A Fuzzy-logic based Alert Prioritization Engine for IDSs: Architecture and Configuration

Intrusion Detection Systems (IDSs) are designed to monitor a networked environment and generate alerts whenever abnormal activities are detected. The number of these alerts can be very large making their evaluation by security analysts a difficult task. The management is complicated by the need to configure the different components of alert evaluation systems. In addition, IDS alert management techniques, such as clustering and correlation, suffer from involving unrelated alerts in their processes and consequently provide results that are inaccurate and difficult to manage. Thus, the tuning of an IDS alert management system in order to provide optimal results remains a major challenge, which is further complicated by the large spectrum of potential attacks the system can be subject to. This thesis considers the specification and configuration issues of FuzMet, a novel IDS alert management system which employs several metrics and a fuzzy-logic based approach for scoring and prioritizing alerts. In addition, it features an alert rescoring technique that leads to a further reduction of the number of alerts. We study the impact of different configurations of the proposed metrics on the accuracy and completeness of the alert scores generated by FuzMet. Our approach is validated using the 2000 DARPA intrusion detection scenario specific datasets and comparative results between the Snort IDS alert scoring and FuzMet alert prioritization scheme are presented. A considerable number of simulations were conducted in order to determine the optimal configuration of FuzMet with selected simulation results presented and analyzed

Security Configuration Management in Intrusion Detection and Prevention Systems

Intrusion Detection and/or Prevention Systems (IDPS) represent an important line of defense against a variety of attacks that can compromise the security and proper functioning of an enterprise information system. IDPSs can be network or host-based and can collaborate in order to provide better detection of malicious traffic. Although several IDPS systems have been proposed, their appropriate con figuration and control for e effective detection/ prevention of attacks and efficient resource consumption is still far from trivial. Another concern is related to the slowing down of system performance when maximum security is applied, hence the need to trade o between security enforcement levels and the performance and usability of an enterprise information system. In this dissertation, we present a security management framework for the configuration and control of the security enforcement mechanisms of an enterprise information system. The approach leverages the dynamic adaptation of security measures based on the assessment of system vulnerability and threat prediction, and provides several levels of attack containment. Furthermore, we study the impact of security enforcement levels on the performance and usability of an enterprise information system. In particular, we analyze the impact of an IDPS con figuration on the resulting security of the network, and on the network performance. We also analyze the performance of the IDPS for different con figurations and under different traffic characteristics. The analysis can then be used to predict the impact of a given security con figuration on the prediction of the impact on network performance

Integrating a High-Reliability Multicriteria Trust Evaluation Model with Task Role-Based Access Control for Cloud Services

Cloud data storage is revolutionary because it eliminates the need for additional hardware, which is often costly, inconvenient, and requires additional space. Cloud data storage allows data owners to store large amounts of data in a flexible way and at low cost. The number of online cloud storage services and their consumers has therefore increased dramatically. However, ensuring the privacy and security of data on a digital platform is often a challenge. A cryptographic task-role-based access control (T-RBAC) approach can be used to protect data privacy. This approach ensures the accessibility of data for authorized consumers and keeps it safe from unauthorized consumers. However, this type of cryptographic approach does not address the issue of trust. In this paper, we propose a comprehensive trust model integrated with a cryptographic T-RBAC to enhance the privacy and security of data stored in cloud storage systems, and suggests that trust models involve inheritance and hierarchy in the roles and tasks of trustworthiness evaluation, where this study aims to identify the most feasible solution for the trust issue in T-RBAC approaches. Risk evaluations regarding other possible flaws of the design are also performed. The proposed design can decrease risk by providing high security for cloud storage systems and improve the quality of decisions of cloud operators and data owners

Policy-Based Security Configuration Management; Application to Intrusion Detection and Prevention

International audienc

Machine Learning-Based Botnet Detection in Software-Defined Network: A Systematic Review

In recent decades, the internet has grown and changed the world tremendously, and this, in turn, has brought about many cyberattacks. Cybersecurity represents one of the most serious threats to society, and it costs millions of dollars each year. The most significant question remains: Where do these attacks come from? The answer is that botnets provide platforms for cyberattacks. For many organizations, a botnet-assisted attack is a terrifying threat that can cause financial losses and leave global victims in its wake. It is therefore imperative to defend organizations against botnet-assisted attacks. Software defined networking (SDN) has emerged as one of the most promising paradigms for this because it allows exponential increases in the complexity of network management and configuration. SDN has a substantial advantage over traditional approaches with regard to network management because it separates the control plane from network equipment. However, security challenges continue to arise, which raises the need for different types of implementation strategies to spread attack vectors, despite the significant benefits. The main objective of this survey is to assess botnet detection techniques by using systematic reviews and meta-analyses (PRISMA) guidelines. We evaluated various articles published since 2006 in the field of botnet detection, based on machine learning, and from 2015 in the field of SDN. Specifically, we used top-rated journals that featured the highest impact factors. In this paper, we aim to elaborate on several research areas regarding botnet attacks, detection techniques, machine learning, and SDN. We also address current research challenges and propose directions for future research

Blockchain-Based Secured Access Control in an IoT System

The distributed nature of Internet of Things (IoT) and its rapid increase on a large scale raises many security and privacy issues. Access control is one of the major challenges currently addressed through centralized approaches that may rely on a third party and they are constrained by availability and scalability, which may result in a performance bottleneck. Therefore, this paper proposes a novel solution to manage the delivery of lightweight and decentralized secure access control of an IoT system based on a multi-agent system and a blockchain. The main objective of the proposed solution is to build Blockchain Managers (BCMs) for securing IoT access control, as well as allowing for secure communication between local IoT devices. Moreover, the solution also enables secure communication between IoT devices, fog nodes and cloud computing

WPAN and IoT Enabled Automation to Authenticate Ignition of Vehicle in Perspective of Smart Cities

Currently, two-wheelers are the most popular mode of transportation, driven by the majority the people. Research by the World Health Organization (WHO) identifies that most two-wheeler deaths are caused due to not wearing a helmet. However, the advancement in sensors and wireless communication technology empowers one to monitor physical things such as helmets through wireless technology. Motivated by these aspects, this article proposes a wireless personal network and an Internet of Things assisted system for automating the ignition of two-wheelers with authorization and authentication through the helmet. The authentication and authorization are realized with the assistance of a helmet node and a two-wheeler node based on 2.4 GHz RF communication. The helmet node is embedded with three flex sensors utilized to experiment with different age groups and under different temperature conditions. The statistical data collected during the experiment are utilized to identify the appropriate threshold value through a t-test hypothesis for igniting the two-wheelers. The threshold value obtained after the t-test is logged in the helmet node for initiating the communication with the two-wheeler node. The pairing of the helmet node along with the RFID key is achieved through 2.4 GHZ RF communication. During real-time implementation, the helmet node updates the status to the server and LABVIEW data logger, after wearing the helmet. Along with the customization of hardware, a LABVIEW data logger is designed to visualize the data on the server side