Global ETD Search

31	Towards Secure Multipath TCP Communication Afzal, Zeeshan January 2017 (has links) The evolution in networking coupled with an increasing demand to improve user experience has led to different proposals to extend the standard TCP. Multipath TCP (MPTCP) is one such extension that has the potential to overcome few inherent limitations in the standard TCP. While MPTCP's design and deployment progresses, most of the focus has been on its compatibility. The security aspect is confined to making sure that the MPTCP protocol itself offers the same security level as the standard TCP. The topic of this thesis is to investigate the unexpected security implications raised by using MPTCP in the traditional networking environment. The Internet of today has security middle-boxes that perform traffic analysis to detect intrusions and attacks. Such middle-boxes make use of different assumptions about the traffic, e.g., traffic from a single connection always arrives along the same path. This along with many other assumptions may not be true anymore with the advent of MPTCP as traffic can be fragmented and sent over multiple paths simultaneously. We investigate how practical it is to evade a security middle-box by fragmenting and sending traffic across multiple paths using MPTCP. Realistic attack traffic is used to evaluate such attacks against Snort IDS to show that these attacks are feasible. We then go on to propose possible solutions to detect such attacks and implement them in an MPTCP proxy. The proxy aims to extend the MPTCP performance advantages to servers that only support standard TCP, while ensuring that intrusions can be detected as before. Finally, we investigate the potential MPTCP scenario where security middle-boxes only have access to some of the traffic. We propose and implement an algorithm to perform intrusion detection in such situations and achieve a nearly 90% detection accuracy. Another contribution of this work is a tool, that converts IDS rules into equivalent attack traffic to automate the evaluation of a middle-box. / Multipath TCP (MPTCP) is an extension to standard TCP that is close to being standardized. The design of the protocol is progressing, but most of the focus has so far been on its compatibility. The security aspect is confined to making sure that the MPTCP protocol itself offers the same security level as standard TCP. The topic of this thesis is to investigate the unexpected security implications raised by using MPTCP in a traditional networking environment. Today, the security middleboxes make use of different assumptions that may not be true anymore with the advent of MPTCP.We investigate how practical it is to evade a security middlebox by fragmenting and sending traffic across multiple paths using MPTCP. Realistic attack traffic generated from a tool that is also presented in this thesis is used to show that these attacks are feasible. We then go on to propose possible solutions to detect such attacks and implement them in an MPTCP proxy. The proxy aims to extend secure MPTCP performance advantages. We also investigate the MPTCP scenario where security middleboxes can only observe some of the traffic. We propose and implement an algorithm to perform intrusion detection in such situations and achieve a high detection accuracy. / HITS network security MPTCP TCP IDS snort edit-distance Computer Sciences Datavetenskap (datalogi)
32	Methods for network intrusion detection : Evaluating rule-based methods and machine learning models on the CIC-IDS2017 dataset Lindstedt, Henrik January 2022 (has links) Network intrusion detection is a task aimed to identify malicious network traffic. Malicious networktraffic is generated when a perpetrator attacks a network or internet-connected device with the intent todisrupt, steal or destroy a service or information. Two approaches for this particular task is the rule-basedmethod and the use of machine learning. The purpose of this paper was to contribute with knowledgeon how to evaluate and build better network intrusion detection systems (NIDS). That was fulfilled bycomparing the detection ability of two machine learning models, a neural network and a random forestmodel, with a rule-based NIDS called Snort. The paper describes how the two models and Snort wereconstructed and how performance metrics were generated on a dataset called CIC-IDS2017. It also describes how we capture our own malicious network traffic and the models ability to classify that data. Thecomparisons shows that the neural network outperforms Snort and the Random forest. We also presentfour factors that may influence which method that should be used for intrusion detection. In addition weconclude that we see potential in using CIC-IDS2017 to build NIDS based on machine learning. MLP random forest CIC-IDS2017 Snort Intrusion Detection System Information Systems
