A Two-stage Flow-based Intrusion Detection Model ForNext-generation Networks
The next-generation network provides state-of-the-art access-independent services over converged mobile and fixed networks. Security in the converged network environment is a major challenge. Traditional packet and protocol-based intrusion detection techniques cannot be used in next-generation networks due to slow throughput, low accuracy and their inability to inspect encrypted payload. An alternative solution for protection of next-generation networks is to use network flow records for detection of malicious activity in the network traffic. The network flow records are independent of access networks and user applications. In this paper, we propose a two-stage flow-based intrusion detection system for next-generation networks. The first stage uses an enhanced unsupervised one-class support vector machine which separates malicious flows from normal network traffic. The second stage uses a self-organizing map which automatically groups malicious flows into different alert clusters. We validated the proposed approach on two flow-based datasets and obtained promising results
Security challenges of small cell as a service in virtualized mobile edge computing environments
Research on next-generation 5G wireless networks is currently attracting a lot of attention in both academia and industry. While 5G development and standardization activities are still at their early stage, it is widely acknowledged that 5G systems are going to extensively rely on dense small cell deployments, which would exploit infrastructure and network functions virtualization (NFV), and push the network intelligence towards network edges by embracing the concept of mobile edge computing (MEC). As security will be a fundamental enabling factor of small cell as a service (SCaaS) in 5G networks, we present the most prominent threats and vulnerabilities against a broad range of targets. As far as the related work is concerned, to the best of our knowledge, this paper is the first to investigate security challenges at the intersection of SCaaS, NFV, and MEC. It is also the first paper that proposes a set of criteria to facilitate a clear and effective taxonomy of security challenges of main elements of 5G networks. Our analysis can serve as a staring point towards the development of appropriate 5G security solutions. These will have crucial effect on legal and regulatory frameworks as well as on decisions of businesses, governments, and end-users
HORNET: High-speed Onion Routing at the Network Layer
We present HORNET, a system that enables high-speed end-to-end anonymous
channels by leveraging next generation network architectures. HORNET is
designed as a low-latency onion routing system that operates at the network
layer thus enabling a wide range of applications. Our system uses only
symmetric cryptography for data forwarding yet requires no per-flow state on
intermediate nodes. This design enables HORNET nodes to process anonymous
traffic at over 93 Gb/s. HORNET can also scale as required, adding minimal
processing overhead per additional anonymous channel. We discuss design and
implementation details, as well as a performance and security evaluation.Comment: 14 pages, 5 figure
Migration control for mobile agents based on passport and visa
Research on mobile agents has attracted much attention as this paradigm has demonstrated great potential for the next-generation e-commerce. Proper solutions to security-related problems become key factors in the successful deployment of mobile agents in e-commerce systems. We propose the use of passport and visa (P/V) for securing mobile agent migration across communities based on the SAFER e-commerce framework. P/V not only serves as up-to-date digital credentials for agent-host authentication, but also provides effective security mechanisms for online communities to control mobile agent migration. Protection for mobile agents, network hosts, and online communities is enhanced using P/V. We discuss the design issues in details and evaluate the implementation of the proposed system
HUMAN USAGE DESCRIPTION FOR 5G NETWORK ENDPOINTS
Just as Manufacturers Usage Description (MUD) defines security and access control for “things,” Human Usage Description (HUD) does the same for humans by associating a user and all of their devices in a database. With such a database, a 5G provider has insights into user behavior on the network in context with the user device. This allows for more accurate Quality of Experience (QoE) and network slicing at the user device level, common licensing and security across multiple devices, next generation media consumption, and revenue generation through targeted advertising
Analysis of security at the Near-real-time RIC xApps based on O-RAN-defined use cases
The Open Radio Access Network Alliance (O-RAN Alliance) is a group of industry and academic organizations that strive to realize the vision of next-generation cellular networks. Using standardized interfaces, telecommunications operators can operate multi-vendor infrastructure and deliver high-speed services to their mobile users. Additionally, the O-RAN Alliance has standardized an Open Radio Access Network (RAN) architecture based on the Third Generation Partnership Project (3GPP) and other standards. User planes and control planes are currently separate in RAN architecture. The separation makes it easier to accommodate network function virtualization methods required for 5G, enabling it to be more flexible. To help in the management of resources, the O-RAN standard proposes the use of xApps, i.e., dedicated applications that can be customly installed by the network operatior and that can be purchased from different vendors. For this reason, securely managing xApps represents a significant challenge for the security of the overall network.\\
In this thesis, we analyze the security of xApps and their proposed use cases. Based on the applications porposed by the O-RAN alliance, we provide an in depth analysis of the vulnerabilities and their impact on the network. We also discuss different features of attacks, such as reproducibility, stealthiness, exposure, and impact. Based on our analysis, we conclude that significant work is still to be made to guarantee the security of O-RAN and in particular of its xApps. This thesis hence provides a baseline for future research in the domain of security and privacy for next generation communication network
- …