Knowledge based anomaly detection

Prayote, Akara, Computer Science & Engineering, Faculty of Engineering, UNSW

January 2007

Traffic anomaly detection is a standard task for network administrators, who with experience can generally differentiate anomalous traffic from normal traffic. Many approaches have been proposed to automate this task. Most of them attempt to develop a sufficiently sophisticated model to represent the full range of normal traffic behaviour. There are significant disadvantages to this approach. Firstly, a large amount of training data for all acceptable traffic patterns is required to train the model. For example, it can be perfectly obvious to an administrator how traffic changes on public holidays, but very difficult, if not impossible, for a general model to learn to cover such irregular or ad-hoc situations. In contrast, in the proposed method, a number of models are gradually created to cover a variety of seen patterns, while in use. Each model covers a specific region in the problem space. Any novel or ad-hoc patterns can be covered easily. The underlying technique is a knowledge acquisition approach named Ripple Down Rules. In essence we use Ripple Down Rules to partition a domain, and add new partitions as new situations are identified. Within each supposedly homogeneous partition we use fairly simple statistical techniques to identify anomalous data. The special feature of these statistics is that they are reasonably robust with small amounts of data. This critical situation occurs whenever a new partition is added. We have developed a two knowledge base approach. One knowledge base partitions the domain. Within each domain statistics are accumulated on a number of different parameters. The resultant data are passed to a knowledge base which decides whether enough parameters are anomalous to raise an alarm. We evaluated the approach on real network data. The results compare favourably with other techniques, but with the advantage that the RDR approach allows new patterns of use to be rapidly added to the model. We also used the approach to extend previous work on prudent expert systems - expert systems that warn when a case is outside its range of experience. Of particular significance we were able to reduce the false positive to about 5%.

Computer networks -- Security measures.

Computer networks -- Access control.

Computer security.

Data protection.

Distributed data management with access control : social Networks and Data of the Web

Galland, Alban

28 September 2011

The amount of information on the Web is spreading very rapidly. Users as well as companies bring data to the network and are willing to share with others. They quickly reach a situation where their information is hosted on many machines they own and on a large number of autonomous systems where they have accounts. Management of all this information is rapidly becoming beyond human expertise. We introduce WebdamExchange, a novel distributed knowledge-base model that includes logical statements for specifying information, access control, secrets, distribution, and knowledge about other peers. These statements can be communicated, replicated, queried, and updated, while keeping track of time and provenance. The resulting knowledge guides distributed data management. WebdamExchange model is based on WebdamLog, a new rule-based language for distributed data management that combines in a formal setting deductiverules as in Datalog with negation, (to specify intensional data) and active rules as in Datalog:: (for updates and communications). The model provides a novel setting with a strong emphasis on dynamicity and interactions(in a Web 2.0 style). Because the model is powerful, it provides a clean basis for the specification of complex distributed applications. Because it is simple, it provides a formal framework for studying many facets of the problem such as distribution, concurrency, and expressivity in the context of distributed autonomous peers. We also discuss an implementation of a proof-of-concept system that handles all the components of the knowledge base and experiments with a lighter system designed for smartphones. We believe that these contributions are a good foundation to overcome theproblems of Web data management, in particular with respect to access control.

[INFO:INFO_OH] Computer Science/Other

Distribution

Access Control

Social Network

Web Data Management

Distributed Datalog

OFDM PHY Layer Implementation based on the 802.11 a Standard and system performance analysis

Zarzo Fuertes, Luis

January 2005

<p>Wireless communication is facing one of the fastest developments of the last years in the fields of technology and computer science in the world. There are several standards that deal with it. In this work, the IEEE standard 802.11a, which deals with wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications, is going to be discussed in detail. </p><p>Taking this into consideration, PHY specifications and its environment are going to be studied. </p><p>The work that the ISY department at the Institute of Technology of the Linköping University has proposed is to design a PHY layer implementation for WLANs, in a CPU, using MATLAB/Simulink and in a DSP processor, using Embedded Target for C6000 DSP and Code Composer Studio and, once implemented both, to perform and analyse the performance of the system under those implementations.</p>

Electronics

Wireless communication

Standard 802.11a

physical layer

medium access control

Elektronik

Electronics

Elektronik

Role based access control in a telecommunications operations and maintenance network / Rollbaserad behörighetskontroll i ett drift- och underhållssystem för telekommunikation

