3,076 research outputs found

    A Survey on Enterprise Network Security: Asset Behavioral Monitoring and Distributed Attack Detection

    Full text link
    Enterprise networks that host valuable assets and services are popular and frequent targets of distributed network attacks. In order to cope with the ever-increasing threats, industrial and research communities develop systems and methods to monitor the behaviors of their assets and protect them from critical attacks. In this paper, we systematically survey related research articles and industrial systems to highlight the current status of this arms race in enterprise network security. First, we discuss the taxonomy of distributed network attacks on enterprise assets, including distributed denial-of-service (DDoS) and reconnaissance attacks. Second, we review existing methods in monitoring and classifying network behavior of enterprise hosts to verify their benign activities and isolate potential anomalies. Third, state-of-the-art detection methods for distributed network attacks sourced from external attackers are elaborated, highlighting their merits and bottlenecks. Fourth, as programmable networks and machine learning (ML) techniques are increasingly becoming adopted by the community, their current applications in network security are discussed. Finally, we highlight several research gaps on enterprise network security to inspire future research.Comment: Journal paper submitted to Elseive

    Secure Multi-Path Selection with Optimal Controller Placement Using Hybrid Software-Defined Networks with Optimization Algorithm

    Get PDF
    The Internet's growth in popularity requires computer networks for both agility and resilience. Recently, unable to satisfy the computer needs for traditional networking systems. Software Defined Networking (SDN) is known as a paradigm shift in the networking industry. Many organizations are used SDN due to their efficiency of transmission. Striking the right balance between SDN and legacy switching capabilities will enable successful network scenarios in architecture networks. Therefore, this object grand scenario for a hybrid network where the external perimeter transport device is replaced with an SDN device in the service provider network. With the moving away from older networks to SDN, hybrid SDN includes both legacy and SDN switches. Existing models of SDN have limitations such as overfitting, local optimal trapping, and poor path selection efficiency. This paper proposed a Deep Kronecker Neural Network (DKNN) to improve its efficiency with a moderate optimization method for multipath selection in SDN. Dynamic resource scheduling is used for the reward function the learning performance is improved by the deep reinforcement learning (DRL) technique. The controller for centralised SDN acts as a network brain in the control plane. Among the most important duties network is selected for the best SDN controller. It is vulnerable to invasions and the controller becomes a network bottleneck. This study presents an intrusion detection system (IDS) based on the SDN model that runs as an application module within the controller. Therefore, this study suggested the feature extraction and classification of contractive auto-encoder with a triple attention-based classifier. Additionally, this study leveraged the best performing SDN controllers on which many other SDN controllers are based on OpenDayLight (ODL) provides an open northbound API and supports multiple southbound protocols. Therefore, one of the main issues in the multi-controller placement problem (CPP) that addresses needed in the setting of SDN specifically when different aspects in interruption, ability, authenticity and load distribution are being considered. Introducing the scenario concept, CPP is formulated as a robust optimization problem that considers changes in network status due to power outages, controller’s capacity, load fluctuations and changes in switches demand. Therefore, to improve network performance, it is planned to improve the optimal amount of controller placements by simulated annealing using different topologies the modified Dragonfly optimization algorithm (MDOA)

