PortableVN: A Generic Mobile Application for Security Testbeds

Pujari, Medha Rani

06 September 2019

No description available.

Computer Science

Dynamic Shifting of Virtual Network Topologies for Network Attack Prevention

Avidan, Lenoy

01 May 2019

Computer networks were not designed with security in mind, making research into the subject of network security vital. Virtual Networks are similar to computer networks, except the components of a Virtual Network are in software rather than hardware. With the constant threat of attacks on networks, security is always a big concern, and Virtual Networks are no different. Virtual Networks have many potential attack vectors similar to physical networks, making research into Virtual Network security of great importance. Virtual Networks, since they are composed of virtualized network components, have the ability to dynamically change topologies. In this paper, we explore Virtual Networks and their ability to quickly shift their network topology. We investigate the potential use of this flexibility to protect network resources and defend against malicious activities. To show the ability of reactively shifting a Virtual Network’s topology to se- cure a network, we create a set of four experiments, each with a different dynamic topology shift, or “dynamic defense”. These four groups of experiments are called the Server Protection, Isolated Subnet, Distributed Port Group, and Standard Port Group experiments. The Server Protection experiments involve detecting an attack against a server and shifting the server behind a protected subnet. The other three sets of experiments, called Attacker Prevention experiments, involve detecting a malicious node in the internal network and initiating a dynamic de- fense to move the attacker behind a protected subnet. Each Attacker Prevention experiment utilizes a different dynamic defense to prevent the malicious node from attacking the rest of the Virtual Network. For each experiment, we run 6 different network attacks to validate the effectiveness of the dynamic defenses. The network attacks utilized for each experiment are ICMP Flooding, TCP Syn Flooding, Smurf attack, ARP Spoofing, DNS Spoofing, and NMAP Scanning. Our validation shows that our dynamic defenses, outside of the standard port group, are very effective in stopping each attack, consistently lowering the at- tacks’ success rate significantly. The Standard Port Group was the one dynamic defense that is ineffective, though there are also a couple of experiments that could benefit from being run with more attackers and with different situations to fully understand the effectiveness of the defenses. We believe that, as Virtual Networks become more common and utilized outside of data centers, the ability to dynamically shift topology can be used for network security purposes.

Virtual Networks

Network Security

OS and Networks

Software Engineering

Machine Learning-Based Decision Support to Secure Internet of Things Sensing

Chen, Zhiyan

07 December 2023

Internet of Things (IoT) has weaknesses due to the vulnerabilities in the wireless medium and massively interconnected nodes that form an extensive attack surface for adversaries. It is essential to ensure security including IoT networks and applications. The thesis focus on three streams in IoT scenario, including fake task attack detection in Mobile Crowdsensing (MCS), blockchain technique-integrated system security and privacy protection in MCS, and network intrusion detection in IoT. In this thesis, to begin, in order to detect fake tasks in MCS with promising performance, a detailed analysis is provided by modeling a deep belief network (DBN) when the available sensory data is scarce for analysis. With oversampling to cope with the class imbalance challenge, a Principal Component Analysis (PCA) module is implemented prior to the DBN and weights of various features of sensing tasks are analyzed under varying inputs. Additionally, an ensemble learning-based solution is proposed for MCS platforms to mitigate illegitimate tasks. Meanwhile, a k-means-based classification is integrated with the proposed ensemble method to extract region-specific features as input to the machine learning-based fake task detection. A novel approach that is based on horizontal Federated Learning (FL) is proposed to identify fake tasks that contain a number of independent detection devices and an aggregation entity. Moreover, the submitted tasks are collected and managed conventionally by a centralized MCS platform. A centralized MCS platform is not safe enough to protect and prevent tampering sensing tasks since it confronts the single point of failure which reduces the effectiveness and robustness of MCS system. In order to address the centralized issue and identify fake tasks, a blockchain-based decentralized MCS is designed. Integration of blockchain into MCS enables a decentralized framework. The distributed nature of a blockchain chain prevents sensing tasks from being tampered. The blockchain network uses a Practical Byzantine Fault Tolerance (PBFT) consensus that can tolerate 1/3 faulty nodes, making the implemented MCS system robust and sturdy. Lastly, Machine Learning (ML)-based frameworks are widely investigated to identity attacks in IoT networks, namely Network Intrusion Detection System (NIDS). ML models perform divergent detection performance in each class, so it is challenging to select one ML model applicable to all classes prediction. With this in mind, an innovative ensemble learning framework is proposed, two ensemble learning approaches, including All Predict Wisest Decides (APWD) and Predictor Of the Lowest Cost (POLC), are proposed based on the training of numerous ML models. According to the individual model outcomes, a wise model performing the best detection performance (e.g., F1 score) or contributing the lowest cost is determined. Moreover, an innovated ML-based framework is introduced, combining NIDS and host-based intrusion detection system (HIDS). The presented framework eliminates NIDS restrictions via observing the entire traffic information in host resources (e.g., logs, files, folders).