Gunnarsson, Peter

January 2005

<p>Ericsson develops and builds mobile telecommunication networks. These networks consists of a large number of equipment. Each telecommunication company has a staff of administrators appointed to manage respective networks. </p><p>In this thesis, we investigate the requirements for an access control model to manage the large number of permissions and equipment in telecommunication networks. Moreover, we show that the existing models do not satisfy the identified requirements. Therefore, we propose a novel RBAC model which is adapted for these conditions. </p><p>We also investigate some of the most common used commercial tools for administrating RBAC, and evaluate their effectiveness in coping with our new proposed model. However, we find the existing tools limited, and thereby design and partly implement a RBAC managing system which is better suited to the requirements posed by our new model.</p>

Datalogi

Role Based Access Control

RBAC

security

authorization model

administration tools

Datalogi

Computer science

Datalogi

Investigation of IEEE Standard 802.11 Medium Access Control (MAC) Layer in ad-hoc

Garcia Torre, Fernando

January 2006

<p>This thesis involved a research of mechanisms of MAC layer in the ad-hoc networks environment, the ad-hoc networks in the terminology of the standard are called IBSS Independent Basic Service, these type of networks are very useful in real situation where there are not the possibility of display a infrastructure, when there isn’t a network previous planning. </p><p>The connection to a new network is one of the different with the most common type of Wireless Local Area Networks (WLAN) that are the ones with infrastructure. The connection is established without the presence of a central station, instead the stations discover the others with broadcast messages in the coverage area of each station. In the context of standard 802.11 networks the communication between the stations is peer to peer, only with one hop. To continue with initiation process is necessary the synchronization between the different stations of his timers.</p><p>The other capital mechanism that is treated is the medium access mechanism, to hold a shared and unreliable medium, all the heavy of this issue goes to the distributed coordination function DCF.</p><p>In this moment there is an emergent technology, WIMAX or standard IEEE 802.16, like the standard 802.11 is a wireless communication protocol. Some comparison between the MAC layer mechanisms would be realized between these two standards</p>

MAC

802.11

Ad-hoc networks

Access control

Coordination Functions

Initiation

Scanning

Synchronization

Electronics

Elektronik

Optimizing the advanced encryption standard on Intel's SIMD architecture

Godbole, Pankaj

15 January 2004

The Advanced Encryption Standard (AES) is the new standard for cryptography and has gained wide support as a means to secure digital data. Hence, it is beneficial to develop an implementation of AES that has a high throughput. SIMD technology is very effective in increasing the performance of some cryptographic applications. This thesis describes an optimized implementation of the AES in software based on Intel's SIMD architecture. Our results show that our technique yields a significant increase in the performance and thereby the throughput of AES. They also demonstrate that AES is a good candidate for optimization using our approach. / Graduation date: 2004

Data encryption (Computer science)

Computer security -- Standards

Computer architecture

Computers -- Access control

AMMP-EXTN: A User Privacy and Collaboration Control Framework for a Multi-User Collaboratory Virtual Reality System

Ma, Wenjun

01 October 2007

In this thesis, we propose a new design of privacy and session control for improving a collaborative molecular modeling CVR system AMMP-VIS [1]. The design mainly addresses the issue of competing user interests and privacy protection coordination. Based on our investigation of AMMP-VIS, we propose a four-level access control structure for collaborative sessions and dynamic action priority specification for manipulations on shared molecular models. Our design allows a single user to participate in multiple simultaneous sessions. Moreover, a messaging system with text chatting and system broadcasting functionality is included. A 2D user interface [2] for easy command invocation is developed in Python. Two other key aspects of system implementation, the collaboration Central deployment and the 2D GUI for control are also discussed. Finally, we describe our system evaluation plan which is based on an improved cognitive walkthrough and heuristic evaluation as well as statistical usage data.

Privacy protection

Access control

Collaborative Virtual Environment

CVE survey

System evaluation

GUI

Molecular modeling

Computer Sciences

Seguridad en redes de computación ubicua: contribución a la validación de credenciales

