Global ETD Search

141	A Faster Intrusion Detection Method For High-speed Computer Networks Tarim, Mehmet Cem 01 May 2011 (has links) (PDF) The malicious intrusions to computer systems result in the loss of money, time and hidden information which require deployment of intrusion detection systems. Existing intrusion detection methods analyze packet payload to search for certain strings and to match them with a rule database which takes a long time in large size packets. Because of buffer limits, packets may be dropped or the system may stop working due to high CPU load. In this thesis, we investigate signature based intrusion detection with signatures that only depend on the packet header information without payload inspection. To this end, we analyze the well-known DARPA 1998 dataset to manually extract such signatures and construct a new rule set to detect the intrusions. We implement our rule set in a popular intrusion detection software tool, Snort. Furthermore we enhance our rule set with the existing rules of Snort which do not depend on payload inspection. We test our rule set on DARPA data set as well as a new data set that we collect using attack generator tools. Our results show around 30% decrease in detection time with a tolerable decrease in the detection rate. We believe that our method can be used as a complementary component to speed up intrusion detection systems.
142	The design and implementation of security and networking co-processors for high performance SoC applications Chung, Kuo-huang 23 January 2003 (has links) With the development of Internet, there are more and more applications around us are connected tightly with it. Security of network is important. This thesis will follow OSI 7-layers architecture, which defined by ISO, to propose several hardware improvement approaches of network security. In data-link layer, we improve performance of CRC calculation with parallel CRC calculation, such that a 32-bit data can be finished using CRC calculation in one cycle. In network layer and transport layer, bit-oriented instruction set has good performance for processing packet header. In application, we implement DES and AES algorithm in hardware. We integrate all hardware module with ARM7TDMI coprocessor¡¦s interface. Finally, we download integrated circuit into Xilinx XCV2000E chip to observe its demo to verify it. Symmetric Cryptosystem Coprocessor Data Encryption Standard Advanced Encryption Standard Network Security
143	Network Security Analysis and Summary in Taiwan Fang, Jia-Ching 30 July 2003 (has links) With the increasing reliance on the Internet and computers, threats also increase. More and more foundations, companies and tools of computer network security emerge to defense the Internet. To prevent the attacks form crackers, plenty of resources about network security were developed on the Internet and people can get the resource they want as long as they know where the professional network security information is. But from another point of view, too much information would become a great burden to general users on the Internet, because they have no idea what information is the most important. This make them confuse, and the only thing they can do is do nothing. They need summarized security information and the advise for his own system and services, instead of all system security information. In this research, we integrate the systems in TWCERT/CC and discover the most helpful information to those who access the Internet in Taiwan, such as, the most threatened vulnerabilities in Taiwan. The information is like the SANS TOP 20. The unity of the entire system in TWCERT/CC could give administrators more specific and summarized information and their prior job is to fix the most vulnerable holes according to the information offered. Key words: network security, critical Internet security vulnerabilities, incident report, SAS, Security Auditing System, TWCERT/CC network security Security Auditing System incident report SAS TWCERT/CC
144	Effective and scalable botnet detection in network traffic Zhang, Junjie 03 July 2012 (has links) Botnets represent one of the most serious threats against Internet security since they serve as platforms that are responsible for the vast majority of large-scale and coordinated cyber attacks, such as distributed denial of service, spamming, and information stolen. Detecting botnets is therefore of great importance and a number of network-based botnet detection systems have been proposed. However, as botnets perform attacks in an increasingly stealthy way and the volume of network traffic is rapidly growing, existing botnet detection systems are faced with significant challenges in terms of effectiveness and scalability. The objective of this dissertation is to build novel network-based solutions that can boost both the effectiveness of existing botnet detection systems by detecting botnets whose attacks are very hard to be observed in network traffic, and their scalability by adaptively sampling network packets that are likely to be generated by botnets. To be specific, this dissertation describes three unique contributions. First, we built a new