Biblio

Network security became a viral topic nowadays, Anomaly-based Intrusion Detection Systems [1] (IDSs) plays an indispensable role in identifying the attacks from networks and the detection rate and accuracy are said to be high. The proposed work explore this topic and solve this issue by the IDS model developed using Artificial Neural Network (ANN). This model uses Feed - Forward Neural Net algorithms and Probabilistic Neural Network and oppositional based on Particle Swarm optimization Algorithm for lessen the computational overhead and boost the performance level. The whole computing overhead produced in its execution and training are get minimized by the various optimization techniques used in these developed ANN-based IDS system. The experimental study on the developed system tested using the standard NSL-KDD dataset performs well, while compare with other intrusion detection models, built using NN, RB and OPSO algorithms.

Understanding the IP address depletion and the importance of handling security issues in IPv6 deployment can make IT personnel becomes more functional and helpful to the organization. It also applied to the management people who are responsible for approving the budget or organization policy related to network security. Unfortunately, new employees or fresh graduates may not really understand the challenge related to IPv6 deployment. In order to be equipped with appropriate knowledge and skills, these people may require a few weeks of attending workshops or training. Thus, of course involving some implementation cost as well as sacrificing allocated working hours. As an alternative to save cost and to help new IT personnel become quickly educated and familiar with IPv6 deployment issues, this paper presented a learning kit that has been designed to include self-learning features that can help neophytes to learn about IPv6 at their own pace. The kit contains some compact notes, brief security model and framework as well as a guided module with supporting quizzes to maintain a better understanding of the topics. Since IPv6 is still in the early phase of implementation in most of developing countries, this kit can be an additional assisting tool to accelerate the deployment of IPv6 environment in any organization. The kit also can be used by teachers and trainers as a supporting tool in the classroom. The pre-alpha testing has attracted some potential users and the findings proved their acceptance. The kit has prospective to be further enhanced and commercialized.

Network attacks have become a growing threat to the current Internet. For the enhancement of network security and accountability, it is urgent to find the origin and identity of the adversary who misbehaves in the network. Some studies focus on embedding users' identities into IPv6 addresses, but such design cannot support the Stateless Address Autoconfiguration (SLAAC) protocol which is widely deployed nowadays. In this paper, we propose SDN-Ti, a general solution to traceback and identification for attackers in IPv6 networks based on Software Defined Network (SDN). In our proposal, the SDN switch performs a translation between the source IPv6 address of the packet and its trusted ID-encoded address generated by the SDN controller. The network administrator can effectively identify the attacker by parsing the malicious packets when the attack incident happens. Our solution not only avoids the heavy storage overhead and time synchronism problems, but also supports multiple IPv6 address assignment scenarios. What's more, SDN-Ti does not require any modification on the end device, hence can be easily deployed. We implement SDN-Ti prototype and evaluate it in a real IPv6 testbed. Experiment results show that our solution only brings very little extra performance cost, and it shows considerable performance in terms of latency, CPU consumption and packet loss compared to the normal forwarding method. The results indicate that SDN-Ti is feasible to be deployed in practice with a large number of users.

With the rapid development of Internet of Things applications, the power Internet of Things technologies and applications covering the various production links of the power grid "transmission, transmission, transformation, distribution and use" are becoming more and more popular, and the terminal, network and application security risks brought by them are receiving more and more attention. Combined with the architecture and risk of power Internet of Things, this paper first proposes the overall security protection technology system and strategy for power Internet of Things; then analyzes terminal identity authentication and authority control, edge area autonomy and data transmission protection, and application layer cloud fog security management. And the whole process real-time security monitoring; Finally, through the analysis of security risks and protection, the technical difficulties and directions for the security protection of the Internet of Things are proposed.

In autonomous driving, security issues from robotic and automotive applications are converging toward each other. A novel approach for deriving secret keys using a lightweight cipher in the firmware of low-end control units is introduced. By evaluating the method on a typical low-end automotive platform, we demonstrate the reusability of the cipher for message authentication. The proposed solution counteracts a known security issue in the robotics and automotive domain.

