A board game for teaching internet engineering

This paper describes elements in the development of a board game for teaching Internet peering as part of an Internet engineering class

On Partitional Clustering of Malware

In this paper we fully describe a novel clustering method for malware, from the transformation of data into a manipulable standardised data matrix, finding the number of clusters until the clustering itself including visualisation of the high-dimensional data. Our clustering method deals well with categorical data and clusters the behavioural data of 17,000 websites, acquired with Capture-HPC, in less than 2 minutesPeer reviewedFinal Accepted Versio

Network provider domain federation in TINA

Federation in TINA CMA (Connection Management Architecture) provides the mechanisms for cooperation between different interworking network domains possibly owned by different administrators. In order to be able to offer services to their users, these administrators must cooperate. We present an implemented and validated architecture including the federation techniques necessary. We illustrate the problem based on experience from a user trial, in which different operators, and suppliers with different equipment participate

New Zealand Summer of Code/Summer of Technology: an industry, student and tertiary engagement

In 2006 the Wellington Summer of Code was brought to life engaging ICT undergraduates with innovative Wellington employers, it has developed into a thriving talent pipeline engaging all levels of tertiary students and industry in the Wellington region. Summer of Code engages students during term time through industry led learning and a summer seminar and workshop series that are open to all. It has worked with the NZCS to integrate the Evening with Industry where undergraduates see young IT professionals starting their careers discussing the move from academia to the real world. Through Summer of Code ~70% of students are retained in full or part time employment and ICT career opportunities explored. In 2010 Summer of Code evolved to the Summer of Technology by incorporating engineering, design and business analysis and the scheme provides a template for other centres in New Zealand. This paper explores the success of Summer of Code, its engagement models, curriculum aspects and the potential for the future

Identification of potential malicious web pages

Malicious web pages are an emerging security concern on the Internet due to their popularity and their potential serious impact. Detecting and analysing them are very costly because of their qualities and complexities. In this paper, we present a lightweight scoring mechanism that uses static features to identify potential malicious pages. This mechanism is intended as a filter that allows us to reduce the number suspicious web pages requiring more expensive analysis by other mechanisms that require loading and interpretation of the web pages to determine whether they are malicious or benign. Given its role as a filter, our main aim is to reduce false positives while minimising false negatives. The scoring mechanism has been developed by identifying candidate static features of malicious web pages that are evaluate using a feature selection algorithm. This identifies the most appropriate set of features that can be used to efficiently distinguish between benign and malicious web pages. These features are used to construct a scoring algorithm that allows us to calculate a score for a web page's potential maliciousness. The main advantage of this scoring mechanism compared to a binary classifier is the ability to make a trade-off between accuracy and performance. This allows us to adjust the number of web pages passed to the more expensive analysis mechanism in order to tune overall performance

Applying AI to improve the performance of client honeypots

Victoria University has developed a capability around the detection of drive by download attacks using client honeypot technology [1-3]. Two types of client honeypot, low-interaction and high-interaction honeypots, have been developed to inspect malicious web pages. A new client honeypot model, called a hybrid system, has also been proposed to improve the performance of client honeypots [2]. These client honeypots have made significant contributions to Internet security through detection of malicious servers. However, their performance has shown there are areas where artificial intelligence (AI) technology can add value to create more adaptable client honeypots. In this workshop, we briefly present client honeypots which have been developed by Victoria University and how we can apply AI to improve their performances

Justifying the need for forensically ready protocols: a case study of identifying malicious web servers using client honeypots

Client honeypot technology can find malicious web servers that attack web browsers and push malware, so called drive-by-downloads, to the client machine. Merely recording the network traffic is insufficient to perform an efficient forensic analysis of the attack. Custom tools need to be developed to access and examine the embedded data of the network protocols. Once the information is extracted from the network data, it cannot be used to perform a behavioral analysis on the attack, therefore limiting the ability to answer what exactly happened on the attacked system. Implementation of a record / replay mechanism is proposed that allows the forensic examiner to easily extract application data from recorded network streams and allows applications to interact with such data for behavioral analysis purposes. A concrete implementation of such a setup for HTTP and DNS protocols using the HTTP proxy Squid and DNS proxy pdnsd is presented and its effect on digital forensic analysis demonstrated