Definición de un sistema de detección y prevención de intrusos en una red para el control de vulnerabilidades usando software libre.

Una intrusión puede denominarse una entrada no autorizada a la propiedad o área de otra persona, pero en términos de seguridad Informática y de equipos de cómputo, son las actividades que comprometen los objetivos básicos de seguridad de una red que son. Confidencialidad, integridad y privacidad. La detección de intrusos es el proceso de monitorear los eventos que ocurren en un sistema informático o red y analizarlos para detectar posibles incidentes de amenazas y violaciones de las prácticas de seguridad informática, políticas de uso aceptable o políticas de seguridad estándar. Uno de los objetivos que se presenta es el de Proteger de ataques e intrusiones a las redes de una empresa. El sistema de detección de intrusos (IDS) es un componente de software o hardware que automatiza el proceso de detección de intrusos, está diseñado para monitorear los eventos que ocurren en un sistema y red de equipos y responde a los eventos con signos de posibles incidentes de violaciones de las políticas de seguridad. El Sistema de Prevención de Intrusiones (IPS), por otro lado, es la tecnología de detección de actividades de intrusión o amenaza y de tomar medidas preventivas para aprovecharlas. Combina el conocimiento de IDS de forma automatizada. La intrusión en los sistemas produce daños y pérdidas económicas que pueden ser mitigadas con una implementación técnica de (IDS), por lo tanto, es de vital importancia blindar la redes para que se eviten estos ataques mediante la definición de un sistema de detección y prevención de intrusos en una red lo que permitirá el control de la vulnerabilidad todo esto apoyado por el uso de software libre. PALABRAS CLAVE: Redes, Software Libre, (IDS)An intrusion can be called an unauthorized entry to the property or area of another person, but in terms of IT security and computer equipment, they are the activities that compromise the basic security objectives of a network that they are. Confidentiality, integrity and privacy. Intrusion detection is the process of monitoring events that occur on a computer system or network and analyzing them for potential threat incidents and violations of computer security practices, acceptable use policies, or standard security policies. One of the objectives presented is to protect a company's networks from attacks and intrusions. The intrusion detection system (IDS) is a software or hardware component that automates the intrusion detection process, is designed to monitor events that occur in a system and equipment network and responds to events with signs of possible incidents of violations of security policies. The Intrusion Prevention System (IPS), on the other hand, is the technology for detecting intrusion or threat activities and taking preventive measures to take advantage of them. It combines the knowledge of IDS in an automated way. The intrusion in the systems produces damages and economic losses that can be mitigated with a technical implementation of (IDS), therefore, it is of vital importance to shield the networks so that these attacks are avoided by defining a detection and prevention system of intruders in a network which will allow the control of the vulnerability all this supported by the use of free software. KEY WORDS: Networks, Free Software, (IDS

Detecting Anomalies in VoIP traffic usign Principal Components Analysis

The idea of using a method based on Principal Components Analysis to detect anomalies in network's traffic was first introduced by A. Lakina, M. Crovella and C. Diot in an article published in 2004 called “Diagnosing Network­Wide Traffic Anomalies” [1]. They proposed a general method to diagnose traffic anomalies, using PCA to effectively separate the high­dimensional space occupied by a set of network traffic measurements into disjoint subspaces corresponding to normal and anomalous network conditions. This algorithm was tested in subsequent works, taking into consideration different characteristics of IP traffic over a network (such as byte counts, packet counts, IP­flow counts, etc...) [2]. The proposal of using entropy as a summarization tool inside the algorithm led to significant advances in terms or possibility of analyzing massive data sources [3]; but this type of AD method still lacked the possibility of recognizing the users responsible of the anomalies detected. This last step was obtained using random aggregations of the IP flows, by means of sketches [4], leading to better performances in the detection of anomalies and to the possibility of identifying the responsible IP flows. This version of the algorithm has been implemented by C. Callegari and L. Gazzarini, in Universitá di Pisa, in an AD software, described in [5], for analyzing IP traffic traces and detecting anomalies in them. Our work consisted in adapting this software (designed for working with IP traffic traces) for using it with VoIP Call Data Records, in order to test its applicability as an Anomaly Detection system for voice traffic. We then used our modified version of the software to scan a real VoIP traffic trace, obtained by a telephonic operator, in order to analyze the software's performances in a real environment situation. We used two different types of analysis on the same traffic trace, in order to understand software's features and limits, other than its possibility of application in AD problematics. As we discovered that the software's performances are heavily dependent on the input parameters used in the analysis, we concluded with several tests performed using artificially created anomalies, in order to understand the relationships between each input parameter's value and the software's capability of detecting different types of anomalies. The different analysis performed, in the ending, led us to some considerations upon the possibility of applying this PCA's based software as an Anomaly Detector in VoIP environments. At the best of our knowledge this is the first time a technique based on Principal Components Analysis is used to detect anomalous users in VoIP traffic; in more detail our contribution consisted in: • Creating a version of an AD software based on PCA that could be used on VoIP traffic traces • Testing the software's performances on a real traffic trace, obtained by a telephonic operator • From the first tests, analyzing the appropriate parameters' values that permitted us to obtain results that could be useful for detecting anomalous users in a VoIP environment Observing the types of users detected using the software on this trace and classify them, according to their behavior during the whole duration of the trace Analyzing how the parameters' choice impact the type of detections obtained from the analysis and testing which are the best choices for detecting each type of anomalous users Proposing a new kind of application of the software that avoids the biggest limitation of the first type of analysis (that we will see that is the impossibility of detecting more than one anomalous user per time­bin) Testing the software's performances with this new type of analysis, observing also how this different type of applications impacts the results' dependence from the input parameters Comparing the software's ability of detecting anomalous users with another type of AD software that works on the same type of trace (VoIP SEAL) Modifying the trace in order to obtain, from the real trace, a version cleaned from all the detectable anomalies, in order to add in that trace artificial anomalies Testing the software's performances in detecting different type of artificial anomalies Analyzing in more detail the software's sensibility from the input parameters, when used for detecting artificially created anomalies Comparing results and observations obtained from these different types of analysis to derive a global analysis of the characteristics of an Anomaly Detector based on Principal Components Analysis, its values and its lacks when applying it on a VoIP trace The structure of our work is the following: 1. We will start analyzing the PCA theory, describing the structure of the algorithm used in our software, his features and the type of data it needs to be used as an Anomaly Detection system for VoIP traffic. 2. Then, after shortly describing the type of trace we used to test our software, we will introduce the first type of analysis performed, the single round analysis, pointing out the results obtained and their dependence from the parameters' values. 3. In the following section we will focus on a different type of analysis, the multiple round analysis, that we introduced to test the software's performances, removing its biggest limitation (the impossibility of detecting more than one user per time­bin); we will describe the results obtained, comparing them with the ones obtained with the single round analysis, check their dependence from the parameters and compare the performances with the ones obtained using another type of AD software (VoIP SEAL) on the same trace. 4. We will then consider the results and observations obtained testing our software using artificial anomalies added on a “cleaned” version of our original trace (in which we removed all the anomalous users detectable with our software), comparing the software's performances in detecting different types of anomalies and analyzing in detail their dependence from the parameters' values. 5. At last we will describe our conclusions, derived using all the observations obtained with different types of analysis, about the applicability of a software based on PCA as an Anomaly Detector in a VoIP environment

