An exploratory study of techniques in passive network telescope data analysis

Cowie, Bradley

January 2013

Careful examination of the composition and concentration of malicious traffic in transit on the channels of the Internet provides network administrators with a means of understanding and predicting damaging attacks directed towards their networks. This allows for action to be taken to mitigate the effect that these attacks have on the performance of their networks and the Internet as a whole by readying network defences and providing early warning to Internet users. One approach to malicious traffic monitoring that has garnered some success in recent times, as exhibited by the study of fast spreading Internet worms, involves analysing data obtained from network telescopes. While some research has considered using measures derived from network telescope datasets to study large scale network incidents such as Code-Red, SQLSlammer and Conficker, there is very little documented discussion on the merits and weaknesses of approaches to analyzing network telescope data. This thesis is an introductory study in network telescope analysis and aims to consider the variables associated with the data received by network telescopes and how these variables may be analysed. The core research of this thesis considers both novel and previously explored analysis techniques from the fields of security metrics, baseline analysis, statistical analysis and technical analysis as applied to analysing network telescope datasets. These techniques were evaluated as approaches to recognize unusual behaviour by observing the ability of these techniques to identify notable incidents in network telescope datasets

Web search engines

Internet searching

World Wide Web

Malware (Computer software)

Computer viruses

Computer networks -- Monitoring

Computer networks -- Security measures

An investigation into the control of audio streaming across networks having diverse quality of service mechanisms

Foulkes, Philip James

January 2012

The transmission of realtime audio data across digital networks is subject to strict quality of service requirements. These networks need to be able to guarantee network resources (e.g., bandwidth), ensure timely and deterministic data delivery, and provide time synchronisation mechanisms to ensure successful transmission of this data. Two open standards-based networking technologies, namely IEEE 1394 and the recently standardised Ethernet AVB, provide distinct methods for achieving these goals. Audio devices that are compatible with IEEE 1394 networks exist, and audio devices that are compatible with Ethernet AVB networks are starting to come onto the market. There is a need for mechanisms to provide compatibility between the audio devices that reside on these disparate networks such that existing IEEE 1394 audio devices are able to communicate with Ethernet AVB audio devices, and vice versa. The audio devices that reside on these networks may be remotely controlled by a diverse set of incompatible command and control protocols. It is desirable to have a common network-neutral method of control over the various parameters of the devices that reside on these networks. As part of this study, two Ethernet AVB systems were developed. One system acts as an Ethernet AVB audio endpoint device and another system acts as an audio gateway between IEEE 1394 and Ethernet AVB networks. These systems, along with existing IEEE 1394 audio devices, were used to demonstrate the ability to transfer audio data between the networking technologies. Each of the devices is remotely controllable via a network neutral command and control protocol, XFN. The IEEE 1394 and Ethernet AVB devices are used to demonstrate the use of the XFN protocol to allow for network neutral connection management to take place between IEEE 1394 and Ethernet AVB networks. User control over these diverse devices is achieved via the use of a graphical patchbay application, which aims to provide a consistent user interface to a diverse range of devices.

Streaming audio -- Testing

Data transmission systems -- Testing

Computer networks -- Management

Computer networks -- Evaluation

Computer network protocols -- Standards

Secure Routing Schemes In Mobile Ad Hoc Networks

Prashant, Dixit Pratik

07 1900

No description available.

Local Area Networks

Routing (Computer Networks)

Mobile Ad Hoc Networks (MANETs)

Virtual Private Network (VPN)

Multicasting (Computer Networks)

Communciation Engineering

An adaptive multi-agent architecture for critical information infrastructure protection

Heydenrych, Mark

10 October 2014

M.Sc. (Information Technology) / The purpose of the research presented in this dissertation is to explore the uses of an adaptive multi-agent system for critical information infrastructure protection (CIIP). As the name suggests, CIIP is the process of protecting the information system which are connected to the infrastructure essential to the continued running of a country or organisation. CIIP is challenging due largely to the diversity of these infrastructures. The dissertation examines a number of artificial intelligence techniques that can be applied to CIIP; these techniques range from multi-agent systems to swarm optimisation. The task of protection is broken into three distinct areas: preventing unauthorised communication from outside the system; identifying anomalous actions on computers within the system; and ensuring that communication within the system is not modified externally. A multi-agent learning model, MALAMANTEAU, is proposed as a way to address the problem of CIIP. Due to various problems facing CIIP, multi-agent systems present good opportunities for solving these many problems in a single model. Agents within the MALAMANTEAU model will use diverse artificial and computational intelligence techniques in order to provide an adaptable approach to protecting critical networks. The research presented in the dissertation shows how computational intelligence can be employed alongside multi-agent systems in order to provide powerful protection for critical networks without exposing further security risks.