The requirements regarding network management defined by the continuously rising amount of interconnected devices in the industrial landscape turns it into an increasingly complex task. Associated by the fusion of technologies up to Cyber-Physical Production Systems (CPPS) and the Industrial Internet of Things (IIoT) with its multitude of communicating sensors and actuators new demands arise. In particular, the driving forces of this development, mobility and flexibility, are affecting today's networks. However, it is precisely these wireless solutions, as enabler for this advancement, that create new attack vectors and cyber-security threats. Furthermore, many cryptographic procedures, intended to secure the networks, require additional overhead, which is limiting the transmission bandwidth and speed as well. For this reason, new and efficient solutions must be developed and applied, in order to secure the existing, as well as the future, industrial communication networks. This work proposes a conceptual approach, consisting of a combination of Software-Defined Networking (SDN) and Physical Layer Security (PhySec) to satisfy the network security requirements. Use cases are explained that demonstrate the appropriateness of the approach and it is shown that this is a easy to use and resource efficient, but nevertheless sound and secure approach.

Today's network is distributed and heterogeneous in nature and has numerous applications which affect day to day life, such as e-Banking, e-Booking of tickets, on line shopping etc. Hence the security of the network is crucial. Threats in the network can be due to intrusions. Such threats can be observed and handled using Intrusion Detection System. The security can be achieved using intrusion detection system, which observes the data traffic and identifies it as an intrusion or not. The objective of this paper is to design a model using game theoretic approach for intrusion detection. Game model is designed by defining players, strategies and utility functions to identify the Probe attacks. This model is tested with NSLKDD data set. The model is the Probe attacks are identified by dominated strategies elimination method. Experimental results shows that game model identifies the attacks with good detection rate.

The convergence of access networks in the fifth-generation (5G) evolution promises multi-tier networking infrastructures for the successes of various applications realizing the Internet-of-Everything era. However, in this context, the support of a massive number of connected devices also opens great opportunities for attackers to exploit these devices in illegal actions against their victims, especially within the distributed denial-of-services (DDoS) attacks. Nowadays, DDoS prevention still remains an open issue in term of performance improvement although there is a significant number of existing solutions have been proposed in the literature. In this paper, we investigate the advances of multi-access edge computing (MAEC), which is considered as one of the most important emerging technologies in 5G networks, in order to provide an effective DDoS prevention solution (referred to be MAEC-X). The proposed MAEC-X architecture and mechanism are developed as well as proved its effectiveness against DDoS attacks through intensive security analysis.

Cloud computing is an assured progression inside the future of facts generation. It's far a sub-domain of network security. These days, many huge or small organizations are switching to cloud which will shop and arrange their facts. As a result, protection of cloud networks is the want of the hour. DDoS is a killer software for cloud computing environments on net today. It is a distributed denial of carrier. we will beat the ddos attacks if we have the enough assets. ddos attacks can be countered by means of dynamic allocation of the assets. In this paper the attack is detected as early as possible and prevention methods is done and also mitigation method is also implemented thus attack can be avoided before it may occur.

The network attack graph is a powerful tool for analyzing network security, but the generation of a large-scale graph is non-trivial. The main challenge is from the explosion of network state space, which greatly increases time and storage costs. In this paper, three parallel algorithms are proposed to generate scalable attack graphs. An OpenMP-based programming implementation is used to test their performance. Compared with the serial algorithm, the best performance from the proposed algorithms provides a 10X speedup.

Peer-to-Peer botnets have become one of the significant threat against network security due to their distributed properties. The decentralized nature makes their detection challenging. It is important to take measures to detect bots as soon as possible to minimize their harm. In this paper, we propose PeerGrep, a novel system capable of identifying P2P bots. PeerGrep starts from identifying hosts that are likely engaged in P2P communications, and then distinguishes P2P bots from P2P hosts by analyzing their active ratio, packet size and the periodicity of connection to destination IP addresses. The evaluation shows that PeerGrep can identify all P2P bots with quite low FPR even if the malicious P2P application and benign P2P application coexist within the same host or there is only one bot in the monitored network.

