THE COLUMBUS GROUND SEGMENT – A PRECURSOR FOR FUTURE MANNED MISSIONS

In the beginning the space programs were self standing national activities, often in competition to other nations. Today space flight becomes more and more an international task. Complex space mission and deep space explorations are not longer to be stemmed by one agency or nation alone but are joint activities of several nations. The best example for such a joint (ad-) venture at the moment is the International Space Station ISS. Such international activities define complete new requirements for the supporting ground segments. The world-wide distribution of a ground segment is not any longer limited to a network of ground stations with the aim to provide a good coverage of the space craft. The coverage is sometimes – like for the ISSanyway ensured by using a relay satellite system instead. In addition to the enhanced down- and uplink methods a ground segment is aimed to connect the different centres of competence of all participating agencies/nations. From the space craft operations point of view such transnational ground segments are required to support distributed and shared operations in a predefined decision/commanding hierarchy. This has to be taken into account in the technical topology as well as for the operational set-up and teaming. Last not least increases the duration of missions, which requires a certain flexibility of the ground segment and long-term maintenance strategies for the ground segment with a special emphasis on nonintrusive replacements. The Russian space station MIR has been in the orbit for about 15 years, the ISS is currently targeted for 2020, to be for over 20 years in space

Impact of denial of service solutions on network quality of service

The Internet has become a universal communication network tool. It has evolved from a platform that supports best-effort traffic to one that now carries different traffic types including those involving continuous media with quality of service (QoS) requirements. As more services are delivered over the Internet, we face increasing risk to their availability given that malicious attacks on those Internet services continue to increase. Several networks have witnessed denial of service (DoS) and distributed denial of service (DDoS) attacks over the past few years which have disrupted QoS of network services, thereby violating the Service Level Agreement (SLA) between the client and the Internet Service Provider (ISP). Hence DoS or DDoS attacks are major threats to network QoS. In this paper we survey techniques and solutions that have been deployed to thwart DoS and DDoS attacks and we evaluate them in terms of their impact on network QoS for Internet services. We also present vulnerabilities that can be exploited for QoS protocols and also affect QoS if exploited. In addition, we also highlight challenges that still need to be addressed to achieve end-to-end QoS with recently proposed DoS/DDoS solutions

The InfoSec Handbook

Computer scienc

Intrusion Detection using Open Source Tools

We have witnessed in the recent years that open source tools have gained popularity among all types of users, from individuals or small businesses to large organizations and enterprises. In this paper we will present three open source IDS tools: OSSEC, Prelude and SNORT.Network security, IDS, IPS, intrusion detection, intrusion prevention, open source

Anonymization of Event Logs for Network Security Monitoring

A managed security service provider (MSSP) must collect security event logs from their customers’ network for monitoring and cybersecurity protection. These logs need to be processed by the MSSP before displaying it to the security operation center (SOC) analysts. The employees generate event logs during their working hours at the customers’ site. One challenge is that collected event logs consist of personally identifiable information (PII) data; visible in clear text to the SOC analysts or any user with access to the SIEM platform. We explore how pseudonymization can be applied to security event logs to help protect individuals’ identities from the SOC analysts while preserving data utility when possible. We compare the impact of using different pseudonymization functions on sensitive information or PII. Non-deterministic methods provide higher level of privacy but reduced utility of the data. Our contribution in this thesis is threefold. First, we study available architectures with different threat models, including their strengths and weaknesses. Second, we study pseudonymization functions and their application to PII fields; we benchmark them individually, as well as in our experimental platform. Last, we obtain valuable feedbacks and lessons from SOC analysts based on their experience. Existing works[43, 44, 48, 39] are generally restricting to the anonymization of the IP traces, which is only one part of the SOC analysts’ investigation of PCAP files inspection. In one of the closest work[47], the authors provide useful, practical anonymization methods for the IP addresses, ports, and raw logs

An Architecture for QoS-capable Integrated Security Gateway to Protect Avionic Data Network

International audienceWhile the use of Internet Protocol (IP) in aviation allows new applications and benefits, it opens the doors for security risks and attacks. Many security mechanisms and solutions have evolved to mitigate the ever continuously increasing number of network attacks. Although these conventional solutions have solved some security problems, they also leave some security holes. Securing open and complex systems have become more and more complicated and obviously, the dependence on a single security mechanism gives a false sense of security while opening the doors for attackers. Hence, to ensure secure networks, several security mechanisms must work together in a harmonic multi-layered way. In addition, if we take QoS requirements into account, the problem becomes more complicated and necessitates in-depth reflexions. In this paper, we present the architecture of our QoS-capable integrated security gateway: a gateway that highly integrates well chosen technologies in the area of network security as well as QoS mechanisms to provide the strongest level of security for avionic data network; our main aim is to provide both multi-layered security and stable performances for critical network applications

The InfoSec Handbook

Computer scienc

Diagnose network failures via data-plane analysis

Diagnosing problems in networks is a time-consuming and error-prone process. Previous tools to assist operators primarily focus on analyzing control plane configuration. Configuration analysis is limited in that it cannot find bugs in router software, and is harder to generalize across protocols since it must model complex configuration languages and dynamic protocol behavior. This paper studies an alternate approach: diagnosing problems through static analysis of the data plane. This approach can catch bugs that are invisible at the level of configuration files, and simplifies unified analysis of a network across many protocols and implementations. We present Anteater, a tool for checking invariants in the data plane. Anteater translates high-level network invariants into boolean satisfiability problems, checks them against network state using a SAT solver, and reports counterexamples if violations have been found. Applied to a large campus network, Anteater revealed 23 bugs, including forwarding loops and stale ACL rules, with only five false positives. Nine of these faults are being fixed by campus network operators

