Abstract: Efforts to secure supervisory control and data acquisition
(SCADA) systems must be supported under the guidance of
sound security policies and mechanisms to enforce them. Critical
elements of the policy must be systematically translated into a format
that can be used by policy enforcement components. Ideally, the
goal is to ensure that the enforced policy is a close reflection of
the specified policy. However, security controls commonly used to
enforce policies in the IT environment were not designed to satisfy
the specific needs of the SCADA environment. This paper presents
a language, based on the well-known XACML framework, for the
expression of authorization policies for SCADA systems.
Abstract: Distributed denial-of-service (DDoS) attacks pose a
serious threat to network security. There have been a lot of
methodologies and tools devised to detect DDoS attacks and reduce
the damage they cause. Still, most of the methods cannot
simultaneously achieve (1) efficient detection with a small number of
false alarms and (2) real-time transfer of packets. Here, we introduce
a method for proactive detection of DDoS attacks, by classifying the
network status, to be utilized in the detection stage of the proposed
anti-DDoS framework. Initially, we analyse the DDoS architecture
and obtain details of its phases. Then, we investigate the procedures
of DDoS attacks and select variables based on these features. Finally,
we apply the k-nearest neighbour (k-NN) method to classify the
network status into each phase of DDoS attack. The simulation result
showed that each phase of the attack scenario is classified well and
we could detect DDoS attack in the early stage.
Abstract: Network warfare is an emerging concept that focuses on the network and computer based forms through which information is attacked and defended. Various computer and network security concepts thus play a role in network warfare. Due the intricacy of the various interacting components, a model to better understand the complexity in a network warfare environment would be beneficial. Non-quantitative modeling is a useful method to better characterize the field due to the rich ideas that can be generated based on the use of secular associations, chronological origins, linked concepts, categorizations and context specifications. This paper proposes the use of non-quantitative methods through a morphological analysis to better explore and define the influential conditions in a network warfare environment.
Abstract: We propose a novel graphical technique (SVision) for
intrusion detection, which pictures the network as a community of
hosts independently roaming in a 3D space defined by the set of
services that they use. The aim of SVision is to graphically cluster
the hosts into normal and abnormal ones, highlighting only the ones
that are considered as a threat to the network. Our experimental
results using DARPA 1999 and 2000 intrusion detection and
evaluation datasets show the proposed technique as a good candidate
for the detection of various threats of the network such as vertical
and horizontal scanning, Denial of Service (DoS), and Distributed
DoS (DDoS) attacks.
Abstract: Recent advances in wireless sensor networks have led
to many routing methods designed for energy-efficiency in wireless
sensor networks. Despite that many routing methods have been
proposed in USN, a single routing method cannot be energy-efficient
if the environment of the ubiquitous sensor network varies. We present
the controlling network access to various hosts and the services they
offer, rather than on securing them one by one with a network security
model. When ubiquitous sensor networks are deployed in hostile
environments, an adversary may compromise some sensor nodes and
use them to inject false sensing reports. False reports can lead to not
only false alarms but also the depletion of limited energy resource in
battery powered networks. The interleaved hop-by-hop authentication
scheme detects such false reports through interleaved authentication.
This paper presents a LMDD (Low energy method for data delivery)
algorithm that provides energy-efficiency by dynamically changing
protocols installed at the sensor nodes. The algorithm changes
protocols based on the output of the fuzzy logic which is the fitness
level of the protocols for the environment.
Abstract: Several wireless networks security standards have been proposed and widely implemented in both business and home environments in order to protect the network from unauthorized access. However, the implementation of such standards is usually achieved by network administrators without even knowing the standards- weaknesses and strengths. The intention of this paper is to evaluate and analyze the impact over the network-s security due to the implementation of the wireless networks security standards WEP, WPA and WLAN 802.1X.
Abstract: Recently, information security has become a key issue
in information technology as the number of computer security
breaches are exposed to an increasing number of security threats. A
variety of intrusion detection systems (IDS) have been employed for
protecting computers and networks from malicious network-based or
host-based attacks by using traditional statistical methods to new data
mining approaches in last decades. However, today's commercially
available intrusion detection systems are signature-based that are not
capable of detecting unknown attacks. In this paper, we present a
new learning algorithm for anomaly based network intrusion
detection system using decision tree algorithm that distinguishes
attacks from normal behaviors and identifies different types of
intrusions. Experimental results on the KDD99 benchmark network
intrusion detection dataset demonstrate that the proposed learning
algorithm achieved 98% detection rate (DR) in comparison with
other existing methods.
Abstract: Intrusion Detection Systems are increasingly a key
part of systems defense. Various approaches to Intrusion Detection
are currently being used, but they are relatively ineffective. Artificial
Intelligence plays a driving role in security services. This paper
proposes a dynamic model Intelligent Intrusion Detection System,
based on specific AI approach for intrusion detection. The
techniques that are being investigated includes neural networks and
fuzzy logic with network profiling, that uses simple data mining
techniques to process the network data. The proposed system is a
hybrid system that combines anomaly, misuse and host based
detection. Simple Fuzzy rules allow us to construct if-then rules that
reflect common ways of describing security attacks. For host based
intrusion detection we use neural-networks along with self
organizing maps. Suspicious intrusions can be traced back to its
original source path and any traffic from that particular source will
be redirected back to them in future. Both network traffic and system
audit data are used as inputs for both.