33	Improving the precision of an Intrusion Detection System using Indicators of Compromise : - a proof of concept - Lejonqvist, Gisela, Larsson, Oskar January 2018 (has links) The goal of this research is to improve an IDS so that the percentage of true positives is high, an organisation can cut time and cost and use its resources in a more optimal way. This research goal was to prove that the precision of an intrusion detection system (IDS), in terms of producing lower rate of false positives or higher rate of true alerts, can be achieved by parsing indicators of compromise (IOC) to gather information, that combined with system-specific knowledge will be a solid base for manual fine-tuning of IDS-rules. The methodology used is Design Science Research Methodology (DSRM) because it is used for research that aims to answer an existing problem with a new or improved solution. A part of that solution is a proposed process for tuning of an arbitrary intrusion detection system. The implemented and formalized process Tuned Intrusion Detection System (TIDS) has been designed during this research work, aiding us in presenting and performing validation tests in a structured and robust way. The testbed consisted of a Windows 10 operating system and a NIDS implementation of Snort as an IDS. The work was experimental, evaluated and improved regarding IDS rules and tools over several iterations. With the use of recorded data traffic from the public dataset CTU-13, the difference between the use of tuned versus un-tuned rules in an IDS was presented in terms of precision of the alerts created by the IDS. Our contributions were that the concept holds; the precision can be improved by adding custom rules based on known parameters in the network and features of the network traffic and disabling rules that were out of scope. The second contribution is the TIDS process, as designed during the thesis work, serving us well during the process. Intrusion Detection System Indicator Of Compromise False Positives Snort Elektroteknik och elektronik
34	A Prevention Technique for DDoS Attacks in SDN using Ryu Controller Application Adabala, Yashwanth Venkata Sai Kumar, Devanaboina, Lakshmi Venkata Raghava Sudheer January 2024 (has links) Software Defined Networking (SDN) modernizes network control, offering streamlined management. However, its centralized structure makes it more vulnerable to distributed Denial of Service (DDoS) attacks, posing serious threats to network stability. This thesis explores the development of a DDoS attack prevention technique in SDN environments using the Ryu controller application. The research aims to address the vulnerabilities in SDN, particularly focusing on flooding and Internet Protocol (IP) spoofing attacks, which are a significant threat to network security. The study employs an experimental approach, utilizing tools like Mininet-VM (VirtualMachine), Oracle VM VirtualBox, and hping3 to simulate a virtual SDN environment and conduct DDoS attack scenarios. Key methodologies include packet sniffing and rule-based detection by integrating Snort IDS (Intrusion Detection System), which is critical for identifying and mitigating such attacks. The experiments demonstrate the effectiveness of the proposed prevention technique, highlighting the importance of proper configuration and integration of network security tools in SDN. This work contributes to enhancing the resilience of SDN architectures against DDoS attacks, offering insights into future developments in network security. Software Defined Networking SDN IP Spoofing Flooding DDoS Attacks Mininet Snort IDS Network Security Telecommunications Telekommunikation
35	Performance Evaluation Study of Intrusion Detection Systems. Alhomoud, Adeeb M., Munir, Rashid, Pagna Disso, Jules F., Al-Dhelaan, A., Awan, Irfan U. 2011 August 1917 (has links) With the thriving technology and the great increase in the usage of computer networks, the risk of having these network to be under attacks have been increased. Number of techniques have been created and designed to help in detecting and/or preventing such attacks. One common technique is the use of Network Intrusion Detection / Prevention Systems NIDS. Today, number of open sources and commercial Intrusion Detection Systems are available to match enterprises requirements but the performance of these Intrusion Detection Systems is still the main concern. In this paper, we have tested and analyzed the performance of the well know IDS system Snort and the new coming IDS system Suricata. Both Snort and Suricata were implemented on three different platforms (ESXi virtual server, Linux 2.6 and FreeBSD) to simulate a real environment. Finally, in our results and analysis a comparison of the performance of the two IDS systems is provided along with some recommendations as to what and when will be the ideal environment for Snort and Suricata. Attacks ; Intrusion Detection Systems (IDS) ; Traffic ; Performance evaluation ; Packet drops ; Suricata ; Snort ; Alerts ; Network security
