Privacy Preserving Network Security Data Analytics

DeYoung, Mark E.

24 April 2018

The problem of revealing accurate statistics about a population while maintaining privacy of individuals is extensively studied in several related disciplines. Statisticians, information security experts, and computational theory researchers, to name a few, have produced extensive bodies of work regarding privacy preservation. Still the need to improve our ability to control the dissemination of potentially private information is driven home by an incessant rhythm of data breaches, data leaks, and privacy exposure. History has shown that both public and private sector organizations are not immune to loss of control over data due to lax handling, incidental leakage, or adversarial breaches. Prudent organizations should consider the sensitive nature of network security data and network operations performance data recorded as logged events. These logged events often contain data elements that are directly correlated with sensitive information about people and their activities -- often at the same level of detail as sensor data. Privacy preserving data publication has the potential to support reproducibility and exploration of new analytic techniques for network security. Providing sanitized data sets de-couples privacy protection efforts from analytic research. De-coupling privacy protections from analytical capabilities enables specialists to tease out the information and knowledge hidden in high dimensional data, while, at the same time, providing some degree of assurance that people's private information is not exposed unnecessarily. In this research we propose methods that support a risk based approach to privacy preserving data publication for network security data. Our main research objective is the design and implementation of technical methods to support the appropriate release of network security data so it can be utilized to develop new analytic methods in an ethical manner. Our intent is to produce a database which holds network security data representative of a contextualized network and people's interaction with the network mid-points and end-points without the problems of identifiability. / Ph. D.

Privacy

Data Analytics

Network Security

Security risk prioritization for logical attack graphs

Almohri, Hussain

January 1900

Master of Science / Department of Computing and Information Sciences / William H. Hsu / Xinming (Simon) Ou / To prevent large networks from potential security threats, network administrators need to know in advance what components of their networks are under high security risk. One way to obtain this knowledge is via attack graphs. Various types of attack graphs based on miscellaneous techniques has been proposed. However, attack graphs can only make assertion about different paths that an attacker can take to compromise the network. This information is just half the solution in securing a particular network. Network administrators need to analyze an attack graph to be able to identify the associated risk. Provided that attack graphs can get very large in size, it would be very difficult for them to perform the task. In this thesis, I provide a security risk prioritization algorithm to rank logical attack graphs produced by MulVAL (A vulnerability analysis system) . My proposed method (called StepRank) is based on a previously published algorithm called AssetRank that generalizes over Google's PageRank algorithm. StepRank considers a forward attack graph that is a reversed version of the original MulVAL attack graph used by AssetRank. The result of the ranking algorithm is a rank value for each node that is relative to every other rank value and shows how difficult it is for an attacker to satisfy a node.

Computer Security

Network Security

Computer Science (0984)

A host-based security assessment architecture for effective leveraging of shared knowledge

Rakshit, Abhishek

January 1900

Master of Science / Department of Computing and Information Sciences / Xinming (Simon) Ou / Security scanning performed on computer systems is an important step to identify and assess potential vulnerabilities in an enterprise network, before they are exploited by malicious intruders. An effective vulnerability assessment architecture should assimilate knowledge from multiple security knowledge sources to discover all the security problems present on a host. Legitimate concerns arise since host-based security scanners typically need to run at administrative privileges, and takes input from external knowledge sources for the analysis. Intentionally or otherwise, ill-formed input may compromise the scanner and the whole system if the scanner is susceptible to, or carries one or more vulnerability itself. It is not easy to incorporate new security analysis tools and/or various security knowlege- bases in the conventional approach, since this would entail installing new agents on every host in the enterprise network. This report presents an architecture where a host-based security scanner's code base can be minimized to an extent where its correctness can be verified by adequate vetting. At the same time, the architecture also allows for leveraging third-party security knowledge more efficiently and makes it easier to incorporate new security tools. In our work, we implemented the scanning architecture in the context of an enterprise-level security analyzer. The analyzer finds security vulnerabilities present on a host according to the third-party security knowledge specified in Open Vulnerability Assessment Language(OVAL). We empirically show that the proposed architecture is potent in its ability to comprehensively leverage third-party security knowledge, and is flexible to support various higher-level security analysis.

Vulnerability analysis

Network security

Computer Science (0984)

Proposed iNET Network Security Architecture

Dukes, Renata

10 1900

ITC/USA 2009 Conference Proceedings / The Forty-Fifth Annual International Telemetering Conference and Technical Exhibition / October 26-29, 2009 / Riviera Hotel & Convention Center, Las Vegas, Nevada / Morgan State University's iNET effort is aimed at improving existing telemetry networks by developing more efficient operation and cost effectiveness. This paper develops an enhanced security architecture for the iNET environment in order to protect the network from both inside and outside adversaries. This proposed architecture addresses the key security components of confidentiality, integrity and authentication. The security design for iNET is complicated by the unique features of the telemetry application. The addition of encryption is complicated by the need for robust synchronization needed for real time operation in a high error environment.

iNET

Authentication

Confidentiality

Integrity

Network Security Architecture

Requirements for a secure and efficientAuthentication System for a large organizationJuan Carlos

Crespo, Juan Carlos

January 2010

<p>In this thesis, a full review on what are the minimum requirements needed to perform an Authentication System is explained. While building the system we have in consideration the users of it, the security needed for each of the resources that must be accessed by the users and what methods can be applied to access to these resources.</p><p>In basics, an Authentication System is built when we need to keep track to who is entering on an organization, the bigger the organization is and the more information must be keep  safe the more complex the system will be.</p><p>Although there are other methods, I tried to keep it easy and understandable for all the possible readers. With this, the reader will understand the basics that he need to keep in mind when implementing such a system like this. The organization in mind for the system is a University that consist between twenty two thousand (22.000) and twenty five thousand (25.000) users.</p>

Authentication

Authorization

Accounting

AAA

Identification

Network Security

A new approach to dynamic internet risk analysis

18 August 2009

D.Econ.