This paper explores using chaos-based cryptography for transmitting multimedia data, mainly speech and voice messages, over public communication channels, such as the internet. The secret message to be transmitted is first converted into a one-dimensional time series, that can be cast in a digital/binary format. The main feature of the proposed technique is mapping the two levels of every corresponding bit of the time series into different multiple chaotic orbits, using a simple encryption function. This one-to-many mapping robustifies the encryption technique and makes it resilient to crypto-analysis methods that rely on associating the energy level of the signal into two binary levels, using return map attacks. A chaotic nonautonomous Duffing oscillator is chosen to implement the suggested technique, using three different parameters that are assumed unknown at the receiver side. Synchronization between the transmitter and the receiver and reconstructing the secret message, at the receiver side, is done using a Lyapunov-based adaptive technique. Achieving stable operation, tuning the required control gains, as well as effective utilization of the bandwidth of the public communication channel are investigated. Two different case studies are presented; the first one deals with text that can be expressed as 8-bit ASCII code, while the second one corresponds to an analog acoustic signal that corresponds to the voice associated with pronouncing a short sentence. Advantages and limitation of the proposed technique are highlighted, while suggesting extensions to other multimedia signals, along with their required additional computational effort.

Deep packet inspection (DPI) is a critical component to prevent intrusion detection. This requires a detailed analysis of each network packet header and body. Although this is often done on dedicated high-power servers in most networked systems, mobile systems could potentially be vulnerable to attack if utilized on an unprotected network. In this case, having DPI hardware on the mobile system would be highly beneficial. Unfortunately, DPI hardware is generally area and power consuming, making its implementation difficult in mobile systems. We developed a memristor crossbar-based approach, inspired by memristor crossbar neuromorphic circuits, for a low-power, low-area, and high-throughput DPI system that examines both the header and body of a packet. Two key types of circuits are presented: static pattern matching and regular expression circuits. This system is able to reduce execution time and power consumption due to its high-density grid and massive parallelism. Independent searches are performed using low-power memristor crossbar arrays giving rise to a throughput of 160Gbps with no loss in the classification accuracy.

The proliferation of the Internet of Things (IoT) in the context of smart homes entails new security risks threatening the privacy and safety of end users. In this paper, we explore the design space of in-network security for smart home networks, which automatically complements existing security mechanisms with a rule-based approach, i. e., every IoT device provides a specification of the required communication to fulfill the desired services. In our approach, the home router as the central network component then enforces these communication rules with traffic filtering and anomaly detection to dynamically react to threats. We show that in-network security can be easily integrated into smart home networks based on existing approaches and thus provides additional protection for heterogeneous IoT devices and protocols. Furthermore, in-network security relieves users of difficult home network configurations, since it automatically adapts to the connected devices and services.

The Internet of Things (IoT) is changing the way we interact with everyday objects. "Smart" devices will reduce energy use, keep our homes safe, and improve our health. However, as recent attacks have shown, these devices also create tremendous security vulnerabilities in our computing networks. Securing all of these devices is a daunting task. In this paper, we argue that IoT device communications should be default-off and desired network communications must be explicitly enabled. Unlike traditional networked applications or devices like a web browser or PC, IoT applications and devices serve narrowly defined purposes and do not require access to all services in the network. Our proposal, Bark, a policy language and runtime for specifying and enforcing minimal access permissions in IoT networks, exploits this fact. Bark phrases access control policies in terms of natural questions (who, what, where, when, and how) and transforms them into transparently enforceable rules for IoT application protocols. Bark can express detailed rules such as "Let the lights see the luminosity of the bedroom sensor at any time" and "Let a device at my front door, if I approve it, unlock my smart lock for 30 seconds" in a way that is presentable and explainable to users. We implement Bark for Wi-Fi/IP and Bluetooth Low Energy (BLE) networks and evaluate its efficacy on several example applications and attacks.

