1 |
Implementation and Evaluation of A Low-Cost Intrusion Detection System For Community Wireless Mesh Networks2015 February 1900 (has links)
Rural Community Wireless Mesh Networks (WMN) can be great assets to rural communities, helping them connect to the rest of their region and beyond. However, they can be a liability in terms of security. Due to the ad-hoc nature of a WMN, and the wide variety of applications and systems that can be found in such a heterogeneous environment there are multiple points of intrusion for an attacker. An unsecured WMN can lead to privacy and legal problems for the users of the network. Due to the resource constrained environment, traditional Intrusion Detection Systems (IDS) have not been as successful in defending these wireless network environments, as they were in wired network deployments. This thesis proposes that an IDS made up of low cost, low power devices can be an acceptable base for a Wireless Mesh Network Intrusion Detection System. Because of the device's low power, cost and ease of use, such a device could be easily deployed and maintained in a rural setting such as a Community WMN. The proposed system was compared to a standard IDS solution that would not cover the entire network, but had much more computing power but also a higher capital cost as well as maintenance costs. By comparing the low cost low power IDS to a standard deployment of an open source IDS, based on network coverage and deployment costs, a determination can be made that a low power solution can be feasible in a rural deployment of a WMN.
|
2 |
Exploring Vulnerabilities in Networked TelemetryShonubi, Felix, Lynton, Ciara, Odumosu, Joshua, Moten, Daryl 10 1900 (has links)
ITC/USA 2015 Conference Proceedings / The Fifty-First Annual International Telemetering Conference and Technical Exhibition / October 26-29, 2015 / Bally's Hotel & Convention Center, Las Vegas, NV / The implementation of Integrated Network Enhanced Telemetry (iNET) in telemetry applications provides significant enhancements to telemetry operations. Unfortunately such networking brings the potential for devastating cyber-attacks and networked telemetry is also susceptible to these attacks. This paper demonstrates a worked example of a social engineering attack carried out on a test bed network, analyzing the attack process from launch to detection. For this demonstration, a penetration-testing tool is used to launch the attack. This attack will be monitored to detect its signature using a network monitoring tool, and this signature will then be used to create a rule which will trigger an alert in an Intrusion Detection System. This work highlights the importance of network security in telemetry applications and is critical to current and future telemetry networks as cyber threats are widespread and potentially devastating.
|
3 |
Misconfiguration Analysis of Network Access Control PoliciesTran, Tung 16 February 2009 (has links)
Network access control (NAC) systems have a very important role in network security. However,
NAC policy configuration is an extremely complicated and error-prone task due to the semantic
complexity of NAC policies and the large number of rules that could exist. This significantly
increases the possibility of policy misconfigurations and network vulnerabilities. NAC policy
misconfigurations jeopardize network security and can result in a severe consequence such as
reachability and denial of service problems. In this thesis, we choose to study and analyze the NAC
policy configuration of two significant network security devices, namely, firewall and IDS/IPS.
In the first part of the thesis, a visualization technique is proposed to visualize firewall rules and
policies to efficiently enhance the understanding and inspection of firewall configuration. This is
implemented in a tool called PolicyVis. Our tool helps the user to answer general questions such as
‘‘Does this policy satisfy my connection/security requirements’’. If not, the user can detect all
misconfigurations in the firewall policy.
In the second part of the thesis, we study various policy misconfigurations of Snort, a very popular
IDS/IPS. We focus on the misconfigurations of the flowbits option which is one of the most important
features to offers a stateful signature-based NIDS. We particularly concentrate on a class of flowbits
misconfiguration that makes Snort susceptible to false negatives. We propose a method to detect the
flowbits misconfiguration, suggest practical solutions with controllable false positives to fix the
misconfiguration and formally prove that the solutions are complete and sound.
|
4 |
Misconfiguration Analysis of Network Access Control PoliciesTran, Tung 16 February 2009 (has links)
Network access control (NAC) systems have a very important role in network security. However,
NAC policy configuration is an extremely complicated and error-prone task due to the semantic
complexity of NAC policies and the large number of rules that could exist. This significantly
increases the possibility of policy misconfigurations and network vulnerabilities. NAC policy
misconfigurations jeopardize network security and can result in a severe consequence such as
reachability and denial of service problems. In this thesis, we choose to study and analyze the NAC
policy configuration of two significant network security devices, namely, firewall and IDS/IPS.
In the first part of the thesis, a visualization technique is proposed to visualize firewall rules and
policies to efficiently enhance the understanding and inspection of firewall configuration. This is
implemented in a tool called PolicyVis. Our tool helps the user to answer general questions such as
‘‘Does this policy satisfy my connection/security requirements’’. If not, the user can detect all
misconfigurations in the firewall policy.
In the second part of the thesis, we study various policy misconfigurations of Snort, a very popular
IDS/IPS. We focus on the misconfigurations of the flowbits option which is one of the most important
features to offers a stateful signature-based NIDS. We particularly concentrate on a class of flowbits
misconfiguration that makes Snort susceptible to false negatives. We propose a method to detect the
flowbits misconfiguration, suggest practical solutions with controllable false positives to fix the
misconfiguration and formally prove that the solutions are complete and sound.
|
5 |
Detecting Botnet-based Joint Attacks by Hidden Markov ModelYu Yang, Peng 06 September 2012 (has links)
We present a new detection model include monitoring network perimeter and hosts logs to counter the new method of attacking involve different hosts source during an attacking sequence. The new attacking sequence we called ¡§Scout and Intruder¡¨ involve two separate hosts. The scout will scan and evaluate the target area to find the possible victims and their vulnerability, and the intruder launch the precision strike with login activities looked as same as authorized users. By launching the scout and assassin attack, the attacker could access the system without being detected by the network and system intrusion detection system. In order to detect the Scout and intruder attack, we correlate the netflow connection records, the system logs and network data dump, by finding the states of the attack and the corresponding features we create the detection model using the Hidden Markov Chain. With the model we created, we could find the potential Scout and the Intruder attack in the initial state, which gives the network/system administrator more response time to stop the attack from the attackers.
