PortableVN: A Generic Mobile Application for Security Testbeds

Pujari, Medha Rani

06 September 2019

No description available.

Computer Science

Dynamic Shifting of Virtual Network Topologies for Network Attack Prevention

Avidan, Lenoy

01 May 2019

Computer networks were not designed with security in mind, making research into the subject of network security vital. Virtual Networks are similar to computer networks, except the components of a Virtual Network are in software rather than hardware. With the constant threat of attacks on networks, security is always a big concern, and Virtual Networks are no different. Virtual Networks have many potential attack vectors similar to physical networks, making research into Virtual Network security of great importance. Virtual Networks, since they are composed of virtualized network components, have the ability to dynamically change topologies. In this paper, we explore Virtual Networks and their ability to quickly shift their network topology. We investigate the potential use of this flexibility to protect network resources and defend against malicious activities. To show the ability of reactively shifting a Virtual Network’s topology to se- cure a network, we create a set of four experiments, each with a different dynamic topology shift, or “dynamic defense”. These four groups of experiments are called the Server Protection, Isolated Subnet, Distributed Port Group, and Standard Port Group experiments. The Server Protection experiments involve detecting an attack against a server and shifting the server behind a protected subnet. The other three sets of experiments, called Attacker Prevention experiments, involve detecting a malicious node in the internal network and initiating a dynamic de- fense to move the attacker behind a protected subnet. Each Attacker Prevention experiment utilizes a different dynamic defense to prevent the malicious node from attacking the rest of the Virtual Network. For each experiment, we run 6 different network attacks to validate the effectiveness of the dynamic defenses. The network attacks utilized for each experiment are ICMP Flooding, TCP Syn Flooding, Smurf attack, ARP Spoofing, DNS Spoofing, and NMAP Scanning. Our validation shows that our dynamic defenses, outside of the standard port group, are very effective in stopping each attack, consistently lowering the at- tacks’ success rate significantly. The Standard Port Group was the one dynamic defense that is ineffective, though there are also a couple of experiments that could benefit from being run with more attackers and with different situations to fully understand the effectiveness of the defenses. We believe that, as Virtual Networks become more common and utilized outside of data centers, the ability to dynamically shift topology can be used for network security purposes.

Virtual Networks

Network Security

OS and Networks

Software Engineering

Machine Learning-Based Decision Support to Secure Internet of Things Sensing

Chen, Zhiyan

07 December 2023

Internet of Things (IoT) has weaknesses due to the vulnerabilities in the wireless medium and massively interconnected nodes that form an extensive attack surface for adversaries. It is essential to ensure security including IoT networks and applications. The thesis focus on three streams in IoT scenario, including fake task attack detection in Mobile Crowdsensing (MCS), blockchain technique-integrated system security and privacy protection in MCS, and network intrusion detection in IoT. In this thesis, to begin, in order to detect fake tasks in MCS with promising performance, a detailed analysis is provided by modeling a deep belief network (DBN) when the available sensory data is scarce for analysis. With oversampling to cope with the class imbalance challenge, a Principal Component Analysis (PCA) module is implemented prior to the DBN and weights of various features of sensing tasks are analyzed under varying inputs. Additionally, an ensemble learning-based solution is proposed for MCS platforms to mitigate illegitimate tasks. Meanwhile, a k-means-based classification is integrated with the proposed ensemble method to extract region-specific features as input to the machine learning-based fake task detection. A novel approach that is based on horizontal Federated Learning (FL) is proposed to identify fake tasks that contain a number of independent detection devices and an aggregation entity. Moreover, the submitted tasks are collected and managed conventionally by a centralized MCS platform. A centralized MCS platform is not safe enough to protect and prevent tampering sensing tasks since it confronts the single point of failure which reduces the effectiveness and robustness of MCS system. In order to address the centralized issue and identify fake tasks, a blockchain-based decentralized MCS is designed. Integration of blockchain into MCS enables a decentralized framework. The distributed nature of a blockchain chain prevents sensing tasks from being tampered. The blockchain network uses a Practical Byzantine Fault Tolerance (PBFT) consensus that can tolerate 1/3 faulty nodes, making the implemented MCS system robust and sturdy. Lastly, Machine Learning (ML)-based frameworks are widely investigated to identity attacks in IoT networks, namely Network Intrusion Detection System (NIDS). ML models perform divergent detection performance in each class, so it is challenging to select one ML model applicable to all classes prediction. With this in mind, an innovative ensemble learning framework is proposed, two ensemble learning approaches, including All Predict Wisest Decides (APWD) and Predictor Of the Lowest Cost (POLC), are proposed based on the training of numerous ML models. According to the individual model outcomes, a wise model performing the best detection performance (e.g., F1 score) or contributing the lowest cost is determined. Moreover, an innovated ML-based framework is introduced, combining NIDS and host-based intrusion detection system (HIDS). The presented framework eliminates NIDS restrictions via observing the entire traffic information in host resources (e.g., logs, files, folders).