36	Bearbetningstid och CPU-användning i Snort IPS : En jämförelse mellan ARM Cortex-A53 och Cortex-A7 / Processing time and CPU usage in Snort IPS : A comparision between ARM Cortex-A53 and Cortex-A7 Nadji, Al-Husein, Sarbast Hgi, Haval January 2020 (has links) Syftet med denna studie är att undersöka hur bearbetningstiden hos Snort intrångsskyddssystem varierar mellan två olika processorer; ARM Cortex-A53 och Cortex-A7. CPU-användningen undersöktes även för att kontrollera om bearbetningstid är beroende av hur mycket CPU Snort använder. Denna studie ska ge kunskap om hur viktig en processor är för att Snort ska kunna prestera bra när det gäller bearbetningstid och CPU användning samt visa det uppenbara valet mellan Cortex-A53 och Cortex-A7 när man ska implementera Snort IPS. Med hjälp av litteratursökning konstruerades en experimentmiljö för att kunna ge svar på studiens frågeställningar. Snort kan klassificeras som CPU-bunden vilket innebär att systemet är beroende av en snabb processor. I detta sammanhang innebär en snabb processor gör att Snort hinner bearbeta den mängd nätverkstrafik den får, annars kan trafiken passera utan att den inspekteras vilket kan skada enheten som är skyddat av Snort. Studiens resultat visar att bearbetningstiden i Snort på Cortex-A53 och Cortex-A7 skiljer sig åt och en tydlig skillnad i CPU-användning mellan processorerna observerades. Studien visar även kopplingen mellan bearbetningstiden och CPUanvändning hos Snort. Studiens slutsats är att ARM Cortex-A53 har bättre prestanda vid användning av Snort IPS avseende bearbetningstid och CPU-användning, där Cortex-A53 har 10 sekunder kortare bearbetningstid och använder 2,87 gånger mindre CPU. / The purpose of this study is to examine how the processing time of the Snort intrusion prevention system varies on two different processors; ARM Cortex-A53 and CortexA7. CPU usage was also examined to check if processing time depends on how much CPU Snort uses. This study will provide knowledge about how important a processor is for Snort to be able to perform well in terms of processing time and CPU usage. This knowledge will help choosing between Cortex-A53 and Cortex-A7 when implementing Snort IPS. To achieve the purpose of the study a literature search has been done to design an experimental environment. Snort can be classified as CPU-bound, which means that the system is dependent on a fast processor. In this context, a fast processor means that Snort is given enough time to process the amount of traffic it receives, otherwise the traffic can pass through without it being inspected, which can be harmful to the device that is protected by Snort. The results of the study show that the processing time in Snort on Cortex-A53 and Cortex-A7 differs and an obvious difference in CPU usage between the processors is shown. The study also presents the connection between processing time and CPU usage for Snort. In conclusion, ARM Cortex-A53 has better performance when using Snort IPS in terms of processing time and CPU usage, Cortex-A53 has 10 seconds less processing time and uses 2,87 times less CPU. - Snort Cortex-A53 Cortex-A7 ARM CPU Processing time IDS IPS Intrusion detection system Raspberry Pi Network Snort Cortex-A53 Cortex-A7 ARM CPU Bearbetningstid IDS IPS Intrångsdetekteringssystem Raspberry Pi Nätverk Computer Sciences Datavetenskap (datalogi)
37	A novel intrusion detection system (IDS) architecture : attack detection based on snort for multistage attack scenarios in a multi-cores environment Pagna Disso, Jules Ferdinand January 2010 (has links) Recent research has indicated that although security systems are developing, illegal intrusion to computers is on the rise. The research conducted here illustrates that improving intrusion detection and prevention methods is fundamental for improving the overall security of systems. This research includes the design of a novel Intrusion Detection System (IDS) which identifies four levels of visibility of attacks. Two major areas of security concern were identified: speed and volume of attacks; and complexity of multistage attacks. Hence, the Multistage Intrusion Detection and Prevention System (MIDaPS) that is designed here is made of two fundamental elements: a multistage attack engine that heavily depends on attack trees and a Denial of Service Engine. MIDaPS were tested and found to improve current intrusion detection and processing performances. After an intensive literature review, over 25 GB of data was collected on honeynets. This was then used to analyse the complexity of attacks in a series of experiments. Statistical and analytic methods were used to design the novel MIDaPS. Key findings indicate that an attack needs to be protected at 4 different levels. Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use legitimate actions, MIDaPS uses a novel approach of attack trees to trace the attacker's actions. MIDaPS was tested and results suggest an improvement to current system performance by 84% whilst detecting DDOS attacks within 10 minutes. 004
38	Měření spolehlivosti vyhledávání vzorů / Reliability Measurement of the Pattern Matching Dvořák, Milan January 2012 (has links) This thesis deals with the pattern matching methods based on finite automata and describes their optimizations. It presents a methodology for the measurement of reliability of pattern matching methods, by comparing their results to the results of the PCRE library. Experiments were conducted for a finite automaton with perfect hashing and faulty transition table. Finally, the resulting reliability evaluation of the algorithm is shown and possible solutions of the identified problems are proposed.