system to detect drive-by download attacks, which represent one of the most significant and popular methods for botnet infection. The goal of our system is to boost the effectiveness of existing drive-by download detection systems by detecting a large number of drive-by download attacks that are missed by these existing detection efforts. Second, we built a new system to detect botnets with peer-to-peer (P2P) command&control (C&C) structures (i.e., P2P botnets), where P2P C&Cs represent currently the most robust C&C structures against disruption efforts. Our system aims to boost the effectiveness of existing P2P botnet detection by detecting P2P botnets in two challenging scenarios: i) botnets perform stealthy attacks that are extremely hard to be observed in the network traffic; ii) bot-infected hosts are also running legitimate P2P applications (e.g., Bittorrent and Skype). Finally, we built a novel traffic analysis framework to boost the scalability of existing botnet detection systems. Our framework can effectively and efficiently identify a small percentage of hosts that are likely to be bots, and then forward network traffic associated with these hosts to existing detection systems for fine-grained analysis, thereby boosting the scalability of existing detection systems. Our traffic analysis framework includes a novel botnet-aware and adaptive packet sampling algorithm, and a scalable flow-correlation technique. Intrusion detection Network security Botnet Computer networks Security measures Internet Internet governance
145	Key Management in Ad Hoc Networks / Nyckelhantering i Ad Hoc Nät Fokine, Klas January 2002 (has links) <p>This thesis covers the issue of securing ad hoc networks. Such networks exhibit a number of characteristics that make such a task challenging. One of the major challenges is that ad hoc networks typically lack a fixed infrastructure both in form of physical infrastructure such as routers, servers and stable communication links and in the form of an organizational or administrative infrastructure. Another difficulty lies in the highly dynamic nature of ad hoc networks since new nodes can join and leave the network at any time. </p><p>The major problem in providing security services in such infrastructure less networks is how to manage the cryptographic keys that are needed. In order to design practical and efficient key management systems it is necessary to understand the characteristics of ad hoc networks and why traditional key management systems cannot be used. These issues are covered and the thesis also provides a summary of those key management solutions that have been proposed in the research literature so far.</p> Informationsteknik ad hoc networking key management network security Informationsteknik Information technology Informationsteknik
146	Grouper: A Packet Classification Algorithm Allowing Time-Space Tradeoffs Kuhn, Joshua Adam 01 January 2011 (has links) This thesis presents an algorithm for classifying packets according to arbitrary (including noncontiguous) bitmask rules. As its principal novelty, the algorithm is parameterized by the amount of memory available and can customize its data structures to optimize classification time without exceeding the given memory bound. The algorithm thus automatically trades time for space efficiency as needed. The two extremes of this time-space tradeoff (linear search through the rules versus a single table that maps every possible packet to its class number) are special cases of the general algorithm we present. Additional features of the algorithm include its simplicity, its open-source prototype implementation, its good performance even with worst-case rule sets, and its extendability to handle range rules and dynamic updates to rule sets. The contributions of this thesis first appeared in [1]. Algorithms Computer Networks Network Algorithms Network Security Security American Studies Arts and Humanities Computer Sciences
147	Prevention and Detection of Intrusions in Wireless Sensor Networks Butun, Ismail 01 January 2013 (has links) Wireless Sensor Networks (WSNs) continue to grow as one of the most exciting and challenging research areas of engineering. They are characterized by severely constrained computational and energy resources and also restricted by the ad-hoc network operational environment. They pose unique challenges, due to limited power supplies, low transmission bandwidth, small memory sizes and limited energy. Therefore, security techniques used in traditional networks cannot be directly adopted. So, new ideas and approaches are needed, in order to increase the overall security of the network. Security applications in such resource constrained WSNs with minimum overhead provides significant challenges, and is the main focus of this dissertation. There is no "one size fits all" solution in defending WSNs against intrusions and attacks. Therefore, intrusions and attacks against WSNs should be carefully examined to reveal specific vulnerabilities associated with them, before beginning the design of any kind of intrusion prevention and detection systems. By following this rationale, the dissertation starts