Hinarejos Campos, M. Francisca

30 June 2010

Technology progress in both user devices and networks allows communications anytime and anywhere. New communication environments offer a wide range of possibilities to users, but also generate new threats. For this reason, it is necessary to establish measures to find out who is establishing a communication and what actions is authorized to do. Currently proposed solutions in the literature are not completely adapted to the new features such as user mobility, network disconnections and constraints of devices and networks. Many of the existing proposals have focused in providing specific solutions to particular scenarios, but they do not consider a global heterogeneous scenario. Therefore, it is necessary to design security mechanisms able to adapt themselves to new scenarios. In this sense, digital certificates are a standardized and widely used solution. Digital certificates enable performing user authentication and authorization in a distributed way. The problem is that ubiquitous environments complicate the process of digital certificates validation. This complexity could result in a service being not accessible. The goal of this thesis is to contribute in making ubiquitous scenarios more secure. More specifically, the work proposes solutions for reducing the credential validation cost and for improving the availability of authentication and authorization services. In first place, we propose a solution for credential validation that works properly in environments with connection to on-line servers and also in environments where the connection to servers is sometimes not possible. In second place, we propose a cascade revocation system where the delegation is partially centralized. Delegation provides high flexibility to authorization systems, but adds complexity to the system. Our proposal reduces the burden on the verifier-side. In third place, we propose a revocation system for delegation chains based on prefix codes. This proposal deals with the problem of centralization of the previous proposal. In particular, the decentralized solution presented keeps the load reduction achieved in the partially centralized proposal, and also enables dynamic delegation and distribution of revocation data. While the user is connected, revocation data distribution can be done with a certificate revocation list. However, in scenarios where the connection can be lost temporally, this might not be possible. To address this issue, we have proposed a system in which users can perform the functions of revocation servers without being trusted entities. This will allow increasing the availability of validation service, and reduce resource consumption. Each proposal has been analyzed and compared with existing solutions to verify the improvements achieved. / El avance tecnológico tanto de los dispositivos de usuario como de las redes permite que se puedan establecer comunicaciones en cualquier momento y en cualquier lugar. Si bien estos entornos ofrecen un gran abanico de posibilidades a los usuarios, también es cierto que generan nuevas amenazas. Por este motivo, son necesarias medidas que permitan saber con quién se está estableciendo la comunicación y qué acciones se pueden autorizar. Las soluciones propuestas en la literatura no se adaptan completamente a las nuevas características de movilidad, desconexión y limitaciones tanto de los dispositivos como de las redes. De hecho, muchas de las propuestas existentes se han centrado en ofrecer soluciones concretas a escenarios particulares, sin tener en cuenta que el usuario puede entrar a formar parte de entornos heterogéneos. Por lo tanto, se hace necesario diseñar mecanismos de seguridad que conviviendo con los estándares vigentes, se adapten a los nuevos escenarios. En este sentido, los certificados digitales son una solución estandarizada y ampliamente extendida. Los certificados digitales permiten llevar a cabo tanto la autenticación como la autorización de un usuario de forma distribuida. Sin embargo, las características de los entornos ubicuos complican el proceso de validación de certificados. Esta complejidad podría llevar a que no se puediera acceder a los servicios. El objetivo de esta tesis es contribuir a aumentar la seguridad en entornos ubicuos. Más concretamente, se proporcionan soluciones para reducir la carga en la validación de credenciales y aumentar la disponibilidad de los servicios de autenticación y autorización. En primer lugar se propone un sistema de verificación de credenciales que se adapta para funcionar tanto en entornos con conexión a servidores on-line, como en sistemas off-line. Por otra parte, el proceso de delegación en sistemas de autorización, aporta una gran flexibilidad a estos entornos, pero a su vez añade complejidad al sistema. Para reducir esta carga sobre el verificador se propone un sistema de revocación en cascada con delegación centralizada. Sin embargo, esta centralización del servicio limita la escalabilidad y flexibilidad de la solución. Para dar solución a ese inconveniente, se ha propuesto un sistema de revocación en cadenas de delegación basado en códigos prefijo. Esta solución permite mantener la reducción de la carga en la validación lograda en la propuesta centralizada, y además, hace posible la delegación dinámica y la distribución de la información de revocación. Esta distribución puede realizarse a través de listas de revocación de credenciales. En redes con desconexión temporal esta información podría no estar accesible. Para solventarlo, se ha propuesto un sistema en el que los usuarios pueden realizar las funciones de servidores de revocación sin ser entidades de confianza. De esta forma se permite aumentar la disponibilidad del servicio de validación, y reducir el consumo de los recursos. Cada una de las propuestas realizadas se ha analizado para verificar las mejoras proporcionadas frente a las soluciones existentes. Para ello, se han evaluado de forma analítica, por simulación y/o implementación en función de cada caso. Los resultados del análisis verifican el funcionamiento esperado y muestran las mejoras de las propuestas frente a las soluciones existentes.