    Deteção de intrusões de rede baseada em anomalias

    Get PDF
    Dissertação de mestrado integrado em Eletrónica Industrial e ComputadoresAo longo dos últimos anos, a segurança de hardware e software tornou-se uma grande preocupação. À medida que a complexidade dos sistemas aumenta, as suas vulnerabilidades a sofisticadas técnicas de ataque têm proporcionalmente escalado. Frequentemente o problema reside na heterogenidade de dispositivos conectados ao veículo, tornando difícil a convergência da monitorização de todos os protocolos num único produto de segurança. Por esse motivo, o mercado requer ferramentas mais avançadas para a monitorizar ambientes críticos à vida humana, tais como os nossos automóveis. Considerando que existem várias formas de interagir com os sistemas de entretenimento do automóvel como o Bluetooth, o Wi-fi ou CDs multimédia, a necessidade de auditar as suas interfaces tornou-se uma prioridade, uma vez que elas representam um sério meio de aceeso à rede interna do carro. Atualmente, os mecanismos de segurança de um carro focam-se na monitotização da rede CAN, deixando para trás as tecnologias referidas e não contemplando os sistemas não críticos. Como exemplo disso, o Bluetooth traz desafios diferentes da rede CAN, uma vez que interage diretamente com o utilizador e está exposto a ataques externos. Uma abordagem alternativa para tornar o automóvel num sistema mais robusto é manter sob supervisão as comunicações que com este são estabelecidas. Ao implementar uma detecção de intrusão baseada em anomalias, esta dissertação visa analisar o protocolo Bluetooth no sentido de identificar interações anormais que possam alertar para uma situação fora dos padrões de utilização. Em última análise, este produto de software embebido incorpora uma grande margem de auto-aprendizagem, que é vital para enfrentar quaisquer ameaças desconhecidas e aumentar os níveis de segurança globais. Ao longo deste documento, apresentamos o estudo do problema seguido de uma metodologia alternativa que implementa um algoritmo baseado numa LSTM para prever a sequência de comandos HCI correspondentes a tráfego Bluetooth normal. Os resultados mostram a forma como esta abordagem pode impactar a deteção de intrusões nestes ambientes ao demonstrar uma grande capacidade para identificar padrões anómalos no conjunto de dados considerado.In the last few years, hardware and software security have become a major concern. As the systems’ complexity increases, its vulnerabilities to several sophisticated attack techniques have escalated likewise. Quite often, the problem lies in the heterogeneity of the devices connected to the vehicle, making it difficult to converge the monitoring systems of all existing protocols into one security product. Thereby, the market requires more refined tools to monitor life-risky environments such as personal vehicles. Considering that there are several ways to interact with the car’s infotainment system, such as Wi-fi, Bluetooth, or CD player, the need to audit these interfaces has become a priority as they represent a serious channel to reach the internal car network. Nowadays, security in car networks focuses on CAN bus monitoring, leaving behind the aforementioned technologies and not contemplating other non-critical systems. As an example of these concerns, Bluetooth brings different challenges compared to CAN as it interacts directly with the user, being exposed to external attacks. An alternative approach to converting modern vehicles and their set of computers into more robust systems is to keep track of established communications with them. By enforcing anomaly-based intrusion detection this dissertation aims to analyze the Bluetooth protocol to identify abnormal user interactions that may alert for a non conforming pattern. Ultimately, such embedded software product incorporates a self-learning edge, which is vital to face newly developed threats and increasing global security levels. Throughout this document, we present the study case followed by an alternative methodology that implements an LSTM based algorithm to predict a sequence of HCI commands corresponding to normal Bluetooth traffic. The results show how this approach can impact intrusion detection in such environments by expressing a high capability of identifying abnormal patterns in the considered data

    SUTMS - Unified Threat Management Framework for Home Networks

    Get PDF
    Home networks were initially designed for web browsing and non-business critical applications. As infrastructure improved, internet broadband costs decreased, and home internet usage transferred to e-commerce and business-critical applications. Today’s home computers host personnel identifiable information and financial data and act as a bridge to corporate networks via remote access technologies like VPN. The expansion of remote work and the transition to cloud computing have broadened the attack surface for potential threats. Home networks have become the extension of critical networks and services, hackers can get access to corporate data by compromising devices attacked to broad- band routers. All these challenges depict the importance of home-based Unified Threat Management (UTM) systems. There is a need of unified threat management framework that is developed specifically for home and small networks to address emerging security challenges. In this research, the proposed Smart Unified Threat Management (SUTMS) framework serves as a comprehensive solution for implementing home network security, incorporating firewall, anti-bot, intrusion detection, and anomaly detection engines into a unified system. SUTMS is able to provide 99.99% accuracy with 56.83% memory improvements. IPS stands out as the most resource-intensive UTM service, SUTMS successfully reduces the performance overhead of IDS by integrating it with the flow detection mod- ule. The artifact employs flow analysis to identify network anomalies and categorizes encrypted traffic according to its abnormalities. SUTMS can be scaled by introducing optional functions, i.e., routing and smart logging (utilizing Apriori algorithms). The research also tackles one of the limitations identified by SUTMS through the introduction of a second artifact called Secure Centralized Management System (SCMS). SCMS is a lightweight asset management platform with built-in security intelligence that can seamlessly integrate with a cloud for real-time updates