As the technology reliance increases, computer networks are getting bigger and larger and so are threats and attacks. Therefore Network security becomes a major concern during this last decade. Network Security requires a combination of hardware devices and software applications. Namely, Firewalls and IPsec gateways are two technologies that provide network security protection and repose on security policies which are maintained to ensure traffic control and network safety. Nevertheless, security policy misconfigurations and inconsistency between the policy's rules produce errors and conflicts, which are often very hard to detect and consequently cause security holes and compromise the entire system functionality. In This paper, we review the related approaches which have been proposed for security policy management along with surveying the literature for conflicts detection and resolution techniques. This work highlights the advantages and limitations of the proposed solutions for security policy verification in IPsec and Firewalls and gives an overall comparison and classification of the existing approaches.

The target of security protection of the power distribution automation system (the distribution system for short) is to ensure the security of communication between the distribution terminal (terminal for short) and the distribution master station (master system for short). The encryption and authentication gateway (VPN gateway for short) for distribution system enhances the network layer communication security between the terminal and the VPN gateway. The distribution application layer encryption authentication device (master cipher machine for short) ensures the confidentiality and integrity of data transmission in application layer, and realizes the identity authentication between the master station and the terminal. All these measures are used to prevent malicious damage and attack to the master system by forging terminal identity, replay attack and other illegal operations, in order to prevent the resulting distribution network system accidents. Based on the security protection scheme of the power distribution automation system, this paper carries out the development of multi-chip encapsulation, develops IPSec Protocols software within the security chip, and realizes dual encryption and authentication function in IP layer and application layer supporting the national cryptographic algorithm.

This paper presents a contemporary review of communication architectures and topographies for MANET-connected Internet-of-Things (IoT) systems. Routing protocols for multi-hop MANETs are analyzed with a focus on the standardized Routing Protocol for Low-power and Lossy Networks. Various security threats and vulnerabilities in current MANET routing are described and security enhanced routing protocols and trust models presented as methodologies for supporting secure routing. Finally, the paper identifies some key research challenges in the emerging domain of MANET-IoT connectivity.

The motivation behind Software-Defined Networking (SDN) is to allow services and network capabilities to be managed through a central control point. Moving Target Defense (MTD) introduces a constantly changing environment in order to delay or prevent attacks on a system. For the effective use of MTD, SDN can be used to help confuse the attacker from gathering legitimate information about the network. This paper investigates how SDN can be used for some network based MTD techniques and evaluate the benefits of integrating techniques in SDN and MTD. In the experiment, network assets are kept hidden from inside and outside attackers. Furthermore, the SDN controller is programed to perform IP mutation to keep changing real IP addresses of the underlying hosts by assigning each host a virtual IP address at a configured mutation rate to prevent attackers from stealing the real IP addresses or using fake IP addresses. The paper demonstrates experimental evaluation of the MTD technique using the Ryu controller and mininet. The results show that the MTD technique can be easily integrated into the SDN environment to use virtual IP addresses for hosts to reduce the chance of poisoning attacks.

Moving Target Defense (MTD) is a research hotspot in the field of network security. Moving Target Network Defense (MTND) is the implementation of MTD at network level. Numerous related works have been proposed in the field of MTND. In this paper, we focus on the scope and area of MTND, systematically present the recent representative progress from four aspects, including IP address and port mutation, route mutation, fingerprint mutation and multiple mutation, and put forward the future development directions. Several new perspectives and elucidations on MTND are rendered.

