Know Your Enemy: Stealth Configuration-Information Gathering in SDN

Software Defined Networking (SDN) is a network architecture that aims at providing high flexibility through the separation of the network logic from the forwarding functions. The industry has already widely adopted SDN and researchers thoroughly analyzed its vulnerabilities, proposing solutions to improve its security. However, we believe important security aspects of SDN are still left uninvestigated. In this paper, we raise the concern of the possibility for an attacker to obtain knowledge about an SDN network. In particular, we introduce a novel attack, named Know Your Enemy (KYE), by means of which an attacker can gather vital information about the configuration of the network. This information ranges from the configuration of security tools, such as attack detection thresholds for network scanning, to general network policies like QoS and network virtualization. Additionally, we show that an attacker can perform a KYE attack in a stealthy fashion, i.e., without the risk of being detected. We underline that the vulnerability exploited by the KYE attack is proper of SDN and is not present in legacy networks. To address the KYE attack, we also propose an active defense countermeasure based on network flows obfuscation, which considerably increases the complexity for a successful attack. Our solution offers provable security guarantees that can be tailored to the needs of the specific network under consideratio

Finding any Waldo: zero-shot invariant and efficient visual search

Searching for a target object in a cluttered scene constitutes a fundamental challenge in daily vision. Visual search must be selective enough to discriminate the target from distractors, invariant to changes in the appearance of the target, efficient to avoid exhaustive exploration of the image, and must generalize to locate novel target objects with zero-shot training. Previous work has focused on searching for perfect matches of a target after extensive category-specific training. Here we show for the first time that humans can efficiently and invariantly search for natural objects in complex scenes. To gain insight into the mechanisms that guide visual search, we propose a biologically inspired computational model that can locate targets without exhaustive sampling and generalize to novel objects. The model provides an approximation to the mechanisms integrating bottom-up and top-down signals during search in natural scenes.Comment: Number of figures: 6 Number of supplementary figures: 1

The case for absolute ligand discrimination : modeling information processing and decision by immune T cells

Some cells have to take decision based on the quality of surroundings ligands, almost irrespective of their quantity, a problem we name "absolute discrimination". An example of absolute discrimination is recognition of not-self by immune T Cells. We show how the problem of absolute discrimination can be solved by a process called "adaptive sorting". We review several implementations of adaptive sorting, as well as its generic properties such as antagonism. We show how kinetic proofreading with negative feedback implements an approximate version of adaptive sorting in the immune context. Finally, we revisit the decision problem at the cell population level, showing how phenotypic variability and feedbacks between population and single cells are crucial for proper decision

Detection of Distributed Denial of Service Attacks Carried Out by Botnets in Software-Defined Networks

Recent years witnessed a surge in network traffic due to the emergence of new online services, causing periodic saturation and complexity problems. Additionally, the growing number of IoT devices further compounds the problem. Software Defined Network (SDN) is a new architecture which offers innovative advantages that help to reduce saturation problems. Despite its benefits, SDNs not only can be affected by traditional attacks but also introduce new security challenges. In this context, Distributed Denial of Service (DDoS) is one of the most important attacks that can damage an SDN network's normal operation. Furthermore, if these attacks are executed using botnets, they can use thousands of compromised devices to disrupt critical online services. This paper proposes a framework for detecting DDoS attacks generated by a group of botnets in an SDN network. The framework is implemented using open-source tools such as Mininet and OpenDaylight and tested in a centralized network topology using BYOB and SNORT. The results demonstrate real-time attack identification by implementing an intrusion detection mechanism in the victim client. Our proposed solution offers quick and effective detection of DDoS attacks in SDN networks. The framework can successfully differentiate the type of attack with high accuracy in a short tim

The cognitive neuroscience of visual working memory

Visual working memory allows us to temporarily maintain and manipulate visual information in order to solve a task. The study of the brain mechanisms underlying this function began more than half a century ago, with Scoville and Milner’s (1957) seminal discoveries with amnesic patients. This timely collection of papers brings together diverse perspectives on the cognitive neuroscience of visual working memory from multiple fields that have traditionally been fairly disjointed: human neuroimaging, electrophysiological, behavioural and animal lesion studies, investigating both the developing and the adult brain

Interactive visualization of event logs for cybersecurity

Hidden cyber threats revealed with new visualization software Eventpa