    Synthetic Aperture Radar (SAR) Meets Deep Learning

    Get PDF
    This reprint focuses on the application of the combination of synthetic aperture radars and depth learning technology. It aims to further promote the development of SAR image intelligent interpretation technology. A synthetic aperture radar (SAR) is an important active microwave imaging sensor, whose all-day and all-weather working capacity give it an important place in the remote sensing community. Since the United States launched the first SAR satellite, SAR has received much attention in the remote sensing community, e.g., in geological exploration, topographic mapping, disaster forecast, and traffic monitoring. It is valuable and meaningful, therefore, to study SAR-based remote sensing applications. In recent years, deep learning represented by convolution neural networks has promoted significant progress in the computer vision community, e.g., in face recognition, the driverless field and Internet of things (IoT). Deep learning can enable computational models with multiple processing layers to learn data representations with multiple-level abstractions. This can greatly improve the performance of various applications. This reprint provides a platform for researchers to handle the above significant challenges and present their innovative and cutting-edge research results when applying deep learning to SAR in various manuscript types, e.g., articles, letters, reviews and technical reports

    The structure and ecological function of the interactions between plants and arbuscular mycorrhizal fungi through multilayer networks

    Get PDF
    Arbuscular mycorrhizas are one of the most frequent mutualisms in terrestrial ecosystems. Although studies on plant mutualistic interaction networks suggest that they may leave their imprint on plant community structure and dynamics, this has not been explicitly assessed. Thus, in the context of plant-fungi interactions, studies explicitly linking plant-mycorrhizal fungi interaction networks with key ecological functions of plant communities, such as recruitment, are lacking. 2. In this study, we analyse, in two Mediterranean forest communities of southern Iberian Peninsula, how plant-arbuscular mycorrhizal fungi (AMF) networks modulate plant-plant recruitment interaction networks. We use a new approach integrating plant-AMF and plant recruitment networks into a single multilayer structure. We also develop a new metric (Interlayer Node Neighbourhood Integration, INNI) to explore the impact of a given node on the structure across layers. 3. The similarity of plant species in their AMF communities is positively related to the observed frequency of recruitment interactions in the field. Results reveal that properties of plant-AMF networks, such as plant degree and centrality, can explain about the properties of plant recruitment network, such as in-and out-degree (i.e. sapling bank and canopy service) and its modular structure. However, these relationships differed between the two forest communities. Finally, we identify particular AMF that contribute to integrate the neighbourhood of recruitment interactions between plants. 4. This multilayer network approach is useful to explore the role of plant-AMF interactions on recruitment, a key ecosystem function enhanced by fungi. Results provide evidence that the complex structure of plant-AMF interactions impacts functional and structurally plant-plant interactions, which in turn may potentiallyMinisterio de Ciencia e Innovación, Grant/ Award Number: CGL2015-69118- C2- 2- P and PGC2018-100966- B- I0

    Segment Routing based Traffic Engineering

    Get PDF
    In modern networks, the increasing volume of network traffic and the diverse range of services with varying requirements necessitate the implementation of more advanced routing decisions and traffic engineering. This academic study proposes a QoS adaptive mechanism called ”Sepitto”, which utilizes Segment routing protocols, specifically SRv6, to address network-traffic control and congestion avoidance. Sepitto leverages data-plane traffic to convey Linux Qdisc statistics, such as queue size, packet drops, and buffer occupancy, in each Linux-based virtual router. By incorporating this information, edge routers become aware of the current network status, enabling them to make informed decisions regarding traffic paths based on QoS classes. SRv6 is employed to direct traffic along desired paths, avoiding congested links and minimizing queuing delays and overall latency. Moreover, Sepitto offers network administrators an interface to customize decision-making processes based on their policies, assigning costs to network graph edges by associating the provided statistics to a certain cost. To incorporate these costs, the implementation employs the Dijkstra algorithm to determine the path with the lowest cost. Performance analysis of Sepitto reveals minimal overhead compared to traditional routing methods, while effectively mitigating network congestion. The results demonstrate that Sepitto reduces traffic round-trip time during congestion while maintaining differentiated treatment for various QoS classes

    Waks-On/Waks-Off: Fast Oblivious Offline/Online Shuffling and Sorting with Waksman Networks

