Tight Bounds for Black Hole Search with Scattered Agents in Synchronous Rings

We study the problem of locating a particularly dangerous node, the so-called black hole in a synchronous anonymous ring network with mobile agents. A black hole is a harmful stationary process residing in a node of the network and destroying destroys all mobile agents visiting that node without leaving any trace. We consider the more challenging scenario when the agents are identical and initially scattered within the network. Moreover, we solve the problem with agents that have constant-sized memory and carry a constant number of identical tokens, which can be placed at nodes of the network. In contrast, the only known solutions for the case of scattered agents searching for a black hole, use stronger models where the agents have non-constant memory, can write messages in whiteboards located at nodes or are allowed to mark both the edges and nodes of the network with tokens. This paper solves the problem for ring networks containing a single black hole. We are interested in the minimum resources (number of agents and tokens) necessary for locating all links incident to the black hole. We present deterministic algorithms for ring topologies and provide matching lower and upper bounds for the number of agents and the number of tokens required for deterministic solutions to the black hole search problem, in oriented or unoriented rings, using movable or unmovable tokens

Faulty node repair and dynamically spawned black hole search

New threats to networks are constantly arising. This justifies protecting network assets and mitigating the risk associated with attacks. In a distributed environment, researchers aim, in particular, at eliminating faulty network entities. More specifically, much research has been conducted on locating a single static black hole, which is defined as a network site whose existence is known a priori and that disposes of any incoming data without leaving any trace of this occurrence. However, the prevalence of faulty nodes requires an algorithm able to (a) identify faulty nodes that can be repaired without human intervention and (b) locate black holes, which are taken to be faulty nodes whose repair does require human intervention. In this paper, we consider a specific attack model that involves multiple faulty nodes that can be repaired by mobile software agents, as well as a virus v that can infect a previously repaired faulty node and turn it into a black hole. We refer to the task of repairing multiple faulty nodes and pointing out the location of the black hole as the Faulty Node Repair and Dynamically Spawned Black Hole Search. Wefirst analyze the attack model we put forth. We then explain (a) how to identify whether a node is either (1) a normal node or (2) a repairable faulty node or (3) the black hole that has been infected by virus v during the search/repair process and, (b) how to perform the correct relevant actions. These two steps constitute a complex task, which, we explain, significantly differs from the traditional Black Hole Search. We continue by proposing an algorithm to solve this problem in an

Solutions to Detect and Analyze Online Radicalization : A Survey

Online Radicalization (also called Cyber-Terrorism or Extremism or Cyber-Racism or Cyber- Hate) is widespread and has become a major and growing concern to the society, governments and law enforcement agencies around the world. Research shows that various platforms on the Internet (low barrier to publish content, allows anonymity, provides exposure to millions of users and a potential of a very quick and widespread diffusion of message) such as YouTube (a popular video sharing website), Twitter (an online micro-blogging service), Facebook (a popular social networking website), online discussion forums and blogosphere are being misused for malicious intent. Such platforms are being used to form hate groups, racist communities, spread extremist agenda, incite anger or violence, promote radicalization, recruit members and create virtual organi- zations and communities. Automatic detection of online radicalization is a technically challenging problem because of the vast amount of the data, unstructured and noisy user-generated content, dynamically changing content and adversary behavior. There are several solutions proposed in the literature aiming to combat and counter cyber-hate and cyber-extremism. In this survey, we review solutions to detect and analyze online radicalization. We review 40 papers published at 12 venues from June 2003 to November 2011. We present a novel classification scheme to classify these papers. We analyze these techniques, perform trend analysis, discuss limitations of existing techniques and find out research gaps