Intrusion detection and response model for mobile ad hoc networks.

This dissertation presents a research whose objective is to design and develop an intrusion detection and response model for Mobile Ad hoc NETworks (MANET). Mobile ad hoc networks are infrastructure-free, pervasive and ubiquitous in nature, without any centralized authority. These unique MANET characteristics present several changes to secure them. The proposed security model is called the Intrusion Detection and Response for Mobile Ad hoc Networks (IDRMAN). The goal of the proposed model is to provide a security framework that will detect various attacks and take appropriate measures to control the attack automatically. This model is based on identifying critical system parameters of a MANET that are affected by various types of attacks, and continuously monitoring the values of these parameters to detect and respond to attacks. This dissertation explains the design and development of the detection framework and the response framework of the IDRMAN. The main aspects of the detection framework are data mining using CART to identify attack sensitive network parameters from the wealth of raw network data, statistical processing using six sigma to identify the thresholds for the attack sensitive parameters and quantification of the MANET node state through a measure called the Threat Index (TI) using fuzzy logic methodology. The main aspects of the response framework are intruder identification and intruder isolation through response action plans. The effectiveness of the detection and response framework is mathematically analyzed using probability techniques. The detection framework is also evaluated by performance comparison experiments with related models, and through performance evaluation experiments from scalability perspective. Performance metrics used for assessing the detection aspect of the proposed model are detection rate and false positive rate at different node mobility speed. Performance evaluation experiments for scalability are with respect to the size of the MANET, where more and more mobile nodes are added into the MANET at varied mobility speed. The results of both the mathematical analysis and the performance evaluation experiments demonstrate that the IDRMAN model is an effective and viable security model for MANET

Project portfolio management : a model for improved decision making

The recent global financial crisis, regulatory and compliance requirements placed on organisations, and the need for scientific research in the project portfolio management discipline were factors that motivated this research. The interest and contribution to the body of knowledge in project portfolio management has been growing significantly in recent years, however, there still appears to be a misalignment between literature and practice. A particular area of concern is the decision-making, during the management of the portfolio, regarding which projects to accelerate, suspend, or terminate. A lack of determining the individual and cumulative contribution of projects to strategic objectives leads to poorly informed decisions that negate the positive effect that project portfolio management could have in an organisation. The focus of this research is, therefore, aimed at providing a mechanism to determine the individual and cumulative contribution of projects to strategic objectives so that the right decisions can be made regarding those projects. This thesis begins with providing a context for project portfolio management by confirming a definition and providing a theoretical background through related theories. An investigation into the practice of project portfolio management then provides insight into the alignment between literature and practice and confirms the problem that needed to be addressed. A conceptual model provides a solution to the problem of determining the individual and cumulative contribution of projects to strategic objectives. The researcher illustrates how the model can be extended before verifying and validating the conceptual model. Having the ability to determine the contributions of projects to strategic objectives affords decision makers the opportunity to conduct what-if scenarios, enabled through the use of dashboards as a visualization technique, in order to test the impact of their decisions before committing them. This ensures that the right decisions regarding the project portfolio are made and that the maximum benefit regarding the strategic objectives is achieved. This research provides the mechanism to enable better-informed decision- making regarding the project portfolio.ComputingD. Phil. (Computer science