Internet security measures

Computer network security measures

Parameter assignment for improved connectivity and security in randomly deployed wireless sensor networks via hybrid omni/uni-directional antennas

Shankar, Sonu

15 May 2009

Conguring a network system to operate at optimal levels of performance re-quires a comprehensive understanding of the eects of a variety of system parameterson crucial metrics like connectivity and resilience to network attacks. Traditionally,omni-directional antennas have been used for communication in wireless sensor net-works. In this thesis, a hybrid communication model is presented where-in, nodes ina network are capable of both omni-directional and uni-directional communication.The eect of such a model on performance in randomly deployed wireless sensor net-works is studied, specically looking at the eect of a variety of network parameterson network performance.The work in this thesis demonstrates that, when the hybrid communication modelis employed, the probability of 100% connectivity improves by almost 90% and thatof k-connectivity improves by almost 80% even at low node densities when comparedto the traditional omni-directional model. In terms of network security, it was foundthat the hybrid approach improves network resilience to the collision attack by almost85% and the cost of launching a successful network partition attack was increased byas high as 600%. The gains in connectivity and resilience were found to improve withincreasing node densities and decreasing antenna beamwidths.

Wireless Sensor Networks

Network Security

Network Connectivity

Requirements for a secure and efficientAuthentication System for a large organizationJuan Carlos

Crespo, Juan Carlos

January 2010

In this thesis, a full review on what are the minimum requirements needed to perform an Authentication System is explained. While building the system we have in consideration the users of it, the security needed for each of the resources that must be accessed by the users and what methods can be applied to access to these resources. In basics, an Authentication System is built when we need to keep track to who is entering on an organization, the bigger the organization is and the more information must be keep  safe the more complex the system will be. Although there are other methods, I tried to keep it easy and understandable for all the possible readers. With this, the reader will understand the basics that he need to keep in mind when implementing such a system like this. The organization in mind for the system is a University that consist between twenty two thousand (22.000) and twenty five thousand (25.000) users.

Authentication

Authorization

Accounting

AAA

Identification

Network Security

Parameter assignment for improved connectivity and security in randomly deployed wireless sensor networks via hybrid omni/uni-directional antennas

Shankar, Sonu

15 May 2009

Conguring a network system to operate at optimal levels of performance re-quires a comprehensive understanding of the eects of a variety of system parameterson crucial metrics like connectivity and resilience to network attacks. Traditionally,omni-directional antennas have been used for communication in wireless sensor net-works. In this thesis, a hybrid communication model is presented where-in, nodes ina network are capable of both omni-directional and uni-directional communication.The eect of such a model on performance in randomly deployed wireless sensor net-works is studied, specically looking at the eect of a variety of network parameterson network performance.The work in this thesis demonstrates that, when the hybrid communication modelis employed, the probability of 100% connectivity improves by almost 90% and thatof k-connectivity improves by almost 80% even at low node densities when comparedto the traditional omni-directional model. In terms of network security, it was foundthat the hybrid approach improves network resilience to the collision attack by almost85% and the cost of launching a successful network partition attack was increased byas high as 600%. The gains in connectivity and resilience were found to improve withincreasing node densities and decreasing antenna beamwidths.

Wireless Sensor Networks

Network Security

Network Connectivity

Localization for Vulnerability Scanner

Lai, Kun-Ye

15 July 2004

With the popularization of Internet, and the vulnerabilities found continuously, network hosts meet more and more risks of being attacked. If we don¡¦t secure them well, they will become the targets of the hackers. In addition to the protection of firewalls, vulnerability scanners can also help us to find out the weekness of our network hosts. Nessus is an open source freeware which has the capability of vulnerability assessment. Nessus has very powerful scanning ability and is very easy to use. Nessus provides detailed result reports from the messages in the plugins. However, like many other freeware and software, Nessus is an English software. For this reason, Nessus provides English result reports. For those who do not use English as their first language, it costs a lot of time to read a lot of English result reports. In this research, we develop a localizational system of the Nessus scanner and provide the result reports in users¡¦ local language. We develop an automatic mechanism to extract the messages and infomations in the plugins, and put them into the vulnerability databases. We also develop two subsystems, one of them makes translators translates the message in the vulnerability database into their local language, and the other replaces the English result with those translated messages. This research proposes the design above and actually implements a localizational system of the Nessus scanner. It attempts to reduce the time and labor consumption while translating, automate the update process of vulnerability database, and avoid the modification of source code as possible.

Localization

Vulnerability Scanner

Vulnerability Database

Network Security