ANALYSIS OF BOTNET CLASSIFICATION AND DETECTION BASED ON C&C CHANNEL

Botnet is a serious threat to cyber-security. Botnet is a robot that can enter the computer and perform DDoS attacks through attacker’s command. Botnets are designed to extract confidential information from network channels such as LAN, Peer or Internet. They perform on hacker's intention through Command & Control(C&C) where attacker can control the whole network and can clinch illegal activities such as identity theft, unauthorized logins and money transactions. Thus, for security reason, it is very important to understand botnet behavior and go through its countermeasures. This thesis draws together the main ideas of network anomaly, botnet behavior, taxonomy of botnet, famous botnet attacks and detections processes. Based on network protocols, botnets are mainly 3 types: IRC, HTTP, and P2P botnet. All 3 botnet's behavior, vulnerability, and detection processes with examples are explained individually in upcoming chapters. Meanwhile saying shortly, IRC Botnet refers to early botnets targeting chat and messaging applications, HTTP Botnet targets internet browsing/domains and P2P Botnet targets peer network i.e. decentralized servers. Each Botnet's design, target, infecting and spreading mechanism can be different from each other. For an instance, IRC Botnet is targeted for small environment attacks where HTTP and P2P are for huge network traffic. Furthermore, detection techniques and algorithms filtration processes are also different among each of them. Based on these individual botnet's behavior, many research papers have analyzed numerous botnet detection techniques such as graph-based structure, clustering algorithm and so on. Thus, this thesis also analyzes popular detection mechanisms, C&C channels, Botnet working patterns, recorded datasets, results and false positive rates of bots prominently found in IRC, HTTP and P2P. Research area covers C&C channels, botnet behavior, domain browsing, IRC, algorithms, intrusion and detection, network and peer, security and test results. Research articles are conducted from scientific books through online source and University of Turku library

Effectiveness of Linux rootkit detection tools

Abstract. Rootkits — a type of software that specializes in hiding entities in computer systems while enabling continuous control or access to it — are particularly difficult to detect compared to other kinds of software. Various tools exist for detecting rootkits, utilizing a wide variety of detection techniques and mechanisms. However, the effectiveness of such tools is not well established, especially in contemporary academic research and in the context of the Linux operating system. This study carried out an empirical evaluation of the effectiveness of five tools with capabilities to detect Linux rootkits: OSSEC, AIDE, Rootkit Hunter, Chkrootkit and LKRG. The effectiveness of each tool was tested by injecting 15 publicly available rootkits in individual detection tests in virtual machines running Ubuntu 16.04, executing the detection tool and capturing its results for analysis. A total of 75 detection tests were performed. The results showed that only 37.3% of the detection tests provided any indication of a rootkit infection or suspicious system behaviour, with the rest failing to provide any signs of anomalous behaviour. However, combining the findings of multiple detection tools increased the overall detection rate to 93.3%, as all but a single rootkit were discovered by at least one tool. Variation was observed in the effectiveness of the detection tools, with detection rates ranging from 13.3% to 53.3%. Variation in detection effectiveness was also found between categories of rootkits, as the overall detection rate was 46.7% for user mode rootkits and 31.1% for kernel mode rootkits. Overall, the findings showed that while an individual detection tool‘s effectiveness can be lacking, using a combination of tools considerably increased the likelihood of a successful detection

Black Hole Search with Finite Automata Scattered in a Synchronous Torus

We consider the problem of locating a black hole in synchronous anonymous networks using finite state agents. A black hole is a harmful node in the network that destroys any agent visiting that node without leaving any trace. The objective is to locate the black hole without destroying too many agents. This is difficult to achieve when the agents are initially scattered in the network and are unaware of the location of each other. Previous studies for black hole search used more powerful models where the agents had non-constant memory, were labelled with distinct identifiers and could either write messages on the nodes of the network or mark the edges of the network. In contrast, we solve the problem using a small team of finite-state agents each carrying a constant number of identical tokens that could be placed on the nodes of the network. Thus, all resources used in our algorithms are independent of the network size. We restrict our attention to oriented torus networks and first show that no finite team of finite state agents can solve the problem in such networks, when the tokens are not movable. In case the agents are equipped with movable tokens, we determine lower bounds on the number of agents and tokens required for solving the problem in torus networks of arbitrary size. Further, we present a deterministic solution to the black hole search problem for oriented torus networks, using the minimum number of agents and tokens

