A Channel State Information Based Virtual MAC Spoofing Detector

Physical layer security has attracted lots of attention with the expansion of wireless devices to the edge networks in recent years. Due to limited authentication mechanisms, MAC spoofing attack, also known as the identity attack, threatens wireless systems. In this paper, we study a new type of MAC spoofing attack, the virtual MAC spoofing attack, in a tight environment with strong spatial similarities, which can create multiple counterfeits entities powered by the virtualization technologies to interrupt regular services. We develop a system to effectively detect such virtual MAC spoofing attacks via the deep learning method as a countermeasure. A deep convolutional neural network is constructed to analyze signal level information extracted from Channel State Information (CSI) between the communication peers to provide additional authentication protection at the physical layer. A significant merit of the proposed detection system is that this system can distinguish two different devices even at the same location, which was not well addressed by the existing approaches. Our extensive experimental results demonstrate the effectiveness of the system with an average detection accuracy of 95%, even when devices are co-located

Evaluating Two Hands-On Tools for Teaching Local Area Network Vulnerabilities

According to the Verizon’s Data Breach Investigations Report, Local Area Network (LAN) access is the top vector for insider threats and misuses. It is critical for students to learn these vulnerabilities, understand the mechanisms of exploits, and know the countermeasures. The department of Computer Science at North Carolina A&T State University designed two different educational tools that help students learn ARP Spoofing Attacks, which is the most popular attack on LAN. The first tool, called Hacker’s Graphical User Interface (HGUI), is a visualization tool that demonstrates ARP Spoofing Attack with real time animation. The second tool is a hands-on (HandsOn) tool that asks students to perform an ARP Spoofing Attack by manually creating ARP reply packets. It was demonstrated in previous research that both tools enhanced students’ learning. In this paper, we are going to scientifically evaluate and compare the effectiveness of these two tools. We divided the class of forty-five students randomly into two groups. Group A was assigned HGUI lab and the Group B was assigned the HandsOn lab. The labs were assigned as a one and half week homework assignments. Both groups were given a pre-survey and a pre-quiz before the lab. After they submitted the lab, we gave them a post-survey and a post quiz. The analysis shows that prior to the labs, students in both groups have almost identical background in the knowledge of ARP Spoofing. After the lab, both groups made statistically significant improvements. Although group A did better on survey and group B did better on quiz, it is not statistically significant enough to draw a definitive conclusion according to the student’s t-test result. Also, in analyzing survey results, we found that actively reading cyber security related articles is a more significant contributing factor in students’ knowledge in the subject matter than other factors including having formal training or taking cyber security classes

Q-learning based distributed denial of service detection

Distributed denial of service (DDoS) attacks the target service providers by sending a huge amount of traffic to prevent legitimate users from getting the service. These attacks become more challenging in the software-defined network paradigm, due to the separation of the control plane from the data plane. Centralized software defined networks are more vulnerable to DDoS attacks that may cause the failure of all networks. In this work, a new approach is proposed based on q-learning to enhance the detection of DDoS attacks and reduce false positives and false negatives. The results of this work are compared with entropy detection in terms of the number of received packets to detect the attack and also the continuity of service for legitimate users. Moreover, these results indicate that the proposed system detects the DDoS attack from flash crowds and redirects the traffic to the edge of the data center. A second controller is used to redirect traffic to a honeypot server that works as a mirror server. This guarantees the continuity of service for both normal and suspected traffic until further analysis is done. The results indicate an increase of up to 50% in the throughput compared to other approaches

Network Forensics Against Address Resolution Protocol Spoofing Attacks Using Trigger, Acquire, Analysis, Report, Action Method

This study aims to obtain attack evidence and reconstruct commonly used address resolution protocol attacks as a first step to launch a moderately malicious attack. MiTM and DoS are the initiations of ARP spoofing attacks that are used as a follow-up attack from ARP spoofing. The impact is quite severe, ranging from data theft and denial of service to crippling network infrastructure systems. In this study, data collection was conducted by launching an test attack against a real network infrastructure involving 27 computers, one router, and four switches. This study uses a Mikrotik router by building a firewall to generate log files and uses the Tazmen Sniffer Protocol, which is sent to a syslog-ng computer in a different virtual domain in a local area network. The Trigger, Acquire, Analysis, Report, Action method is used in network forensic investigations by utilising Wireshark and network miners to analyze network traffic during attacks. The results of this network forensics obtain evidence that there have been eight attacks with detailed information on when there was an attack on the media access control address and internet protocol address, both from the attacker and the victim. However, attacks carried out with the KickThemOut tool can provide further information about the attacker’s details through a number of settings, in particular using the Gratuitous ARP and ICMP protocols

Ethical Hacking Using Penetration Testing

This thesis provides details of the hardware architecture and the software scripting, which are employed to demonstrate penetration testing in a laboratory setup. The architecture depicts an organizational computing asset or an environment.¬¬¬ With the increasing number of cyber-attacks throughout the world, the network security is becoming an important issue. This has motivated a large number of “ethical hackers” to indulge and develop methodologies and scripts to defend against the security attacks. As it is too onerous to maintain and monitor attacks on individual hardware and software in an organization, the demand for the new ways to manage security systems invoked the idea of penetration testing. Many research groups have designed algorithms depending on the size, type and purpose of application to secure networks [55]. In this thesis, we create a laboratory setup replicating an organizational infrastructure to study penetration testing on real time server-client atmosphere. To make this possible, we have used Border Gateway Protocol (BGP) as routing protocol as it is widely used in current networks. Moreover, BGP exhibits few vulnerabilities of its own and makes the security assessment more promising. Here, we propose (a) computer based attacks and (b) actual network based attacks including defense mechanisms. The thesis, thus, describes the way penetration testing is accomplished over a desired BGP network. The procedural generation of the packets, exploit, and payloads involve internal and external network attacks. In this thesis, we start with the details of all sub-fields in the stream of penetration testing, including their requirements and outcomes. As an informative and learning research, this thesis discusses the types of attacks over the routers, switches and physical client machines. Our work also deals with the limitations of the implementation of the penetration testing, discussing over the vulnerabilities of the current standards in the technology. Furthermore, we consider the possible methodologies that require attention in order to accomplish most efficient outcomes with the penetration testing. Overall, this work has provided a great learning opportunity in the area of ethical hacking using penetration testing