Machine learning

Network security

Internet of things

Intrusion detection

A SYSTEMATIC FRAMEWORK FOR ANALYZING THE SECURITY AND PRIVACY OF WIRELESS COMMUNICATION PROTOCOL IMPLEMENTATIONS

Imtiaz Karim (14827771)

24 March 2023

<p> Wireless communication technologies, such as cellular ones, Bluetooth, and WiFi, are fundamental for today’s and tomorrow’s communication infrastructure. Networks based on those technologies are or will be increasingly deployed in many critical domains, such as critical infrastructures, smart cities, healthcare, and industrial environments. Protecting wireless networks against attacks and privacy breaches is thus critical. A fundamental step for the security and privacy of these networks is ensuring that their protocols are implemented as mandated by the standards. These protocols are however quite complex and unfortunately, the lack of secure-by-design approaches for these complex protocols often induces vulnerabilities in implementations with severe security and privacy repercussions. For these protocols, the standards are thousands of pages long, written in natural language, describe the high-level interaction of the protocol entities, and most often depend on human interpretation—which is open to misunderstanding and ambiguity. This inherently entails the question of whether these wireless protocols and their communication equipment implement the corresponding standards correctly or whether the implementations introduce vulnerabilities that can have severe consequences.</p>

System and network security

Communication protocols

4G

5G

Bluetooth Low Energy

An Approach To Graph-Based Modeling Of Network Exploitations

Li, Wei

10 December 2005

Computer security professionals and researchers are investigating proactive techniques for studying network-based attack behavior. Attack modeling is one of these research areas. In this dissertation, we address a novel attack modeling technique called an exploitation graph (e-graph) for representing attack scenarios. The key assumption in this research is that we can use exploitation graphs to represent attack scenarios, and methods involving e-graphs can be applied to provide vulnerability mitigation strategies. The modeling process consists of three primary steps. The first step is the creation of a knowledge base of vulnerability graphs (v-graphs) from known system vulnerabilities. Each v-graph shows necessary preconditions in order to make the vulnerability exploitable, and post-conditions that denote effects after a successful exploitation. A template is used to facilitate the definition of preconditions and post-conditions. The second step involves the association of multiple v-graphs to create an e-graph specific to a system being modeled. Network topology information and security policies (e.g., firewall rules) are encoded during the modeling process. A set of experiments were designed to test the modeling approach in a cluster computing environment consisting of one server node and eight internal computing nodes. Experimental results showed that e-graphs can be used to evaluate vulnerability mitigation solutions, e.g., identifying critical vulnerabilities and evaluating firewall policies. The third step of this process focuses on devising graph-simplification techniques for large e-graphs. Efficient graph-simplification techniques are described based on host and exploitation similarity. The most distinctive feature of these techniques is that, they help to simplify the most complex graph-generation process and do not require excessive memory storage. Experimental results showed that these techniques can not only reduce the size of e-graphs substantially, but also preserve most information needed for useful attack scenario analysis. The usefulness of the e-graph approach is shown in this dissertation. As a general approach for system administrators, the proposed techniques can be used in, but is not limited to, the cluster-computing environment in providing proactive Vulnerability Assessment (VA) strategies.

exploitation graph

e-graph

vulnerability assessment

network security

computer security

AN INTEGRATED SECURITY SCHEME WITH RESOURCE-AWARENESS FOR WIRELESS AD HOC NETWORKS

DENG, HONGMEI

07 October 2004

No description available.

wireless Ad Hoc Network

Network Security

Intrusion Detection

Evaluation and Application of Bloom Filters in Computer Network Security

Agbeko, Joseph D.K.M.A

19 October 2009

No description available.