Thin Hypervisor-Based Security Architectures for Embedded Platforms

Virtualization has grown increasingly popular, thanks to its benefits of isolation, management, and utilization, supported by hardware advances. It is also receiving attention for its potential to support security, through hypervisor-based services and advanced protections supplied to guests. Today, virtualization is even making inroads in the embedded space, and embedded systems, with their security needs, have already started to benefit from virtualization’s security potential. In this thesis, we investigate the possibilities for thin hypervisor-based security on embedded platforms. In addition to significant background study, we present implementation of a low-footprint, thin hypervisor capable of providing security protections to a single FreeRTOS guest kernel on ARM. Backed by performance test results, our hypervisor provides security to a formerly unsecured kernel with minimal performance overhead, and represents a first step in a greater research effort into the security advantages and possibilities of embedded thin hypervisors. Our results show that thin hypervisors are both possible and beneficial even on limited embedded systems, and sets the stage for more advanced investigations, implementations, and security applications in the future

Key Management in Wireless Sensor Networks, IP-Based Sensor Networks, Content Centric Networks

Cryptographic keys and their management in network communication is considered the main building block of security over which other security primitives are based. These cryptographic keys ensure the privacy, authentication, integrity and non-repudiation of messages. However, the use of these cryptographic keys and their management in dealing with the resource constrained devices (i.e. Sensor nodes) is a challenging task. A number of key management schemes have been introduced by researchers all over the world for such resource constrained networks. For example, light weight PKI and elliptic curve cryptography schemes are computationally expensive for these resource constrained devices. So far the symmetric key approach is considered best for these constrained networks and different variants of it been developed for these networks (i.e. probabilistic key distribution approach). The probabilistic key distribution approach consumes less memory than the standard symmetric key approach but it suffers from the connectivity issues (i.e. the connectivity depends on the common shared keys between the nodes). Most of those schemes were proposed by considering static sensor networks (e.g. Industrial process monitoring, Environmental monitoring, movement detection in military applications, forests etc.). However, the use of these existing key management schemes for mobile wireless sensor networks applications introduces more challenges in terms of network connectivity, energy consumption, memory cost, communication overhead and protection of key materials against some well known attacks. Keeping these challenges in mind, previous research has proposed some key management schemes considering the mobility scenarios in ad hoc networks and wireless sensor networks (e.g. vehicular networks, health monitoring systems).However these schemes consume more resource because of a much higher communication packet exchange during the handover phase for the authentication of joining and leaving nodes than the static networks where there is no extra communication for the handover and authentication. The motivation of this research work is to investigate and propose new algorithms not only to improve the efficiency of these existing authentication and key management schemes in terms of connectivity, memory and security by considering the mobility scenario in wireless sensor networks, but also to develop new algorithms that suit these constrained networks than the existing schemes. First, we choose the existing key pool approach for authentication and key management and improve its network connectivity and resilience against some well known attacks (e.g. node capturing attacks) while reduce the memory cost by storing those key pools in each sensor node. In the proposed solution, we have divided the main key pool into two virtual mutually exclusive key pools. This division and constructing a key from two chosen keys, one from each key pool, helps to reduce the memory cost of each node by assigning fewer keys for the same level of network connectivity as the existing key pool frameworks. Although, the proposed key pool approach increases the network resilience against node compromission attacks because of the smaller number of keys assigned to each node, however it does not completely nullify the effect of the attacks. Hence we proposed an online mutual authentication and key establishment and management scheme for sensor networks that provides almost 100\% network connectivity and also nullifies the effect of node compromission attacks. In the proposed online key generation approach, the secret key is dependent on both communicating parties. Once the two communicating parties authenticate each other, they would successfully establish a secret communication key, otherwise they stop communication and inform the network manager about the intruder detection and activity. The last part of the thesis considers the integration of two different technologies (i.e. wireless sensor networks and IP networks). This is a very interesting and demanding research area because of its numerous applications, such as smart energy, smart city etc.. However the security requirements of these two kind of networks (resource constrained and resourceful) make key management a challenging task. Hence we use an online key generation approach using elliptic curve cryptography which gives the same security level as the standard PKI approach used in IP networks with smaller key length and is suited for the sensor network packet size limitations. It also uses a less computationally expensive approach than PKI and hence makes ECC suitable to be adopted in wireless sensor networks. In the key management scheme for IP based sensor networks, we generate the public private key pair based on ECC for each individual sensor node. However the public key is not only dependent on the node's parameter but also the parameters of the network to which it belongs. This increases the security of the proposed solution and avoids intruders pretending to be authentic members of the network(s) by spreading their own public keys. In the last part of the thesis we consider Content Centric Networking (CCN) which is a new routing architecture for the internet of the future. Building on the observation that today's communications are more oriented towards content retrieval (web, P2P, etc.) than point-to-point communications (VoIP, IM, etc.), CCN proposes a radical revision of the Internet architecture switching from named hosts (TCP/IP protocols) to named data to best match its current usage. In a nutshell, content is addressable, routable, self-sufficient and authenticated, while locations no longer matter. Data is seen and identified directly by a routable name instead of a location (the address of the server). Consequently, data is directly requested at the network level not from its holder, hence there is no need for the DNS). To improve content diffusion, CCN relies on data distribution and duplication, because storage is cheaper than bandwidth: every content - particularly popular one - can be replicated and stored on any CCN node, even untrustworthy. People looking for particular content can securely retrieve it in a P2P-way from the best locations available. So far, there has been little investigation of the security of CCNs and there is no specific key management scheme for that. We propose an authentication and key establishment scheme for CCNs in which the contents are authenticated by the content generating node, using pre-distributed shares of encryption keys. The content requesting node can get those shares from any node in the network, even from malicious and intruder ones, in accordance with a key concept of CCNs. In our work we also provide means to protect the distributed shares from modification by these malicious/intruder nodes. The proposed scheme is again an online key generation approach but including a relation between the content and its encryption key. This dependency prevents the attackers from modifying the packet or the key share