Network covert channels enable stealthy communications for malware and data exfiltration. For this reason, the development of effective countermeasures for covert channels is important for the protection of individuals and organizations. However, due to the number of available covert channel techniques, it can be considered impractical to develop countermeasures for all existing covert channels. In recent years, researchers started to develop countermeasures that (instead of only countering one particular hiding technique) can be applied to a whole family of similar hiding techniques. These families are referred to as hiding patterns. The main contribution of this paper is that we extend the idea of hiding patterns by introducing the concept of countermeasure variation. Countermeasure variation is the slight modification of a given countermeasure that was designed to detect covert channels of one specific hiding pattern so that the countermeasure can also detect covert channels that are representing other hiding patterns. We exemplify countermeasure variation using the compressibility score originally presented by Cabuk et al. The compressibility score is used to detect covert channels of the 'inter-packet times' pattern and we show that countermeasure variation allows the application of the compressibility score to detect covert channels of the 'size modulation' pattern, too.

We propose using memristor-based TCAMs (Ternary Content Addressable Memory) to accelerate Regular Expression (RegEx) matching. RegEx matching is a key function in network security, where deep packet inspection finds and filters out malicious actors. However, RegEx matching latency and power can be incredibly high and current proposals are challenged to perform wire-speed matching for large scale rulesets. Our approach dramatically decreases RegEx matching operating power, provides high throughput, and the use of mTCAMs enables novel compression techniques to expand ruleset sizes and allows future exploitation of the multi-state (analog) capabilities of memristors. We fabricated and demonstrated nanoscale memristor TCAM cells. SPICE simulations investigate mTCAM performance at scale and a mTCAM power model at 22nm demonstrates 0.2 fJ/bit/search energy for a 36x400 mTCAM. We further propose a tiled architecture which implements a Snort ruleset and assess the application performance. Compared to a state-of-the-art FPGA approach (2 Gbps,\textbackslashtextasciitilde1W), we show x4 throughput (8 Gbps) at 60% the power (0.62W) before applying standard TCAM power-saving techniques. Our performance comparison improves further when striding (searching multiple characters) is considered, resulting in 47.2 Gbps at 1.3W for our approach compared to 3.9 Gbps at 630mW for the strided FPGA NFA, demonstrating a promising path to wire-speed RegEx matching on large scale rulesets.

Many abstract security measurements are based on characteristics of a graph that represents the network. These are typically simple and quick to compute but are often of little practical use in making real-world predictions. Practical network security is often measured using simulation or real-world exercises. These approaches better represent realistic outcomes but can be costly and time-consuming. This work aims to combine the strengths of these two approaches, developing efficient heuristics that accurately predict attack success. Hyper-heuristic machine learning techniques, trained on network attack simulation training data, are used to produce novel graph-based security metrics. These low-cost metrics serve as an approximation for simulation when measuring network security in real time. The approach is tested and verified using a simulation based on activity from an actual large enterprise network. The results demonstrate the potential of using hyper-heuristic techniques to rapidly evolve and react to emerging cybersecurity threats.

Existing security technologies play a significant role in protecting enterprise systems but they are no longer enough on their own given the number of successful cyberattacks against businesses and the sophistication of the tactics used by attackers to bypass the security defences. Security measurement is different to security monitoring in the sense that it provides a means to quantify the security of the systems while security monitoring helps in identifying abnormal events and does not measure the actual state of an infrastructure's security. The goal of enterprise security metrics is to enable understanding of the overall security using measurements to guide decision making. In this paper we present a reference architecture for aggregating the measurement values from the different components of the system in order to enable stakeholders to see the overall security state of their enterprise systems and to assist with decision making. This will provide a newer dimension to security management by shifting from security monitoring to security measurement.

Nowadays, honeypots are a key tool to attract attackers and study their activity. They help us in the tasks of evaluating attacker's behaviour, discovering new types of attacks, and collecting information and statistics associated with them. However, the gathered data cannot be directly interpreted, but must be analyzed to obtain useful information. In this paper, we present a SSH honeypot-based system designed to simulate a vulnerable server. Thus, we propose an approach for the classification of metrics from the data collected by the honeypot along 19 months.