5 research outputs found
Intrusion Detection Method Based on Kernel Density Estimator
通过分析现有入侵检测技术的不足,探讨基于孤立点挖掘的入侵检测技术的优势,提出一种基于核密度估计的入侵检测方法。该方法通过核密度估计求出孤立点的近似集,再通过筛选近似集获得最终的孤立点集合,从而检测入侵记录。阐述了具体实现方案,通过仿真实验验证了该方法的可行性。This paper analyses the disadvantages of the existing intrusion detection technology and discusses the advantages of intrusion detection based on outlier mining,a new intrusion detection method based on kernel density estimator called IDKD is proposed.In IDKD,the approximate set of outliers is calculated by kernel density estimator through one data set pass,and the indeed set of outliers is generated from the approximate set by another data set pass,the anomaly records are detected.This method is applied in KDD99 data set and gets satisfactory results
Machine Learning Techniques for Characterizing IEEE 802.11b Encrypted Data Streams
As wireless networks become an increasingly common part of the infrastructure in industrialized nations, the vulnerabilities of this technology need to be evaluated. Even though there have been major advancements in encryption technology, security protocols and packet header obfuscation techniques, other distinguishing characteristics do exist in wireless network traffic. These characteristics include packet size, signal strength, channel utilization and others. Using these characteristics, windows of size 11, 31, and 51 packets are collected and machine learning (ML) techniques are trained to classify applications accessing the 802.11b wireless channel. The four applications used for this study included E-Mail, FTP, HTTP, and Print. Using neural networks and decision trees, the overall success (correct identification of applications) of the ML systems ranged from a low average of 65.8% for neural networks to a high of 85.9% for decision trees. These averages are a result of all classification attempts including the case where only one application is accessing the medium and also the unique combinations of two and three different applications
On traffic analysis attacks and countermeasures
Security and privacy have gained more and more attention with the rapid growth and
public acceptance of the Internet as a means of communication and information
dissemination. Security and privacy of a computing or network system may be
compromised by a variety of well-crafted attacks.
In this dissertation, we address issues related to security and privacy in computer
network systems. Specifically, we model and analyze a special group of network attacks,
known as traffic analysis attacks, and develop and evaluate their countermeasures.
Traffic analysis attacks aim to derive critical information by analyzing traffic over a
network. We focus our study on two classes of traffic analysis attacks: link-load analysis
attacks and flow-connectivity analysis attacks.
Our research has made the following conclusions:
1. We have found that an adversary may effectively discover link load by passively
analyzing selected statistics of packet inter-arrival times of traffic flows on a
network link. This is true even if some commonly used countermeasures (e.g.,
link padding) have been deployed. We proposed an alternative effective countermeasure to counter this passive traffic analysis attack. Our extensive
experimental results indicated this to be an effective approach.
2. Our newly proposed countermeasure may not be effective against active traffic
analysis attacks, which an adversary may also use to discover the link load. We
developed methodologies in countering these kinds of active attacks.
3. To detect the connectivity of a flow, an adversary may embed a recognizable
pattern of marks into traffic flows by interference. We have proposed new
countermeasures based on the digital filtering technology. Experimental results
have demonstrated the effectiveness of our method.
From our research, it is obvious that traffic analysis attacks present a serious
challenge to the design of a secured computer network system. It is the objective of this
study to develop robust but cost-effective solutions to counter link-load analysis attacks
and flow-connectivity analysis attacks. It is our belief that our methodology can provide
a solid foundation for studying the entire spectrum of traffic analysis attacks and their
countermeasures
Modeling and control of network traffic for performance and secure communications
The objective of this research is to develop innovative techniques for modeling and control of network congestion. Most existing network controls have discontinuous actions, but such discontinuity in control actions is commonly omitted in analytical models, and instead continuous models were widely adopted in the literature. This approximation works well under certain conditions, but it does cause significant discrepancy in creating robust, responsive control solutions for congestion management. In this dissertation, I investigated three major topics. I proposed a generic discontinuous congestion control model and its design methodology to guarantee asymptotic stability and eliminate traffic oscillation, based on the sliding mode control (SMC) theory. My scheme shows that discontinuity plays a crucial role in optimization of the I-D based congestion control algorithms. When properly modeled, the simple I-D control laws can be made highly robust to parameter and model uncertainties. I discussed applicability of this model to some existing flow or congestion control schemes,
e.g. XON/XOFF, rate and window based AIMD, RED, etc. It can also be effectively applied to design of detection and defense of distributed denial of service (DDoS) attacks. DDoS management can be considered a special case of the flow control problem. Based on my generic discontinuous congestion control model, I developed a backward-propagation feedback control strategy for DDoS detection and defense. It not only prevents DDoS attacks but also provides smooth traffic and bounded queue size.
Another application of the congestion control algorithms is design of private group communication networks. I proposed a new technique for protection of group communications by concealment of sender-recipient pairs. The basic approach is to fragment and disperse encrypted messages into packets to be transported along different paths, so that the adversary cannot efficiently determine the source/recipient of a message without correct ordering of all packets. Packet flows among nodes are made balanced, to eliminate traffic patterns related to group activities. I proposed a sliding window-based flow control scheme to control transmission of payload and dummy packets. My algorithms allow flexible tradeoff between traffic concealment and performance requirement