Robust dynamic network traffic partitioning against malicious attacks

The continual growth of network traffic rates leads to heavy packet processing overheads, and a typical solution is to partition traffic into multiple network processors for parallel processing especially in emerging software-defined networks. This paper is thus motivated to propose a robust dynamic network traffic partitioning scheme to defend against malicious attacks. After introducing the conceptual framework of dynamic network traffic partitioning based on flow tables, we strengthen its TCP connection management by building a half-open connection separation mechanism to isolate false connections in the initial connection table (ICT). Then, the lookup performance of the ICT table is reinforced by applying counting bloom filters to cope with malicious behaviors such as SYN flooding attacks. Finally, we evaluate the performance of our proposed traffic partitioning scheme with real network traffic traces and simulated malicious traffic by experiments. Experimental results indicate that our proposed scheme outperforms the conventional ones in terms of packet distribution performance especially robustness against malicious attacks

Internet of Things From Hype to Reality

The Internet of Things (IoT) has gained significant mindshare, let alone attention, in academia and the industry especially over the past few years. The reasons behind this interest are the potential capabilities that IoT promises to offer. On the personal level, it paints a picture of a future world where all the things in our ambient environment are connected to the Internet and seamlessly communicate with each other to operate intelligently. The ultimate goal is to enable objects around us to efficiently sense our surroundings, inexpensively communicate, and ultimately create a better environment for us: one where everyday objects act based on what we need and like without explicit instructions

ProtoMon: Embedded Monitors for Cryptographic Protocol Intrusion Detection and Prevention

Intrusion Detection Systems (IDS) are responsible for monitoring and analyzing host or network activity to detect intrusions in order to protect information from unauthorized access or manipulation. There are two main approaches for intrusion detection: signature-based and anomaly-based. Signature-based detection employs pattern matching to match attack signatures with observed data making it ideal for detecting known attacks. However, it cannot detect unknown attacks for which there is no signature available. Anomaly-based detection uses machine-learning techniques to create a profile of normal system behavior and uses this profile to detect deviations from the normal behavior. Although this technique is effective in detecting unknown attacks, it has a drawback of a high false alarm rate. In this paper, we describe our anomaly-based IDS designed for detecting malicious use of cryptographic and application-level protocols. Our system has several unique characteristics and benefits, such as the ability to monitor cryptographic protocols and application-level protocols embedded in encrypted sessions, a very lightweight monitoring process, and the ability to react to protocol misuse by modifying protocol response directly

Hijacking User Uploads to Online Persistent Data Repositories for Covert Data Exfiltration

As malware has evolved over the years, it has gone from harmless programs that copy themselves into other executables to modern day botnets that perform bank fraud and identity theft. Modern malware often has a need to communicate back to the author, or other machines that are also infected. Several techniques for transmitting this data covertly have been developed over the years which vary significantly in their level of sophistication. This research creates a new covert channel technique for stealing information from a network by piggybacking on user-generated network traffic. Specifically, steganography drop boxes and passive covert channels are merged to create a novel covert data exfiltration technique. This technique revolves around altering user supplied data being uploaded to online repositories such as image hosting websites. It specifically targets devices that are often used to generate and upload content to the Internet, such as smartphones. The reliability of this technique is tested by creating a simulated version of Flickr as well as simulating how smartphone users interact with the service. Two different algorithms for recovering the exfiltrated data are compared. The results show a clear improvement for algorithms that are user-aware. The results continue on to compare performance for varying rates of infection of mobile devices and show that performance is proportional to the infection rate

Selected Computing Research Papers Volume 1 June 2012

An Evaluation of Anti-phishing Solutions (Arinze Bona Umeaku) ..................................... 1 A Detailed Analysis of Current Biometric Research Aimed at Improving Online Authentication Systems (Daniel Brown) .............................................................................. 7 An Evaluation of Current Intrusion Detection Systems Research (Gavin Alexander Burns) .................................................................................................... 13 An Analysis of Current Research on Quantum Key Distribution (Mark Lorraine) ............ 19 A Critical Review of Current Distributed Denial of Service Prevention Methodologies (Paul Mains) ............................................................................................... 29 An Evaluation of Current Computing Methodologies Aimed at Improving the Prevention of SQL Injection Attacks in Web Based Applications (Niall Marsh) .............. 39 An Evaluation of Proposals to Detect Cheating in Multiplayer Online Games (Bradley Peacock) ............................................................................................................... 45 An Empirical Study of Security Techniques Used In Online Banking (Rajinder D G Singh) .......................................................................................................... 51 A Critical Study on Proposed Firewall Implementation Methods in Modern Networks (Loghin Tivig) .................................................................................................... 5

Strategically Addressing the Latest Challenges of Workplace Mobility to Meet the Increasing Mobile Usage Demands