with providing information regarding the WSNs, types of attacks towards WSNs, and the methods on how to prevent and detect them. Then, in order to secure WSNs, a security provisioning plan is provided. In general, the following processes may be involved in securing WSNs: Intrusion Prevention, Intrusion Detection, and Intrusion Mitigation. This dissertation presents solutions (algorithms and schemes) to the first two lines of defenses of the security provisioning plan, namely, Intrusion Prevention and Intrusion Detection. As a first line of defense in securing WSNs, this dissertation presents our proposed algorithm ("Two-Level User Authentication" scheme) as an Intrusion Prevention System (IPS) for WSNs. The algorithm uses two-level authentication between a sensor node and a user. It is designed for heterogeneous WSNs, meaning that the network consists of two components: regular nodes and more powerful cluster heads. The proposed scheme is evaluated both analytically and also in a simulation environment, by comparing it to the current state-of-the-art schemes in the literature. A comprehensive and systematic survey of the state-of-the-art in Intrusion Detection Systems (IDSs) that are proposed for Mobile Ad-Hoc Networks (MANETs) and WSNs is presented. Firstly, detailed information about IDSs is provided. This is followed by the analysis and comparison of each scheme along with their advantages and disadvantages from the perspective of security. Finally, guidelines on IDSs that are potentially applicable to WSNs are provided. Overall, this work would be very helpful to the researchers in developing their own IDSs for their WSNs. Clustering (of the nodes) is very important for WSNs not only in data aggregation, but also in increasing the overall performance of the network, especially in terms of total life-time. Besides, with the help of clustering, complex intrusion prevention and detection algorithms can be implemented. Therefore, background on the clustering algorithms is provided and then a clustering algorithm for WSNs is proposed, that is both power and connectivity aware. The proposed algorithm provides higher energy efficiency and increases the life-time of the network. In evaluating the proposed clustering algorithm (in a simulation environment by comparing its' performance to the previously proposed algorithm, namely Kachirski et al.'s algorithm), it is demonstrated that the proposed algorithm improves energy efficiency in WSNs. Finally, an IDS framework based on multi-level clustering for hierarchical WSNs is proposed. It is based upon (the nodes use our proposed clustering algorithm while forming their clusters) the clustering algorithm that is proposed in this dissertation. The framework provides two types of intrusion detection approaches, namely "Downwards-IDS (D-IDS)" to detect the abnormal behavior (intrusion) of the subordinate (member) nodes and "Upwards-IDS (U-IDS)" to detect the abnormal behavior of the cluster heads. By using analytical calculations, the optimum parameters for the D-IDS (number of maximum hops) and U-IDS (monitoring group size) of the framework are evaluated and presented. Overall, this dissertation research contributes to the first two lines of defenses towards the security of WSNs, namely, IPS and IDS. Furthermore, the final contribution of this dissertation is towards the topology formation of the WSNs (especially for the hierarchical WSNs), namely, clustering; which would be very useful in implementation of the IPS and IDS systems that are presented in this dissertation. access control clustering cryptography network security user authentication Computer Engineering Computer Sciences Electrical and Computer Engineering
148	Performance and security trade-offs in high-speed networks : an investigation into the performance and security modelling and evaluation of high-speed networks based on the quantitative analysis and experimentation of queueing networks and generalised stochastic Petri nets Miskeen, Guzlan Mohamed Alzaroug January 2013 (has links) Most used security mechanisms in high-speed networks have been adopted without adequate quantification of their impact on performance degradation. Appropriate quantitative network models may be employed for the evaluation and prediction of 'optimal' performance vs. security trade-offs. Several quantitative models introduced in the literature are based on queueing networks (QNs) and generalised stochastic Petri nets (GSPNs). However, these models do not take into consideration Performance Engineering Principles (PEPs) and the adverse impact of traffic burstiness and security protocols on performance. The contributions of this thesis are based on the development of an effective quantitative methodology for the analysis of arbitrary QN models and GSPNs through discrete-event simulation (DES) and extended applications into performance vs. security trade-offs involving infrastructure and infrastructure-less high-speed networks under bursty traffic conditions. Specifically, investigations are carried out focusing, for illustration purposes, on high-speed network routers subject to Access Control List (ACL) and also Robotic