Abstract: Wireless sensor networks can be used to measure and monitor many challenging problems and typically involve in monitoring, tracking and controlling areas such as battlefield monitoring, object tracking, habitat monitoring and home sentry systems. However, wireless sensor networks pose unique security challenges including forgery of sensor data, eavesdropping, denial of service attacks, and the physical compromise of sensor nodes. Node in a sensor networks may be vanished due to power exhaustion or malicious attacks. To expand the life span of the sensor network, a new node deployment is needed. In military scenarios, intruder may directly organize malicious nodes or manipulate existing nodes to set up malicious new nodes through many kinds of attacks. To avoid malicious nodes from joining the sensor network, a security is required in the design of sensor network protocols. In this paper, we proposed a security framework to provide a complete security solution against the known attacks in wireless sensor networks. Our framework accomplishes node authentication for new nodes with recognition of a malicious node. When deployed as a framework, a high degree of security is reachable compared with the conventional sensor network security solutions. A proposed framework can protect against most of the notorious attacks in sensor networks, and attain better computation and communication performance. This is different from conventional authentication methods based on the node identity. It includes identity of nodes and the node security time stamp into the authentication procedure. Hence security protocols not only see the identity of each node but also distinguish between new nodes and old nodes.
Abstract: The first generation of Mobile Agents based Intrusion
Detection System just had two components namely data collection
and single centralized analyzer. The disadvantage of this type of
intrusion detection is if connection to the analyzer fails, the entire
system will become useless. In this work, we propose novel hybrid
model for Mobile Agent based Distributed Intrusion Detection
System to overcome the current problem. The proposed model has
new features such as robustness, capability of detecting intrusion
against the IDS itself and capability of updating itself to detect new
pattern of intrusions. In addition, our proposed model is also capable
of tackling some of the weaknesses of centralized Intrusion Detection
System models.
Abstract: Social interest and demand on Home-Network has
been increasing greatly. Although various services are being
introduced to respond to such demands, they can cause serious
security problems when linked to the open network such as Internet.
This paper reviews the security requirements to protect the service
users with assumption that the Home-Network environment is
connected to Internet and then proposes the security model based on
the requirement. The proposed security model can satisfy most of the
requirements and further can be dynamically applied to the future
ubiquitous Home-Networks.
Abstract: This paper discusses a curriculum approach that will
give emphasis on practical portions of teaching network security
subjects in information and communication technology courses. As
we are well aware, the need to use a practice and application oriented
approach in education is paramount. Research on active learning and
cooperative groups have shown that students grasps more and have
more tendency towards obtaining and realizing soft skills like
leadership, communication and team work as opposed to the more
traditional theory and exam based teaching and learning. While this
teaching and learning paradigm is relatively new in Malaysia, it has
been practiced widely in the West. This paper examines a certain
approach whereby students learning wireless security are divided into
and work in small and manageable groups where there will be 2
teams which consist of black hat and white hat teams. The former
will try to find and expose vulnerabilities in a wireless network while
the latter will try their best to prevent such attacks on their wireless
networks using hardware, software, design and enforcement of
security policy and etc. This paper will try to show that the approach
taken plus the use of relevant and up to date software and hardware
and with suitable environment setting will hopefully expose students
to a more fruitful outcome in terms of understanding of concepts,
theories and their motivation to learn.
Abstract: As the Internet continues to grow at a rapid pace as
the primary medium for communications and commerce and as
telecommunication networks and systems continue to expand their
global reach, digital information has become the most popular and
important information resource and our dependence upon the
underlying cyber infrastructure has been increasing significantly.
Unfortunately, as our dependency has grown, so has the threat to the
cyber infrastructure from spammers, attackers and criminal
enterprises. In this paper, we propose a new machine learning based
network intrusion detection framework for cyber security. The
detection process of the framework consists of two stages: model
construction and intrusion detection. In the model construction stage,
a semi-supervised machine learning algorithm is applied to a
collected set of network audit data to generate a profile of normal
network behavior and in the intrusion detection stage, input network
events are analyzed and compared with the patterns gathered in the
profile, and some of them are then flagged as anomalies should these
events are sufficiently far from the expected normal behavior. The
proposed framework is particularly applicable to the situations where
there is only a small amount of labeled network training data
available, which is very typical in real world network environments.
Abstract: Internet security attack could endanger the privacy of
World Wide Web users and the integrity of their data. The attack can
be carried out on today's most secure systems- browsers, including
Netscape Navigator and Microsoft Internet Explorer. There are too
many types, methods and mechanisms of attack where new attack
techniques and exploits are constantly being developed and
discovered. In this paper, various types of internet security attack
mechanisms are explored and it is pointed out that when different
types of attacks are combined together, network security can suffer
disastrous consequences.