39	A novel intrusion detection system (IDS) architecture. Attack detection based on snort for multistage attack scenarios in a multi-cores environment. Pagna Disso, Jules F. January 2010 (has links) Recent research has indicated that although security systems are developing, illegal intrusion to computers is on the rise. The research conducted here illustrates that improving intrusion detection and prevention methods is fundamental for improving the overall security of systems. This research includes the design of a novel Intrusion Detection System (IDS) which identifies four levels of visibility of attacks. Two major areas of security concern were identified: speed and volume of attacks; and complexity of multistage attacks. Hence, the Multistage Intrusion Detection and Prevention System (MIDaPS) that is designed here is made of two fundamental elements: a multistage attack engine that heavily depends on attack trees and a Denial of Service Engine. MIDaPS were tested and found to improve current intrusion detection and processing performances. After an intensive literature review, over 25 GB of data was collected on honeynets. This was then used to analyse the complexity of attacks in a series of experiments. Statistical and analytic methods were used to design the novel MIDaPS. Key findings indicate that an attack needs to be protected at 4 different levels. Hence, MIDaPS is built with 4 levels of protection. As, recent attack vectors use legitimate actions, MIDaPS uses a novel approach of attack trees to trace the attacker¿s actions. MIDaPS was tested and results suggest an improvement to current system performance by 84% whilst detecting DDOS attacks within 10 minutes. Intrusion Detection System (IDS) Visibility of attacks Performance evaluation Snort Computer network security
40	Efeito dos ácidos graxos de cadeia curta sobre neutrófilos. / Effect of short chain fatty acids on neutrophils function. Vinolo, Marco Aurelio Ramirez 30 November 2010 (has links) Neste estudo avaliamos o efeito dos AGCC (acetato, propionato e butirato) sobre o recrutamento de neutrófilos e parâmetros funcionais (espécies reativas de oxigênio [ERO], citocinas e óxido nítrico, fagocitose e destruição de C. albicans). Investigamos ainda a ativação do NFkB, efeito sobre histonas desacetilases (HDAC) e GPR43. Acetato e butirato alteraram a produção de ERO; o primeiro aumentou a produção de peróxido de hidrogênio, enquanto o butirato inibiu a produção estimulada por PMA. O butirato reduziu a fagocitose e killing de leveduras. Propionato e butirato reduziram a produção de TNF-<font face=\"Symbol\">&#945, CINC-2<font face=\"Symbol\">&#945<font face=\"Symbol\">b e óxido nítrico e aumentaram a síntese de IL-1<font face=\"Symbol\">&#946 por neutrófilos estimulados com LPS. Esses efeitos decorreram de ação a nível transcricional e devem envolver inibição da atividade de HDAC e da ativação do NFkB. Os AGCC aumentaram a migração de neutrófilos in vitro e in vivo. Esses efeitos decorreram de aumento da produção de CINC-2<font face=\"Symbol\">&#945<font face=\"Symbol\">b pelo tecido e da ação direta dos AGCC via GPR43. Os AGCC apresentam ações pró- e antiinflamatórias dependendo do parâmetro analisado. / We evaluated the effect of SCFA (acetate, propionate and butyrate) on the recruitment of neutrophils and functional parameters (reactive oxygen species [ROS], cytokines and nitric oxide production, phagocytosis and destruction of C. albicans). We also investigated the activation of NFkB, effect on histone deacetylases (HDAC) and GPR43. Acetate and butyrate altered the production of ROS, the former increased the production of hydrogen peroxide, whereas butyrate inhibited the production stimulated by PMA. Butyrate reduced the phagocytosis and killing of yeast. Propionate and butyrate reduced the production of TNF-<font face=\"Symbol\">&#945, CINC-2<font face=\"Symbol\">&#945<font face=\"Symbol\">b and nitric oxide and increased the synthesis of IL-1<font face=\"Symbol\">&#946 by LPS-stimulated neutrophils. These effects involve modification at the transcriptional level and inhibition of HDAC and NFkB activation. SCFA increased neutrophil migration in vitro and in vivo, an effect that may be the result of increased production of CINC-2<font face=\"Symbol\">&#945<font face=\"Symbol\">b and direct action of GPR43. SCFA present pro- and anti-inflammatory actions depending on the parameter analyzed. Candida albicans Candida albicans Ácidos graxos de cadeia longa Citocinas Cytokines Fagocitose Inflamação Inflammation Neutrófilos Neutrophils Peroxidase Peroxidase Phagocytosis Snort-chain fatty acids

Search results