Multiagent systems

Distributed artificial intelligence

Software Switch 1.3 : an experimenter-friendly OpenFlow implementation = Software Switch 1.3 : implementação de um comutador OpenFlow para experimentação em Redes Definidas por Software / Software Switch 1.3 : implementação de um comutador OpenFlow para experimentação em Redes Definidas por Software

Fernandes, Eder Leão, 1987-

27 August 2018

Orientador: Christian Rodolfo Esteve Rothenberg / Dissertação (mestrado) - Universidade Estadual de Campinas, Faculdade de Engenharia Elétrica e de Computação / Made available in DSpace on 2018-08-27T04:14:12Z (GMT). No. of bitstreams: 1 Fernandes_EderLeao_M.pdf: 1013570 bytes, checksum: 6c396641a9ce6faceedd380180040736 (MD5) Previous issue date: 2015 / Resumo: OpenFlow é a mais proeminente tecnologia para a implementação de Redes Definidas por Software (RDS). Projetada como uma interface de controle entre switches e controladores, o protocolo pode ser visto como um conjunto de instruções para programar a lógica de encaminhamento em comutadores da rede. A primeira versão do OpenFlow atraiu a atenção de pesquisadores da indústria e universidades interessados nos potenciais benefícios prometidos por RDS. Rápidamente surgiram ferramentas para experimentação em OpenFlow 1.0, incluindo comutadores, controladores e software para testes e emulação. Após o início da padronização do protocolo pela OpenNetworkFoundation, o protocolo OpenFlow evoluiu rapidamente dando origem à novas especificações. As novas funcionalidades aumentaram as possibilidades de experimentos, gerando entusiasmo. Porém, o desenvolvimento das ferramentas de experimen- tação não acompanharam o mesmo rítmo do protocolo. Para preencher essa lacuna, nosso projeto desenvolveu um comutador em software com suporte a OpenFlow 1.3. Guiado pelo objetivo de ser simples e básicos requisitos de desempenho, a proposta da ferramenta é ser uma opção, fácil e funcional para desenvolvedores de aplicações RDS buscando utilizar as novas funcionalidades do OpenFlow 1.3. Em suma, o software desenvolvido nesse projeto foi o primeiro comutador OpenFlow 1.3 do mundo. Lançado como projeto de código aberto, possibilitou a pesquisadores de todo o mundo a prototipagem e demonstração de soluções não possíveis anteriormente / Abstract: OpenFlow is the most prominent technology to enable Software Defined Networking (SDN). Designed as a control interface between switches and controllers, the protocol can be considered an instruction set to program the network forwarding logic. The first OpenFlow version attracted attention from both the industry and academy researchers interested in SDN promised benefits. Quickly, a toolset for OpenFlow 1.0 was available, which included switches, controllers, test and emulation software. When the protocol standardization process started by the Open Network Foundation, OpenFlow evolved fast and new specifications emerged in the last years. New features empowered the protocol and created enthusiasm; however projects of experimentation tools did not followed the OpenFlow fast pace. This work addresses one of these gaps, implementing an experimenter friendly OpenFlow 1.3 software switch. Driven by simplicity and basic performance requirements, the tool purpose is to be a functional and easy option for SDN developers that want to take advantage of the benefits brought by more recent OpenFlow versions. Overall, this project resulted in the open source release of the first OpenFlow 1.3 switch, allowing researchers from all around the globe to prototype and demonstrate solutions not possible until this work. Keywords: Computer Networks; Software Defined / Mestrado / Engenharia de Computação / Mestre em Engenharia Elétrica

Redes de computadores

Comutadores (Teoria operacional)

Software - Desenvolvimento

Redes de computadores - Protocolos

Computer Networks

Switches (Operating theory)

Software - Development

Computer networks - Protocols

Application of active rules to support database integrity constraints and view management

Visavapattamawon, Suwanna

01 January 2001

The project demonstrates the enforcement of integrity constraints in both the conventional and active database systems. The project implements a more complex user-defined constraint, a complicated view and more detailed database auditing on the active database system.