Machine learning

Network security

Internet of things

Intrusion detection

A SYSTEMATIC FRAMEWORK FOR ANALYZING THE SECURITY AND PRIVACY OF WIRELESS COMMUNICATION PROTOCOL IMPLEMENTATIONS

Imtiaz Karim (14827771)

24 March 2023

<p> Wireless communication technologies, such as cellular ones, Bluetooth, and WiFi, are fundamental for today’s and tomorrow’s communication infrastructure. Networks based on those technologies are or will be increasingly deployed in many critical domains, such as critical infrastructures, smart cities, healthcare, and industrial environments. Protecting wireless networks against attacks and privacy breaches is thus critical. A fundamental step for the security and privacy of these networks is ensuring that their protocols are implemented as mandated by the standards. These protocols are however quite complex and unfortunately, the lack of secure-by-design approaches for these complex protocols often induces vulnerabilities in implementations with severe security and privacy repercussions. For these protocols, the standards are thousands of pages long, written in natural language, describe the high-level interaction of the protocol entities, and most often depend on human interpretation—which is open to misunderstanding and ambiguity. This inherently entails the question of whether these wireless protocols and their communication equipment implement the corresponding standards correctly or whether the implementations introduce vulnerabilities that can have severe consequences.</p>

System and network security

Communication protocols

4G

5G

Bluetooth Low Energy

An Approach To Graph-Based Modeling Of Network Exploitations

Li, Wei

10 December 2005

Computer security professionals and researchers are investigating proactive techniques for studying network-based attack behavior. Attack modeling is one of these research areas. In this dissertation, we address a novel attack modeling technique called an exploitation graph (e-graph) for representing attack scenarios. The key assumption in this research is that we can use exploitation graphs to represent attack scenarios, and methods involving e-graphs can be applied to provide vulnerability mitigation strategies. The modeling process consists of three primary steps. The first step is the creation of a knowledge base of vulnerability graphs (v-graphs) from known system vulnerabilities. Each v-graph shows necessary preconditions in order to make the vulnerability exploitable, and post-conditions that denote effects after a successful exploitation. A template is used to facilitate the definition of preconditions and post-conditions. The second step involves the association of multiple v-graphs to create an e-graph specific to a system being modeled. Network topology information and security policies (e.g., firewall rules) are encoded during the modeling process. A set of experiments were designed to test the modeling approach in a cluster computing environment consisting of one server node and eight internal computing nodes. Experimental results showed that e-graphs can be used to evaluate vulnerability mitigation solutions, e.g., identifying critical vulnerabilities and evaluating firewall policies. The third step of this process focuses on devising graph-simplification techniques for large e-graphs. Efficient graph-simplification techniques are described based on host and exploitation similarity. The most distinctive feature of these techniques is that, they help to simplify the most complex graph-generation process and do not require excessive memory storage. Experimental results showed that these techniques can not only reduce the size of e-graphs substantially, but also preserve most information needed for useful attack scenario analysis. The usefulness of the e-graph approach is shown in this dissertation. As a general approach for system administrators, the proposed techniques can be used in, but is not limited to, the cluster-computing environment in providing proactive Vulnerability Assessment (VA) strategies.

exploitation graph

e-graph

vulnerability assessment

network security

computer security

AN INTEGRATED SECURITY SCHEME WITH RESOURCE-AWARENESS FOR WIRELESS AD HOC NETWORKS

DENG, HONGMEI

07 October 2004

No description available.

wireless Ad Hoc Network

Network Security

Intrusion Detection

Evaluation and Application of Bloom Filters in Computer Network Security

Agbeko, Joseph D.K.M.A

19 October 2009

No description available.

Computer Science

Bloom filters

computer network security

space efficient

protocol

Probabilistic Model for Detecting Network Traffic Anomalies

Yellapragada, Ramani

30 June 2004

No description available.

Computer Science

Network Security

Intrusion Detection

Anomaly Detection

Time-based Approach to Intrusion Detection using Multiple Self-Organizing Maps

Sawant, Ankush

21 April 2005

No description available.

Network Security

Intrusion Detection

Self-Organizing Maps

Anomaly Detection

Machine Learning for Botnet Detection: An Optimized Feature Selection Approach

Lefoane, Moemedi, Ghafir, Ibrahim, Kabir, Sohag, Awan, Irfan U.

05 April 2022

Yes / Technological advancements have been evolving for so long, particularly Internet of Things (IoT) technology that has seen an increase in the number of connected devices surpass non IoT connections. It has unlocked a lot of potential across different organisational settings from healthcare, transportation, smart cities etc. Unfortunately, these advancements also mean that cybercriminals are constantly seeking new ways of exploiting vulnerabilities for malicious and illegal activities. IoT is a technology that presents a golden opportunity for botnet attacks that take advantage of a large number of IoT devices and use them to launch more powerful and sophisticated attacks such as Distributed Denial of Service (DDoS) attacks. This calls for more research geared towards the detection and mitigation of botnet attacks in IoT systems. This paper proposes a feature selection approach that identifies and removes less influential features as part of botnet attack detection method. The feature selection is based on the frequency of occurrence of the value counts in each of the features with respect to total instances. The effectiveness of the proposed approach is tested and evaluated on a standard IoT dataset. The results reveal that the proposed feature selection approach has improved the performance of the botnet attack detection method, in terms of True Positive Rate (TPR) and False Positive Rate (FPR). The proposed methodology provides 100% TPR, 0% FPR and 99.9976% F-score.

Botnet detection

Machine learning

Cyber attacks

Internet of Things

Network security