A Machine Learning Enhanced Scheme for Intelligent Network Management

The versatile networking services bring about huge influence on daily living styles while the amount and diversity of services cause high complexity of network systems. The network scale and complexity grow with the increasing infrastructure apparatuses, networking function, networking slices, and underlying architecture evolution. The conventional way is manual administration to maintain the large and complex platform, which makes effective and insightful management troublesome. A feasible and promising scheme is to extract insightful information from largely produced network data. The goal of this thesis is to use learning-based algorithms inspired by machine learning communities to discover valuable knowledge from substantial network data, which directly promotes intelligent management and maintenance. In the thesis, the management and maintenance focus on two schemes: network anomalies detection and root causes localization; critical traffic resource control and optimization. Firstly, the abundant network data wrap up informative messages but its heterogeneity and perplexity make diagnosis challenging. For unstructured logs, abstract and formatted log templates are extracted to regulate log records. An in-depth analysis framework based on heterogeneous data is proposed in order to detect the occurrence of faults and anomalies. It employs representation learning methods to map unstructured data into numerical features, and fuses the extracted feature for network anomaly and fault detection. The representation learning makes use of word2vec-based embedding technologies for semantic expression. Next, the fault and anomaly detection solely unveils the occurrence of events while failing to figure out the root causes for useful administration so that the fault localization opens a gate to narrow down the source of systematic anomalies. The extracted features are formed as the anomaly degree coupled with an importance ranking method to highlight the locations of anomalies in network systems. Two types of ranking modes are instantiated by PageRank and operation errors for jointly highlighting latent issue of locations. Besides the fault and anomaly detection, network traffic engineering deals with network communication and computation resource to optimize data traffic transferring efficiency. Especially when network traffic are constrained with communication conditions, a pro-active path planning scheme is helpful for efficient traffic controlling actions. Then a learning-based traffic planning algorithm is proposed based on sequence-to-sequence model to discover hidden reasonable paths from abundant traffic history data over the Software Defined Network architecture. Finally, traffic engineering merely based on empirical data is likely to result in stale and sub-optimal solutions, even ending up with worse situations. A resilient mechanism is required to adapt network flows based on context into a dynamic environment. Thus, a reinforcement learning-based scheme is put forward for dynamic data forwarding considering network resource status, which explicitly presents a promising performance improvement. In the end, the proposed anomaly processing framework strengthens the analysis and diagnosis for network system administrators through synthesized fault detection and root cause localization. The learning-based traffic engineering stimulates networking flow management via experienced data and further shows a promising direction of flexible traffic adjustment for ever-changing environments

Implementation of realistic scenarios for ground truth purposes

Mestrado em Engenharia Electrónica e TelecomunicaçõesA segurança em redes de telecomunicações é um tópico que desde sempre gerou preocupação em todos os meios (instituições, empresas e outros) que utilizam estas redes. Novas ameaças ou mutações de ameaças já existentes surgem a uma elevada velocidade e os meios disponíveis parecem não ser suficientes para uma detecção positiva das mesmas. As respostas actuais para combater estas ameaças baseiam-se numa análise em tempo real do tráfego ou num treino prévio que muitas vezes tem que ser supervisionado por um ser humano que, dependendo da sua experiência na área pode estar a criar uma falha de segurança no sistema sem se aperceber do sucedido. Novas técnicas surgem para uma detecção eficaz de muitos ataques ou anomalias. No entanto, estas técnicas devem ser testadas de modo a validar o seu correcto funcionamento e, nesse sentido, são precisos fluxos de tráfego gerados na rede que possam ser utilizados sem comprometer a confidencialidade dos utilizadores e que obedeçam a critérios préestabelecidos. Com esta dissertação pretende-se constituir um conjunto de dados fiável e o mais abrangente possível de um conjunto de cenários realistas de rede, através da emulação em ambiente controlado de diferentes topologias, diferentes serviços e padrões de tráfego. Um outro objectivo fundamental deste trabalho passa por disponibilizar os dados obtidos à comunidade científica de modo a criar uma base de dados uniforme que permita avaliar o desempenho de novas metodologias de detecção de anomalias que venham a ser propostas. ABSTRACT: Security in telecommunication networks is a topic that has caused a lot of worries to network users (institutions, enterprises and others). New threats or mutations of existing ones appear at a very fast rate and the available solutions seem not to be enough for a positive detection of these threats. The solutions that are nowadays used to fight these threats require the realtime analysis of the network traffic or have to be previously trained. Most of the times, this training has to be supervised by a human being that, depending on his experience, can create a security breach in the system without knowing it. New techniques have been proposed in order to more efficiently detect many security attacks or threats. However, these techniques need to be tested in order to validate their correct functioning and, in order to do that, network traffic flows that can be used without compromising the users confidentiality and that obey to a pre-established criteria are needed. This dissertation intends to establish a set of trustworthy data as extensive as possible from a set of realistic network scenarios. Network emulation techniques will be used in a controlled environment, building different network topologies, with different services and traffic patterns. Another main objective of this work it is to make all this obtained data available to the scientific community in order to create a uniform data base that will allow the performance evaluation of new anomaly detection methodologies that can be proposed in the future