    Get PDF
    As more privacy-preserving solutions leverage trusted execution environments (TEEs) like Intel SGX, it becomes pertinent that these solutions can by design thwart TEE side-channel attacks that research has brought to light. In particular, such solutions need to be fully oblivious to circumvent leaking private information through memory or timing side channels. In this work, we present fast fully oblivious algorithms for shuffling and sorting data. Oblivious shuffling and sorting are two fundamental primitives that are frequently used for permuting data in privacy-preserving solutions. We present novel oblivious shuffling and sorting algorithms in the offline/online model such that the bulk of the computation can be done in an offline phase that is independent of the data to be permuted. The resulting online phase provides performance improvements over state-of-the-art oblivious shuffling and sorting algorithms both asymptotically (O(βnlogn)O(\beta n\log n) vs. O(βnlog2n)O(\beta n \log^2n)) and concretely (>5×>5\times and >3×>3\times speedups), when permuting nn items each of size β\beta. Our work revisits Waksman networks, and it uses the key observation that setting the control bits of a Waksman network for a uniformly random shuffle is independent of the data to be shuffled. However, setting the control bits of a Waksman network efficiently and fully obliviously poses a challenge, and we provide a novel algorithm to this end. The total costs (inclusive of offline computation) of our WaksShuffle shuffling algorithm and our WaksSort sorting algorithm are lower than all other fully oblivious shuffling and sorting algorithms when the items are at least moderately sized (i.e., β\beta > 1400 B), and the performance gap only widens as the item sizes increase. Furthermore, WaksShuffle improves the online cost of oblivious shuffling by >5×>5\times for shuffling 2202^{20} items of any size; similarly WaksShuffle+QS, our other sorting algorithm, provides >2.7×>2.7\times speedups in the online cost of oblivious sorting

    Spatiotemporal Event Graphs for Dynamic Scene Understanding

    Get PDF
    Dynamic scene understanding is the ability of a computer system to interpret and make sense of the visual information present in a video of a real-world scene. In this thesis, we present a series of frameworks for dynamic scene understanding starting from road event detection from an autonomous driving perspective to complex video activity detection, followed by continual learning approaches for the life-long learning of the models. Firstly, we introduce the ROad event Awareness Dataset (ROAD) for Autonomous Driving, to our knowledge the first of its kind. ROAD is designed to test an autonomous vehicle’s ability to detect road events, defined as triplets composed by an active agent, the action(s) it performs and the corresponding scene locations. Due to the lack of datasets equipped with formally specified logical requirements, we also introduce the ROad event Awareness Dataset with logical Requirements (ROAD-R), the first publicly available dataset for autonomous driving with requirements expressed as logical constraints, as a tool for driving neurosymbolic research in the area. Next, we extend event detection to holistic scene understanding by proposing two complex activity detection methods. In the first method, we present a deformable, spatiotemporal scene graph approach, consisting of three main building blocks: action tube detection, a 3D deformable RoI pooling layer designed for learning the flexible, deformable geometry of the constituent action tubes, and a scene graph constructed by considering all parts as nodes and connecting them based on different semantics. In a second approach evolving from the first, we propose a hybrid graph neural network that combines attention applied to a graph encoding of the local (short-term) dynamic scene with a temporal graph modelling the overall long-duration activity. Our contribution is threefold: i) a feature extraction technique; ii) a method for constructing a local scene graph followed by graph attention, and iii) a graph for temporally connecting all the local dynamic scene graphs. Finally, the last part of the thesis is about presenting a new continual semi-supervised learning (CSSL) paradigm, proposed to the attention of the machine learning community. We also propose to formulate the continual semi-supervised learning problem as a latent-variable

    Compliance analysis for cyber security marine standards : Evaluation of compliance using application lifecycle management tools

    Get PDF
    The aim of this thesis is to analyse cyber security requirements and notations from marine classification societies and other entities to understand how to meet compliance in current cyber security requirements from maritime class societies and other maritime organizations. The methods used in this research involved a desk review of cyber security requirements from IACS members, IACS UR E 27 and IEC 62443, a survey questionnaire of relevant cyber security standards pertinent to maritime product development, and Polarion, an application lifecycle management solution used to synthesize the cyber security requirements from the maritime class societies and determine their correlations to IEC 62443 as a baseline. Results indicate that IEC 62443 correlates to the standards from DNV and IACS (UR E 27) and majority of the requirements were deemed compliant in compliance gap assessments of a maritime product. The conclusion is that IEC 62443 can be utilised as a baseline cyber requirement with a requirements management tool like Polarion to analyse and satisfy compliance requirements from maritime class societies and maritime organizations that base their cyber security requirements according to IACS UR E27 and IEC 62443-3-3 and should be adopted in addressing future compliance analysis of cyber requirements focusing on autonomous shipping
    corecore