SANA - Network Protection through artificial Immunity

Current network protection systems use a collection of intelligent components - e.g. classifiers or rule-based firewall systems to detect intrusions and anomalies and to secure a network against viruses, worms, or trojans. However, these network systems rely on individuality and support an architecture with less collaborative work of the protection components. They give less administration support for maintenance, but offer a large number of individual single points of failures - an ideal situation for network attacks to succeed. In this work, we discuss the required features, the performance, and the problems of a distributed protection system called SANA. It consists of a cooperative architecture, it is motivated by the human immune system, where the components correspond to artificial immune cells that are connected for their collaborative work. SANA promises a better protection against intruders than common known protection systems through an adaptive self-management while keeping the resources efficiently by an intelligent reduction of redundant tasks. We introduce a library of several novel and common used protection components and evaluate the performance of SANA by a proof-of-concept implementation.Comment: 5 page

An Evolutionary Algorithm to Generate Ellipsoid Detectors for Negative Selection

Negative selection is a process from the biological immune system that can be applied to two-class (self and nonself) classification problems. Negative selection uses only one class (self) for training, which results in detectors for the other class (nonself). This paradigm is especially useful for problems in which only one class is available for training, such as network intrusion detection. Previous work has investigated hyper-rectangles and hyper-spheres as geometric detectors. This work proposes ellipsoids as geometric detectors. First, the author establishes a mathematical model for ellipsoids. He develops an algorithm to generate ellipsoids by training on only one class of data. Ellipsoid mutation operators, an objective function, and a convergence technique are described for the evolutionary algorithm that generates ellipsoid detectors. Testing on several data sets validates this approach by showing that the algorithm generates good ellipsoid detectors. Against artificial data sets, the detectors generated by the algorithm match more than 90% of nonself data with no false alarms. Against a subset of data from the 1999 DARPA MIT intrusion detection data, the ellipsoids generated by the algorithm detected approximately 98% of nonself (intrusions) with an approximate 0% false alarm rate

Service Oriented Architecture in Network Security - a novel Organisation in Security Systems

Current network security systems are a collection of various security components, which are directly installed in the operating system. These check the whole node for suspicious behaviour. Armouring intrusions e.g. have the ability to hide themselves from being checked. We present in this paper an alternative organisation of security systems. The node is completely virtualized with current virtualization systems so that the operating system with applications and the security system is distinguished. The security system then checks the node from outside and the right security components are provided through a service oriented architecture. Due to the running in a virtual machine, the infected nodes can be halted, duplicated, and moved to other nodes for further analysis and legal aspects. This organisation is in this article analysed and a preliminary implementation showing promising results are discussed.Comment: 4 page

Inside all-optical networks

Imagine a world where lightning speed Internet is as common as telephones today. Imagine when light, the fastest moving thing in the universe, is the signal-carrying transport medium. Imagine when bandwidth no more remains a constraint for any application. Imagine when imagination is the only limit! This all can be made possible with only one technology and that is optical communication. Optical networks have thus far provided a realization to a greater extent to the unlimited bandwidth dreams of this era, but as the demands are increasing, the electro-optic conversions seem to become bottlenecks in blended optical networks. The only answer to this is a complete migration to `All-Optical Networks\u27 (AONs) which promise an end-to-end optical transmission. This thesis will investigate various aspects of all-optical networks and prove that AONs perform better than currently existing electro-optical networks. In today\u27s\u27 electro-optical networks, routing and switching is performed in electronic domain. Performance analysis of electro-optical and all-optical networks would include node utilization, link utilization and percentage of traffic routed. It will be shown through Opnet Transport Planner simulations that AONs work better under various traffic conditions. The coming decade will see a great boom in demands on telecommunications networks. The development in bandwidth-hungry applications like real-time video transmission, telemedicine, distance learning and video on demand require both an unlimited amount of bandwidth and dependable QoS. It is well understood that electrically switched networks and copper cables will not be able to meet the future network demands effectively. The world has already agreed to move towards optical communication techniques through the introduction of fiber in access parts of the networks replacing copper. Now the race is to bring optics in higher layers of OSI reference model. Optical communication is on the horizon, and new discoveries are still underway to add to the value of available bandwidth through this technology. My research thesis will primarily focus on the design, architecture and network properties of AONs and challenges being faced by AONs in commercial deployment. Optical components required in AONs will be explored. A comparison between AONs and electro-optical networks will also be shown through optical transport planner simulations

Investigating Privacy and Security of Cloud-Connected Autonomous Vehicles

Autonomous cars are intelligent systems that can do Physical tasks without human interaction and are used in Industrial environments, transport, and the military, one of most powerful feature of this technology is that possess intelligent agents that can learn from their environment, furthermore, they have several sensors with connectivity between them. Nowadays most of the car manufacturer use autonomous features like lane-keeping, Adaptive Cruise Control (ACC), advance driver assistance system and automatic parking system resulting in a rapid increase in research of autonomous vehicles e.g. in 2004 and 2005 DARPA challenges for vehicles to autonomously navigate via desert terrain, moreover, the DARPA challenge in 2007 developed and tested cars that independently explored via a mock urban condition amid traffic. Vehicles have huge potential in improving road safety, providing convenience; reducing emissions and congestion by communicating with another vehicle within the same network furthermore, in case of emergency they can also notify other vehicles of the incident. Much architecture for communication between vehicles is centralized, typically using cloud servers. The security and trust of that communication are paramount. Therefore, this research aimed to propose a novel method that can insure data security in the cloud by encrypting and fragmenting data to increase the uncertainty for an attacker so as a result, it becomes difficult for hackers to compromise the confidentiality and integrity of data residing in the cloud. This research presents experimental results in terms of time, CPU utilization and size which allowed to determine the most effective method for securing data in the cloud and hence making it difficult for a hacker to reconstruct data. Splitting and encrypting different size of video and text file or encrypting the whole file shows that less time, CPU usage and size is taken in splitting and encrypting 5KB rather than other sizes or encrypting the whole file, so it saves CPU utilization, time and storage, hence, it is the ideal size as it minimizes the CPU resources and memory as compared to different size fragments. The privacy of data is at a higher level preventing a hacker from accessing the data as it is shared in multiple clouds, furthermore, the proposed technique also proposed a mechanism which ensures the data integrity and confidentiality by encrypting the data header hence making it almost impossible for hacker to reconstruct the original data even if it been hacked by man in middle attack. Finally, the experimental results shows that this method can overcome the issue of overhead in transmission and as a result, makes it an efficient and effective mechanism to encounter the data security problem