Database management

Databases -- Computer networks

Computers -- Access control

Management information systems

Databases and Information Systems

The Next Generation Botnet Attacks And Defenses

Wang, Ping

01 January 2010

A "botnet" is a network of compromised computers (bots) that are controlled by an attacker (botmasters). Botnets are one of the most serious threats to today’s Internet; they are the root cause of many current Internet attacks, such as email spam, distributed denial of service (DDoS) attacks , click fraud, etc. There have been many researches on how to detect, monitor, and defend against botnets that have appeared and their attack techniques. However, it is equally important for us to investigate possible attack techniques that could be used by the next generation botnets, and develop effective defense techniques accordingly in order to be well prepared for future botnet attacks. In this dissertation, we focus on two areas of the next generation botnet attacks and defenses: the peer-to-peer (P2P) structured botnets and the possible honeypot detection techniques used by future botnets. Currently, most botnets have centralized command and control (C&C) architecture. However, P2P structured botnets have gradually emerged as a new advanced form of botnets. Without C&C servers, P2P botnets are more resilient to defense countermeasures than traditional centralized botnets. Therefore, we first systematically study P2P botnets along multiple dimensions: bot candidate selection, network construction and C&C mechanisms and communication protocols. As a further illustration of P2P botnets, we then present the design of an advanced hybrid P2P botnet, which could be developed by botmasters in the near future. Compared with current botnets, the proposed botnet is harder to be shut down, monitored, and hijacked. It provides robust network connectivity, individualized encryption and control traffic dispersion, limited botnet exposure by each bot, and easy monitoring and recovery by its botmaster. We suggest and analyze several possible defenses against this advanced botnet. Upon our understanding of P2P botnets, we turn our focus to P2P botnet countermeasures. We provide mathematical analysis of two P2P botnet mitigation approaches — index iii poisoning defense and Sybil defense, and one monitoring technique - passive monitoring. We are able to give analytical results to evaluate their performance. And simulation-based experiments show that our analysis is accurate. Besides P2P botnets, we investigate honeypot-aware botnets as well. This is because honeypot techniques have been widely used in botnet defense systems, botmasters will have to find ways to detect honeypots in order to protect and secure their botnets. We point out a general honeypot-aware principle, that is security professionals deploying honeypots have liability constraint such that they cannot allow their honeypots to participate in real attacks that could cause damage to others, while attackers do not need to follow this constraint. Based on this principle, a hardware- and software- independent honeypot detection methodology is proposed. We present possible honeypot detection techniques that can be used in both centralized botnets and P2P botnets. Our experiments show that current standard honeypot and honeynet programs are vulnerable to the proposed honeypot detection techniques. In the meantime, we discuss some guidelines for defending against general honeypot-aware botnet attacks.

Computer networks -- Security measures

Computer security

Electrical and Computer Engineering

Electrical and Electronics

Engineering

An examination of the Mirage-Net web-community from a uses and gratifications perspective

Thaldorf, Carey L.

01 October 2000

No description available.

Computer networks -- Social aspects

Electronic discussion groups

Electronic mail systems

Electronic villages (Computer networks)

Communication

Social and Behavioral Sciences

Towards a model for ensuring optimal interoperability between the security systems of trading partners in a business-to-business e-commerce context

Pather, Maree

25 August 2009

A vast range of controls/countermeasures exists for implementing security on information systems connected to the Internet. For the practitioner attempting to implement an integrated solution between trading partners operating across the Internet, this has serious implications in respect of interoperability between the security systems of the trading partners. The problem is exacerbated by the range of specification options within each control. This research is an attempt to find a set of relevant controls and specifications towards a framework for ensuring optimal interoperability between trading partners in this context. Since a policy-based, layered approach is advocated, which allows each trading partner to address localized risks independently, no exhaustive risk analysis is attempted. The focus is on infrastructure that is simultaneously optimally secure and provides optimal interoperability. It should also be scalable, allowing for additional security controls to be added whenever deemed necessary. / Computing / M. Sc. (Information Systems)

Security

Business-to-business e-commerce (B2B)

Extranet

Interoperability

Trading partner

005.71

Computer networks -- Security measures

Electronic commerce -- Security measures

Electronic data interchange

Distributed discovery and management of alternate internet paths with enhanced quality of service

Rakotoarivelo, Thierry, Electrical Engineering & Telecommunications, Faculty of Engineering, UNSW

January 2006

The convergence of recent technology advances opens the way to new ubiquitous environments, where network-enabled devices collectively form invisible pervasive computing and networking environments around the users. These users increasingly require extensive applications and capabilities from these devices. Recent approaches propose that cooperating service providers, at the edge of the network, offer these required capabilities (i.e services), instead of having them directly provided by the devices. Thus, the network evolves from a plain communication medium into an endless source of services. Such a service, namely an overlay application, is composed of multiple distributed application elements, which cooperate via a dynamic communication mesh, namely an overlay association. The Quality of Service (QoS) perceived by the users of an overlay application greatly depends on the QoS on the communication paths of the corresponding overlay association. This thesis asserts and shows that it is possible to provide QoS to an overlay application by using alternate Internet paths resulting from the compositions of independent consecutive paths. Moreover, this thesis also demonstrates that it is possible to discover, select and compose these independent paths in a distributed manner within an community comprising a limited large number of autonomous cooperating peers, such as the fore-mentioned service providers. Thus, the main contributions of this thesis are i) a comprehensive description and QoS characteristic analysis of these composite alternate paths, and ii) an original architecture, termed SPAD (Super-Peer based Alternate path Discovery), which allows the discovery and selection of these alternate paths in a distributed manner. SPAD is a fully distributed system with no single point of failure, which can be easily and incrementally deployed on the current Internet. It empowers the end-users at the edge of the network, allowing them to directly discover and utilize alternate paths.

Network performance (Telecommunication)

Computer networks -- Quality control.

Routing (Computer network management)