During this post-PC era, many organizations are embracing the concept of IT consumerization/ Bring-Your-Own Device (BYOD) in their workplace. BYOD is a strategy that enables employees to utilize their personally-owned mobile devices, such as smart phones, tablets, laptops, and netbooks, to connect to the corporate network and access enterprise data. It is estimated that employees will bring two to four Internet-capable devices to work for personal and professional activities. From increased employee satisfaction and productivity to lower IT equipment and operational expenditures, companies have recognized that mobile devices are reasonably essential to their own success. However, many organizations are facing significant challenges with the explosion of mobile devices being used today along with provisioning the appropriate supporting infrastructure due to the unprecedented demands on the wireless and network infrastructures. For example, there is not only a growth in the number of wirelessly connected devices but the amount of bandwidth being consumed on the enterprise networks as well which is furthermore driven by increased usage of video and enterprise applications. Managing mobility and storage along with securing corporate assets have become difficult tasks for IT professionals as many organizations underestimate the potential security and privacy risks of using wireless devices to access organizational resources and data. Therefore, to address the needs and requirements of a new mobile workforce, organizations must involve key members from the Information Technology (IT), Human Resources (HR) and various business units to evaluate the existing and emerging issues and risks posed by BYOD. Then a mobile strategy should be developed by taking into consideration the enterprise objectives to ensure it aligns with the overall organizational strategy. There are various solutions available to address the needs and demands of an organization, such as Distributed Intelligence Architecture, network optimization, monitoring tools, unified management and security platforms, and other security measures. By implementing a suitable mobile strategy, organizations can ensure their particular enterprise network and wireless architecture is designed for highly scalability, performance and reliability. They must also evaluate their existing policies and procedures to ensure appropriate security and privacy measures are in place to address the increasing mobile usage demands and potential liability risks. By taking these factors into consideration, our team has analyzed the current BYOD issues for Educational Testing Service (ETS), which is a non-profit organization based in Princeton, New Jersey. Our findings have revealed a few major technical concerns relating to inadequate network and wireless infrastructure and the lack of a unified management and security platform. Thus, the team has recommended for ETS to implement Distributed Intelligence Architecture, network optimization and Enterprise Mobility Management (EMM) to address and resolve their current issues and risks. In conclusion, companies are beginning to seize this transition in order to become competitive and productive in the workplace; however the unprecedented demands on the corporate network and risk to data security are critical aspects that need to be evaluated on an on-going basis. With this analysis, organizations can review, evaluate and implement the proposed solutions and best practices to address the most common BYOD-related issues that companies are facing these days. However, organizations should continually research the latest technologies that may be available and implement solutions that specifically meet their issues

Unauthorized Access

Going beyond current books on privacy and security, this book proposes specific solutions to public policy issues pertaining to online privacy and security. Requiring no technical or legal expertise, it provides a practical framework to address ethical and legal issues. The authors explore the well-established connection between social norms, privacy, security, and technological structure. They also discuss how rapid technological developments have created novel situations that lack relevant norms and present ways to develop these norms for protecting informational privacy and ensuring sufficient information security

Distinguishing Internet-facing ICS devices using PLC programming information

The Shodan search engine reveals Industrial Control System (ICS) devices around the globe are directly connected to the Internet. After Shodan\u27s inception in 2009, multiple news reports have focused on the increased threat to infrastructure posed by Shodan. While no attacks to date have been directly attributed to Shodan searches, its existence provides an anonymous reconnaissance platform that facilitates ICS targeting for those actors with both a desire and capability to carry out attacks. Recent research has demonstrated that simple search queries return thousands of ICS devices indexed by Shodan, and the number of newly indexed ICS devices is growing. This research discusses the method used to distinguish the Internet-facing ICS devices indexed by the Shodan search engine. PLC code is obtained by sending specifically crafted CIP request messages to the devices, capitalizing on the fact that authentication is not built in to the CIP application layer protocol. This data allows categorization of Internet-facing devices by comparing PLC code attributes. The results of this research show PLC code can be collected from Internet-facing ICS devices with no significant impact to task execution times. Also, this research demonstrates a method to distinguish Internet-facing ICS devices by function and by Critical Infrastructure sector. This capability develops an understanding of the function and purpose of ICS devices that are being connected to the Internet

The Politics of Micro-Decisions

Be it in the case of opening a website, sending an email, or high-frequency trading, bits and bytes of information have to cross numerous nodes at which micro-decisions are made. These decisions concern the most efficient path through the network, the processing speed, or the priority of incoming data packets. Despite their multifaceted nature, micro-decisions are a dimension of control and surveillance in the twenty-first century that has received little critical attention. They represent the smallest unit and the technical precondition of a contemporary network politics – and of our potential opposition to it. The current debates regarding net neutrality and Edward Snowden’s revelation of NSA surveillance are only the tip of the iceberg. What is at stake is nothing less than the future of the Internet as we know it

The InfoSec Handbook

Computer scienc