NEMESYS: Enhanced Network Security for Seamless Service Provisioning in the Smart Mobile Ecosystem

As a consequence of the growing popularity of smart mobile devices, mobile malware is clearly on the rise, with attackers targeting valuable user information and exploiting vulnerabilities of the mobile ecosystems. With the emergence of large-scale mobile botnets, smartphones can also be used to launch attacks on mobile networks. The NEMESYS project will develop novel security technologies for seamless service provisioning in the smart mobile ecosystem, and improve mobile network security through better understanding of the threat landscape. NEMESYS will gather and analyze information about the nature of cyber-attacks targeting mobile users and the mobile network so that appropriate counter-measures can be taken. We will develop a data collection infrastructure that incorporates virtualized mobile honeypots and a honeyclient, to gather, detect and provide early warning of mobile attacks and better understand the modus operandi of cyber-criminals that target mobile devices. By correlating the extracted information with the known patterns of attacks from wireline networks, we will reveal and identify trends in the way that cyber-criminals launch attacks against mobile devices.Comment: Accepted for publication in Proceedings of the 28th International Symposium on Computer and Information Sciences (ISCIS'13); 9 pages; 1 figur

Agent‐based modeling of malware dynamics in heterogeneous environments

The increasing convergence of power‐law networks such as social networking and peer‐to‐peer applications, web‐delivered applications, and mobile platforms makes today's users highly vulnerable to entirely new generations of malware that exploit vulnerabilities in web applications and mobile platforms for new infections, while using the power‐law connectivity for finding new victims. The traditional epidemic models based on assumptions of homogeneity, average‐degree distributions, and perfect‐mixing are inadequate to model this type of malware propagation. In this paper, we study four aspects crucial to modeling malware propagation: application‐level interactions among users of such networks , local network structure , user mobility , and network coordination of malware such as botnets . Since closed‐form solutions of malware propagation considering these aspects are difficult to obtain, we describe an open‐source, flexible agent‐based emulation framework that can be used by malware researchers for studying today's complex malware. The framework, called Agent‐Based Malware Modeling (AMM), allows different applications, network structure, network coordination, and user mobility in either a geographic or a logical domain to study various infection and propagation scenarios. In addition to traditional worms and viruses, the framework also allows modeling network coordination of malware such as botnets. The majority of the parameters used in the framework can be derived from real‐life network traces collected from a network, and therefore, represent realistic malware propagation and infection scenarios. As representative examples, we examine two well‐known malware spreading mechanisms: (i) a malicious virus such as Cabir spreading among the subscribers of a cellular network using Bluetooth and (ii) a hybrid worm that exploit email and file‐sharing to infect users of a social network. In both cases, we identify the parameters most important to the spread of the epidemic based upon our extensive simulation results. Copyright © 2011 John Wiley & Sons, Ltd. This paper presents a novel agent‐based framework for realistic modeling of malware propagation in heterogeneous networks, applications and platforms. The majority of the parameters used in the framework can be derived from real‐life network traces collected from a network, and therefore, represent realistic malware propagation and infection scenarios for the given network. Two well‐known malware spreading mechanisms in traditional as well as mobile environments were studied using extensive simulations within the framework and the most important spreading parameters were identified.Peer Reviewedhttp://deepblue.lib.umich.edu/bitstream/2027.42/101832/1/sec298.pd

Mobile Malware and Smart Device Security: Trends, Challenges and Solutions

This work is part of the research to study trends and challenges of cyber security to smart devices in smart homes. We have seen the development and demand for seamless interconnectivity of smart devices to provide various functionality and abilities to users. While these devices provide more features and functionality, they also introduce new risks and threats. Subsequently, current cyber security issues related to smart devices are discussed and analyzed. The paper begins with related background and motivation. We identified mobile malware as one of the main issue in the smart devices' security. In the near future, mobile smart device users can expect to see a striking increase in malware and notable advancements in malware-related attacks, particularly on the Android platform as the user base has grown exponentially. We discuss and analyzed mobile malware in details and identified challenges and future trends in this area. Then we propose and discuss an integrated security solution for cyber security in smart devices to tackle the issue

A Review of Performance, Energy and Privacy of Intrusion Detection Systems for IoT

Internet of Things (IoT) forms the foundation of next generation infrastructures, enabling development of future cities that are inherently sustainable. Intrusion detection for such paradigms is a non-trivial challenge which has attracted further significance due to extraordinary growth in the volume and variety of security threats for such systems. However, due to unique characteristics of such systems i.e., battery power, bandwidth and processor overheads and network dynamics, intrusion detection for IoT is a challenge, which requires taking into account the trade-off between detection accuracy and performance overheads. In~this context, we are focused at highlighting this trade-off and its significance to achieve effective intrusion detection for IoT. Specifically, this paper presents a comprehensive study of existing intrusion detection systems for IoT systems in three aspects: computational overhead, energy consumption and privacy implications. Through extensive study of existing intrusion detection approaches, we have identified open challenges to achieve effective intrusion detection for IoT infrastructures. These include resource constraints, attack complexity, experimentation rigor and unavailability of relevant security data. Further, this paper is envisaged to highlight contributions and limitations of the state-of-the-art within intrusion detection for IoT, and~aid the research community to advance it by identifying significant research directions

Assessing and augmenting SCADA cyber security: a survey of techniques

SCADA systems monitor and control critical infrastructures of national importance such as power generation and distribution, water supply, transportation networks, and manufacturing facilities. The pervasiveness, miniaturisations and declining costs of internet connectivity have transformed these systems from strictly isolated to highly interconnected networks. The connectivity provides immense benefits such as reliability, scalability and remote connectivity, but at the same time exposes an otherwise isolated and secure system, to global cyber security threats. This inevitable transformation to highly connected systems thus necessitates effective security safeguards to be in place as any compromise or downtime of SCADA systems can have severe economic, safety and security ramifications. One way to ensure vital asset protection is to adopt a viewpoint similar to an attacker to determine weaknesses and loopholes in defences. Such mind sets help to identify and fix potential breaches before their exploitation. This paper surveys tools and techniques to uncover SCADA system vulnerabilities. A comprehensive review of the selected approaches is provided along with their applicability

Telephony Denial of Service Defense at Data Plane (TDoSD@DP)

The Session Initiation Protocol (SIP) is an application-layer control protocol used to establish and terminate calls that are deployed globally. A flood of SIP INVITE packets sent by an attacker causes a Telephony Denial of Service (TDoS) incident, during which legitimate users are unable to use telephony services. Legacy TDoS defense is typically implemented as network appliances and not sufficiently deployed to enable early detection. To make TDoS defense more widely deployed and yet affordable, this paper presents TDoSD@DP where TDoS detection and mitigation is programmed at the data plane so that it can be enabled on every switch port and therefore serves as distributed SIP sensors. With this approach, the damage is isolated at a particular switch and bandwidth saved by not sending attack packets further upstream. Experiments have been performed to track the SIP state machine and to limit the number of active SIP session per port. The results show that TDoSD@DP was able to detect and mitigate ongoing INVITE flood attack, protecting the SIP server, and limiting the damage to a local switch. Bringing the TDoS defense function to the data plane provides a novel data plane application that operates at the SIP protocol and a novel approach for TDoS defense implementation.Final Accepted Versio