|
6 |
Augmenting Network Flows with User Interface Context to Inform Access Control DecisionsChuluundorj, Zorigtbaatar 10 October 2019 (has links)
Whitelisting IP addresses and hostnames allow organizations to employ a default-deny approach to network traffic. Organizations employing a default-deny approach can stop many malicious threats, even including zero-day attacks, because it only allows explicitly stated legitimate activities. However, creating a comprehensive whitelist for a default-deny approach is difficult due to user-supplied destinations that can only be known at the time of usage. Whitelists, therefore, interfere with user experience by denying network traffic to user-supplied legitimate destinations. In this thesis, we focus on creating dynamic whitelists that are capable of allowing user-supplied network activity. We designed and built a system called Harbinger, which leverages user interface activity to provide contextual information in which network activity took place. We built Harbinger for Microsoft Windows operating systems and have tested its usability and effectiveness on four popular Microsoft applications. We find that Harbinger can reduce false positives-positive detection rates from 44%-54% to 0%-0.4% in IP and DNS whitelists. Furthermore, while traditional whitelists failed to detect propagation attacks, Harbinger detected the same attacks 96% of the time. We find that our system only introduced six milliseconds of delay or less for 96% of network activity.
|
7 |
Evaluating Machine Learning Intrusion Detection System classifiers : Using a transparent experiment approachAugustsson, Christian, Egeberg Jacobson, Pontus, Scherqvist, Erik January 2019 (has links)
There have been many studies performing experiments that showcase the potential of machine learning solutions for intrusion detection, but their experimental approaches are non-transparent and vague, making it difficult to replicate their trained methods and results. In this thesis we exemplify a healthier experimental methodology. A survey was performed to investigate evaluation metrics. Three experiments implementing and benchmarking machine learning classifiers, using different optimization techniques, were performed to set up a frame of reference for future work, as well as signify the importance of using descriptive metrics and disclosing implementation. We found a set of metrics that more accurately describes the models, and we found guidelines that we would like future researchers to fulfill in order to make their work more comprehensible. For future work we would like to see more discussion regarding metrics, and a new dataset that is more generalizable.
|
8 |
Network Intrusion and Detection : An evaluation of SNORTFleming, Theodor, Wilander, Hjalmar January 2018 (has links)
Network security has become a vital part for computer networks to ensure that they operate as expected. With many of today's services relying on networks it is of great importance that the usage of networks are not being compromised. One way to increase the security of a computer network is to implement a Network Intrusion Detection System (NIDS). This system monitors the traffic sent to, from and within the network. This study investigates how a NIDS called SNORT with different configurations handles common network attacks. The knowledge of how SNORT managed the attacks is used to evaluate and indicate the vulnerability of different SNORT configurations. Different approaches on both how to bypass SNORT and how to detect attacks are described both theoretically, and practically with experiments. This study concludes that a carefully prepared configuration is the factor for SNORT to perform well in network intrusion detection.
|
9 |
Secure Telemetry: Attacks and Counter Measures on iNETOdesanmi, Abiola, Moten, Daryl 10 1900 (has links)
ITC/USA 2011 Conference Proceedings / The Forty-Seventh Annual International Telemetering Conference and Technical Exhibition / October 24-27, 2011 / Bally's Las Vegas, Las Vegas, Nevada / iNet is a project aimed at improving and modernizing telemetry systems by moving from a link to a networking solution. Changes introduce new risks and vulnerabilities. The nature of the security of the telemetry system changes when the elements are in an Ethernet and TCP/IP network configuration. The network will require protection from intrusion and malware that can be initiated internal to, or external of the network boundary. In this paper we will discuss how to detect and counter FTP password attacks using the Hidden Markov Model for intrusion detection. We intend to discover and expose the more subtle iNet network vulnerabilities and make recommendations for a more secure telemetry environment.
|
10 |
MULTI-LEVEL ANOMALY BASED AUTONOMIC INTRUSION DETECTION SYSTEMAl-Nashif, Youssif January 2008 (has links)
The rapid growth and deployment of network technologies and Internet services has made security and management of networks a challenging research problem. This growth is accompanied by an exponential growth in the number of network attacks, which have become more complex, more organized, more dynamic, and more severe than ever. Current network protection techniques are static, slow in responding to attacks, and inefficient due to the large number of false alarms. Attack detection systems can be broadly classified as being signature-based, classification-based, or anomaly-based. In this dissertation, I present a multi-level anomaly based autonomic network defense system which can efficiently detect both known and unknown types of network attacks with a high detection rate and low false alarms. The system uses autonomic computing to automate the control and management of multi-level intrusion detection system and integrate the different components of the system. The system defends the network by detecting anomalies in network operations that may have been caused by network attacks. Like other anomaly detection systems, AND captures a profile of normal network behavior.In this dissertation, I introduce experimental results that evaluate the effectiveness and performance of the multi-level anomaly based autonomic network intrusion detection system in detecting network attacks. The system consist of monitoring modules, feature aggregation and correlation modules, behavior analysis modules, decision fusion module, global visualization module, risk and impact analysis module, action module, attack classification module, and the adaptive learning module. I have successfully implemented a prototype system based on my multi-level anomaly based approach. The experimental results and evaluation of our prototype show that our multi-level intrusion detection system can efficiently and effectively detect and protect against any type of network attacks known or unknown in real-time. Furthermore, the overhead of our approach is insignificant on the normal network operations and services.
|
Page generated in 0.1234 seconds