Proceedings of Seminar on Network Protocols in Operating Systems

The Linux networking stack tends to evolve rapidly, and while there are some excellent documentation written in the past, most of the past documentation gotten (at least partially) outdated over time. The seminar on Network Protocols in Operating Systems was arranged in Aalto University, fall 2012, Department of Communications and Networking to gain a better understanding of the current status of the networking implementation in the Linux kernel. The seminar had 10 participants and each participant was assigned a module from the Linux networking implementation, on which a short paper was to be written. This publications contain the final output of this work. The papers included in the publication are: Kurnikov, Arseny: Linux kernel application interface. Jaakkola, Antti: Implementation of transmission control protocol in Linux. Arianfar, Somaya: TCP’s congestion control implementation in Linux kernel. Budigere, Karthik: Linux implementation study of stream control transmission protocol. Khattak, Fida Ullah: The IPv4 implementation of Linux kernel stack. Boye, Magnus: Netfilter connection tracking and NAT implementation. Korhonen, Jouni: Mobile IPv6 Linux kernel and user space. Soininen, Jonne: Device agnostic network interface. Kalliola, Aapo: Network device drivers in Linux. Varis, Nuutti: Anatomy of a Linux bridge

Dual stack mobile IP security and bootstrapping

The wide variety of wireless broadband solutions has redefined the notions of connectivity and mobility. Powerful mobile devices can take full advantage of the wide spectrum of connectivity choices and the need for seamless mobility between different access networks is greater than ever before. At the same time, exhaustion of IPv4 address space marks the gradual evolution to the new IPv6 platform. Dual stack frameworks are important for a smooth transition to an all IPv6 Internet and DSMIPv6 is one such framework which provides inter-access mobility between heterogeneous IP (IPv4 and IPv6) networks. DSMIPv6 relies on IPsec to secure its signalling and payload communication. Though IPsec can be manually configured for this purpose, IKEv2 provides a platform to automate this process. DSMIPv6 can also use IKEv2 for dynamic allocation of Home Address (or Home Prefix) to a bootstrapping mobile node. However, lack of a standardized interface between IKEv2 and DSMIPv6 frameworks obstructs the implementation of such an automated process. This work provides security and bootstrapping solution to DSMIPv6 nodes under the guidelines laid out by IETF. At the same time, we critically review the complexity of implementing the solutions as proposed in the standards. Problems faced while implementing some of the guidelines are discussed in detail and, if required, an alternative solution is provided. A user-mode-linux test network is created to analyze the problems and verify solutions. Although this work focuses on the architectural issues of DSMIPv6 framework, a brief analysis of DSMIPv6 performance on the test network is given

Dynamic Malware Detection Using Effective Machine Learning Models with Feature Selection Techniques

Dynamic Malware is a type of virus that is self-modifying, which makes it difficult to analyze in the course of its operation. It occasionally changes its behavior based on the existing environment and the context of execution. The goal of this study was to identify and detect dynamic malware in Android devices using effective machine-learning models with feature selection techniques. With new malicious software emerging daily, relying solely on manual heuristic analysis has become ineffective. To address this limitation, the study used dynamic detection methods to detect the events of interest using machine learning models. Some of these measures entailed duplication of an environment in which the behavior of malware could be replicated and then come up with reports. The reports were then transformed into sparse vector models so that other machine-learning techniques could then be applied to them. In this research study seven different models, namely, KNN, DT, RF, AdaBoost, SGD, Extra Trees, and Gaussian NB, were used to train an effective malware detection model to predict the dynamic malware in its early stages. The study showed that Random Forest, Stochastic Gradient Descent, Extra Tree, and Gaussian Naive Bayes classifiers achieved the highest accuracy compared to other models. This research study endorses the application of machine learning-based automated behavior analysis for malware detection, about the complexities involved in the dynamic behavioral analysis of malicious software

Dynamic Malware Detection Using Effective Machine Learning Models with Feature Selection Techniques

Dynamic Malware is a type of virus that is self-modifying, which makes it difficult to analyze in the course of its operation. It occasionally changes its behavior based on the existing environment and the context of execution. The goal of this study was to identify and detect dynamic malware in Android devices using effective machine-learning models with feature selection techniques. With new malicious software emerging daily, relying solely on manual heuristic analysis has become ineffective. To address this limitation, the study used dynamic detection methods to detect the events of interest using machine learning models. Some of these measures entailed duplication of an environment in which the behavior of malware could be replicated and then come up with reports. The reports were then transformed into sparse vector models so that other machine-learning techniques could then be applied to them. In this research study seven different models, namely, KNN, DT, RF, AdaBoost, SGD, Extra Trees, and Gaussian NB, were used to train an effective malware detection model to predict the dynamic malware in its early stages. The study showed that Random Forest, Stochastic Gradient Descent, Extra Tree, and Gaussian Naive Bayes classifiers achieved the highest accuracy compared to other models. This research study endorses the application of machine learning-based automated behavior analysis for malware detection, about the complexities involved in the dynamic behavioral analysis of malicious software