Visualising network security attacks with multiple 3D visualisation and false alert classification

Increasing numbers of alerts produced by network intrusion detection systems (NIDS) have burdened the job of security analysts especially in identifying and responding to them. The tasks of exploring and analysing large quantities of communication network security data are also difficult. This thesis studied the application of visualisation in combination with alerts classifier to make the exploring and understanding of network security alerts data faster and easier. The prototype software, NSAViz, has been developed to visualise and to provide an intuitive presentation of the network security alerts data using interactive 3D visuals with an integration of a false alert classifier. The needs analysis of this prototype was based on the suggested needs of network security analyst's tasks as seen in the literatures. The prototype software incorporates various projections of the alert data in 3D displays. The overview was plotted in a 3D plot named as "time series 3D AlertGraph" which was an extension of the 2D histographs into 3D. The 3D AlertGraph was effectively summarised the alerts data and gave the overview of the network security status. Filtering, drill-down and playback of the alerts at variable speed were incorporated to strengthen the analysis. Real-time visual observation was also included. To identify true alerts from all alerts represents the main task of the network security analyst. This prototype software was integrated with a false alert classifier using a classification tree based on C4.5 classification algorithm to classify the alerts into true and false. Users can add new samples and edit the existing classifier training sample. The classifier performance was measured using k-fold cross-validation technique. The results showed the classifier was able to remove noise in the visualisation, thus making the pattern of the true alerts to emerge. It also highlighted the true alerts in the visualisation. Finally, a user evaluation was conducted to find the usability problems in the tool and to measure its effectiveness. The feed backs showed the tools had successfully helped the task of the security analyst and increased the security awareness in their supervised network. From this research, the task of exploring and analysing a large amount of network security data becomes easier and the true attacks can be identified using the prototype visualisation tools. Visualisation techniques and false alert classification are helpful in exploring and analysing network security data.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Role of artificial intelligence in cloud computing, IoT and SDN: Reliability and scalability issues

Information technology fields are now more dominated by artificial intelligence, as it is playing a key role in terms of providing better services. The inherent strengths of artificial intelligence are driving the companies into a modern, decisive, secure, and insight-driven arena to address the current and future challenges. The key technologies like cloud, internet of things (IoT), and software-defined networking (SDN) are emerging as future applications and rendering benefits to the society. Integrating artificial intelligence with these innovations with scalability brings beneficiaries to the next level of efficiency. Data generated from the heterogeneous devices are received, exchanged, stored, managed, and analyzed to automate and improve the performance of the overall system and be more reliable. Although these new technologies are not free of their limitations, nevertheless, the synthesis of technologies has been challenged and has put forth many challenges in terms of scalability and reliability. Therefore, this paper discusses the role of artificial intelligence (AI) along with issues and opportunities confronting all communities for incorporating the integration of these technologies in terms of reliability and scalability. This paper puts forward the future directions related to scalability and reliability concerns during the integration of the above-mentioned technologies and enable the researchers to address the current research gaps

Cloud-Based DDoS HTTP Attack Detection Using Covariance Matrix Approach

In this era of technology, cloud computing technology has become essential part of the IT services used the daily life. In this regard, website hosting services are gradually moving to the cloud. This adds new valued feature to the cloud-based websites and at the same time introduces new threats for such services. DDoS attack is one such serious threat. Covariance matrix approach is used in this article to detect such attacks. The results were encouraging, according to confusion matrix and ROC descriptors

Encryption method for SCADA security enhancement

With the growing demands of Industrial Control Systems (ICS) in all over the world, the industries such as water, electric and gas are using real time infrastructures for communication between filed devices connected within "networks such as using Local Area Network (LAN). Wide Area Networks (WAN)" or/and over internet to fulfill the requiremenets of industrial processing and automation. Supervisory Control and Data Acquisition (SCADA) system is part of ICS. This system is based on real-time processing infrastructure, systems control and design. In existing survey, several mechanisim/solutionms were developed for reliable delivery of data without any attack. Severla techniques were also implemented " such as using secure socket layer/transport layer security (SSL/TLS), secure shell (SSH) and Internet Protocol Security (IPSec)" for securing data across internet and overcoming the attacks and security because these are based on TCP/IP protocol for communication and on cryptography algorithms for the purpose of security. Based on detail SCADA security analysis, the cryptography techniques have been adopted to enhance the security of these critical systems. The proposed security solutions takes novel approach to implement the best security performance cryptography algorithms included AES, RSA and SHA-2, as a security layer within distributed network protocol (DNP3) stack. This novel approach successfully enhanced the security of DNP3 protocol as a part of SCADA system while comparing with end-to-end security implementations

Deployment of new dynamic cryptography buffer for SCADA security enhancement

The current study is based on novel solution which deploy the security mechanism, more advance cryptography solution within distributed Network Protocol (DNP3) stack as a part of critical system (or SCADA) system). The "Dynamic Cryptography Buffer (DCB)" has been implemented that contains 56 bytes from total size of " Application Protocol Data Unit (APDU) bytes" as a part of application layer of DNP3 protocol. The DCB contains several fields/sub-fields which have been used during implementation of cryptography algorithm and other information ( or detail) related with protocol security. During implementation with DNP3 protocol, the bytes are dynamically stored after processing ( security deployment) within DCB, without affecting the total size of DNP3 protocol stack. This novel study gives new directions for SCADA or its protocols security deployment and enhancement