PKI

PMI

Certificate validation

Wireless security

Access control

Delegation

Mobile segurity

004

621.3

Distributed Medium Access Control for QoS Support in Wireless Networks

Wang, Ping

28 April 2008

With the rapid growth of multimedia applications and the advances of wireless communication technologies, quality-of-service (QoS) provisioning for multimedia services in heterogeneous wireless networks has been an important issue and drawn much attention from both academia and industry. Due to the hostile transmission environment and limited radio resources, QoS provisioning in wireless networks is much more complex and difficult than in its wired counterpart. Moreover, due to the lack of central controller in the networks, distributed network control is required, adding complexity to QoS provisioning. In this thesis, medium access control (MAC) with QoS provisioning is investigated for both single- and multi-hop wireless networks including wireless local area networks (WLANs), wireless ad hoc networks, and wireless mesh networks. Originally designed for high-rate data traffic, a WLAN has limited capability to support delay-sensitive voice traffic, and the service for voice traffic may be impacted by data traffic load, resulting in delay violation or large delay variance. Aiming at addressing these limitations, we propose an efficient MAC scheme and a call admission control algorithm to provide guaranteed QoS for voice traffic and, at the same time, increase the voice capacity significantly compared with the current WLAN standard. In addition to supporting voice traffic, providing better services for data traffic in WLANs is another focus of our research. In the current WLANs, all the data traffic receives the same best-effort service, and it is difficult to provide further service differentiation for data traffic based on some specific requirements of customers or network service providers. In order to address this problem, we propose a novel token-based scheduling scheme, which provides great flexibility and facility to the network service provider for service class management. As a WLAN has small coverage and cannot meet the growing demand for wireless service requiring communications ``at anywhere and at anytime", a large scale multi-hop wireless network (e.g., wireless ad hoc networks and wireless mesh networks) becomes a necessity. Due to the location-dependent contentions, a number of problems (e.g., hidden/exposed terminal problem, unfairness, and priority reversal problem) appear in a multi-hop wireless environment, posing more challenges for QoS provisioning. To address these challenges, we propose a novel busy-tone based distributed MAC scheme for wireless ad hoc networks, and a collision-free MAC scheme for wireless mesh networks, respectively, taking the different network characteristics into consideration. The proposed schemes enhance the QoS provisioning capability to real-time traffic and, at the same time, significantly improve the system throughput and fairness performance for data traffic, as compared with the most popular IEEE 802.11 MAC scheme.

medium access control

quality-of-service

wireless networks

distributed control

Electrical and Computer Engineering

Design, Modeling, and Analysis for MAC Protocols in Ultra-wideband Networks

Liu, Kuang-Hao

January 2008

Ultra-wideband (UWB) is an appealing transmission technology for short-range, bandwidth demanded wireless communications. With the data rate of several hundred megabits per second, UWB demonstrates great potential in supporting multimedia streams such as high-definition television (HDTV), voice over Internet Protocol (VoIP), and console gaming in office or home networks, known as the wireless personal area network (WPAN). While vast research effort has been made on the physical layer issues of UWB, the corresponding medium access control (MAC) protocols that exploit UWB technology have not been well developed. Given an extremely wide bandwidth of UWB, a fundamental problem on how to manage multiple users to efficiently utilize the bandwidth is a MAC design issue. Without explicitly considering the physical properties of UWB, existing MAC protocols are not optimized for UWB-based networks. In addition, the limited processing capability of UWB devices poses challenges to the design of low-complexity MAC protocols. In this thesis, we comprehensively investigate the MAC protocols for UWB networks. The objective is to link the physical characteristics of UWB with the MAC protocols to fully exploit its advantage. We consider two themes: centralized and distributed UWB networks. For centralized networks, the most critical issue surrounding the MAC protocol is the resource allocation with fairness and quality of service (QoS) provisioning. We address this issue by breaking down into two scenarios: homogeneous and heterogeneous network configurations. In the homogeneous case, users have the same bandwidth requirement, and the objective of resource allocation is to maximize the network throughput. In the heterogeneous case, users have different bandwidth requirements, and the objective of resource allocation is to provide differentiated services. For both design objectives, the optimal scheduling problem is NP-hard. Our contributions lie in the development of low-complexity scheduling algorithms that fully exploit the characteristics of UWB. For distributed networks, the MAC becomes node-based problems, rather than link-based problems as in centralized networks. Each node either contends for channel access or reserves transmission opportunity through negotiation. We investigate two representative protocols that have been adopted in the WiMedia specification for future UWB-based WPANs. One is a contention-based protocol called prioritized channel access (PCA), which employs the same mechanisms as the enhanced distributed channel access (EDCA) in IEEE 802.11e for providing differentiated services. The other is a reservation-based protocol called distributed reservation protocol (DRP), which allows time slots to be reserved in a distributed manner. Our goal is to identify the capabilities of these two protocols in supporting multimedia applications for UWB networks. To achieve this, we develop analytical models and conduct detailed analysis for respective protocols. The proposed analytical models have several merits. They are accurate and provide close-form expressions with low computational effort. Through a cross-layer approach, our analytical models can capture the near-realistic protocol behaviors, thus useful insights into the protocol can be obtained to improve or fine-tune the protocol operations. The proposed models can also be readily extended to incorporate more sophisticated considerations, which should benefit future UWB network design.

ultra wideband

uwb

medium access control

mac

wireless networks

Electrical and Computer Engineering