Cyber Security

This open access book constitutes the refereed proceedings of the 16th International Annual Conference on Cyber Security, CNCERT 2020, held in Beijing, China, in August 2020. The 17 papers presented were carefully reviewed and selected from 58 submissions. The papers are organized according to the following topical sections: access control; cryptography; denial-of-service attacks; hardware security implementation; intrusion/anomaly detection and malware mitigation; social network security and privacy; systems security

Combining MAS and P2P Systems: The Agent Trees Multi-Agent System (ATMAS)

The seamless retrieval of information distributed across networks has been one of the key goals of many systems. Early solutions involved the use of single static agents which would retrieve the unfiltered data and then process it. However, this was deemed costly and inefficient in terms of the bandwidth since complete files need to be downloaded when only a single value is often all that is required. As a result, mobile agents were developed to filter the data in situ before returning it to the user. However, mobile agents have their own associated problems, namely security and control. The Agent Trees Multi-Agent System (AT-MAS) has been developed to provide the remote processing and filtering capabilities but without the need for mobile code. It is implemented as a Peer to Peer (P2P) network of static intelligent cooperating agents, each of which control one or more data sources. This dissertation describes the two key technologies have directly influenced the design of ATMAS, Peer-to-Peer (P2P) systems and Multi-Agent Systems (MAS). P2P systems are conceptually simple, but limited in power, whereas MAS are significantly more complex but correspondingly more powerful. The resulting system exhibits the power of traditional MAS systems while retaining the simplicity of P2P systems. The dissertation describes the system in detail and analyses its performance