Computer Science

Bloom filters

computer network security

space efficient

protocol

Probabilistic Model for Detecting Network Traffic Anomalies

Yellapragada, Ramani

30 June 2004

No description available.

Computer Science

Network Security

Intrusion Detection

Anomaly Detection

Time-based Approach to Intrusion Detection using Multiple Self-Organizing Maps

Sawant, Ankush

21 April 2005

No description available.

Network Security

Intrusion Detection

Self-Organizing Maps

Anomaly Detection

Adaptation in Reputation Management Systems for Ad hoc Networks

Refaei, Mohamed Tamer

09 May 2007

An ad hoc network adopts a decentralized unstructured networking model that depends on node cooperation for key network functionalities such as routing and medium access. The significance of node cooperation in ad hoc networks makes network survival particularly sensitive to insider node behavior. The presence of selfish or malicious nodes in an ad hoc network could greatly degrade the network performance and might even result in a total communication breakdown. Consequently, it is important for both security and performance reasons to discourage, expose, and react to such damaging misbehavior. Reputation management systems have been proposed to mitigate against such misbehavior in ad hoc networks. The functions of a reputation management system are to evaluate nodes' quality of behavior based on their cooperation (evaluation), distinguish between well-behaved and misbehaving nodes (detection), and appropriately react to misbehaving nodes (reaction). A significant number of reputation management systems have been proposed for ad hoc networks to date. However, there has been no attempt to consolidate all current research into a formal framework for reputation management systems. The lack of a formal framework is a potential weakness of the research field. For example, a formal comparison of proposed reputation management systems has remained difficult, mainly due to the lack of a formal framework upon which the comparison could be based. There is also a lack of formal metrics that could be used for quantitative evaluation and comparison of reputation management systems. Another major shortcoming in this research field is the assumption that the functions of reputation management (evaluation, detection, and reaction) are carried out homogeneously across time and space at different nodes. The dynamic nature of ad hoc networks causes node behavior to vary spatially and temporally due to changes in the local and network-wide conditions. Reputation management functions do not adapt to such changes, which may impact the system accuracy and promptness. We herein recognize an adaptive reputation management system as one where nodes carry out the reputation management functions heterogeneously across time and space according to the instantaneous perception of each of its surrounding network conditions. In this work, we address the above concerns. We develop a formal framework for reputation management systems upon which design, evaluation, and comparison of reputation management systems can be based. We define and discuss the different components of the framework and the interactions among them. We also define formal metrics for evaluation of reputation management systems. The metrics assess both, the effectiveness (security issues) of a reputation management system in detecting misbehavior and limiting its negative impact on the network, and its efficiency (performance issues) in terms of false positives and overhead exerted by the reputation management system on the network. We also develop ARMS, an autonomous reputation management system, based on the formal framework. The theoretical foundation of ARMS is based on the theory of Sequential Probability Ratio Test introduced by Wald. In ARMS, nodes independently and without cooperation manage their reputation management system functions. We then use ARMS to investigate adaptation in reputation management systems. We discuss some of the characteristics of an adaptive reputation management system such as sensitivity, adaptability, accuracy, and promptness. We consider how the choice of evaluation metric, typically employed by the evaluation function for assessment of node behavior, may impact the sensitivity and accuracy of node behavior evaluation. We evaluate the sensitivity and accuracy of node behavior evaluation using a number of metrics from the network and medium access layer. We then introduce a time-slotted approach to enhance the sensitivity of the evaluation function and show how the duration of an evaluation slot can adapt according to the network activity to enhance the system accuracy and promptness. We also show how the detection function can adapt to the network conditions by using the node's own behavior as a benchmark to set its detection parameters. To the best of our knowledge, this is the first work to explore the adaptation of the reputation management functions in ad hoc networks. / Ph. D.

reputation management

ad hoc network security

node misbehavior