Ad Hoc Networks (RANETs) with Wired Equivalent Privacy (WEP) and Selective Security (SS) protocols, respectively. The Generalised Exponential (GE) distribution is used to model inter-arrival and service times at each node in order to capture the traffic burstiness of the network and predict pessimistic 'upper bounds' of network performance. In the context of a router with ACL mechanism representing an infrastructure network node, performance degradation is caused due to high-speed incoming traffic in conjunction with ACL security computations making the router a bottleneck in the network. To quantify and predict the trade-off of this degradation, the proposed quantitative methodology employs a suitable QN model consisting of two queues connected in a tandem configuration. These queues have single or quad-core CPUs with multiple-classes and correspond to a security processing node and a transmission forwarding node. First-Come-First-Served (FCFS) and Head-of-the-Line (HoL) are the adopted service disciplines together with Complete Buffer Sharing (CBS) and Partial Buffer Sharing (PBS) buffer management schemes. The mean response time and packet loss probability at each queue are employed as typical performance metrics. Numerical experiments are carried out, based on DES, in order to establish a balanced trade-off between security and performance towards the design and development of efficient router architectures under bursty traffic conditions. The proposed methodology is also applied into the evaluation of performance vs. security trade-offs of robotic ad hoc networks (RANETs) with mobility subject to Wired Equivalent Privacy (WEP) and Selective Security (SS) protocols. WEP protocol is engaged to provide confidentiality and integrity to exchanged data amongst robotic nodes of a RANET and thus, to prevent data capturing by unauthorised users. WEP security mechanisms in RANETs, as infrastructure-less networks, are performed at each individual robotic node subject to traffic burstiness as well as nodal mobility. In this context, the proposed quantitative methodology is extended to incorporate an open QN model of a RANET with Gated queues (G-Queues), arbitrary topology and multiple classes of data packets with FCFS and HoL disciplines under bursty arrival traffic flows characterised by an Interrupted Compound Poisson Process (ICPP). SS is included in the Gated-QN (G-QN) model in order to establish an 'optimal' performance vs. security trade-off. For this purpose, PEPs, such as the provision of multiple classes with HoL priorities and the availability of dual CPUs, are complemented by the inclusion of robot's mobility, enabling realistic decisions in mitigating the performance of mobile robotic nodes in the presence of security. The mean marginal end-to-end delay was adopted as the performance metric that gives indication on the security improvement. The proposed quantitative methodology is further enhanced by formulating an advanced hybrid framework for capturing 'optimal' performance vs. security trade-offs for each node of a RANET by taking more explicitly into consideration security control and battery life. Specifically, each robotic node is represented by a hybrid Gated GSPN (G-GSPN) and a QN model. In this context, the G-GSPN incorporates bursty multiple class traffic flows, nodal mobility, security processing and control whilst the QN model has, generally, an arbitrary configuration with finite capacity channel queues reflecting 'intra'-robot (component-to-component) communication and 'inter'-robot transmissions. Two theoretical case studies from the literature are adapted to illustrate the utility of the QN towards modelling 'intra' and 'inter' robot communications. Extensions of the combined performance and security metrics (CPSMs) proposed in the literature are suggested to facilitate investigating and optimising RANET's performance vs. security trade-offs. This framework has a promising potential modelling more meaningfully and explicitly the behaviour of security processing and control mechanisms as well as capturing the robot's heterogeneity (in terms of the robot architecture and application/task context) in the near future (c.f. [1]. Moreover, this framework should enable testing robot's configurations during design and development stages of RANETs as well as modifying and tuning existing configurations of RANETs towards enhanced 'optimal' performance and security trade-offs. 004
149	Προστασία συστημάτων από κατανεμημένες επιθέσεις στο Διαδίκτυο / Protecting systems from distributed attacks on the Internet Στεφανίδης, Κυριάκος 17 March 2014 (has links) Η παρούσα διατριβή πραγματεύεται το θέμα των κατανεμημένων επιθέσεων άρνησης υπηρεσιών στο Διαδίκτυο. Αναλύει τα υπάρχοντα συστήματα αντιμετώπισης και τα εργαλεία που χρησιμοποιούνται για την εξαπόλυση τέτοιου είδους επιθέσεων. Μελετά τον τρόπο που οργανώνονται οι επιθέσεις και παρουσιάζει την αρχιτεκτονική και την υλοποίηση ενός πρωτότυπου συστήματος ανίχνευσης των πηγών μιας κατανεμημένης επίθεσης άρνησης υπηρεσιών, καθώς και αντιμετώπισης των επιθέσεων αυτών. Τέλος, ασχολείται με το θέμα της ανεπιθύμητης αλληλογραφίας ως μιας διαφορετικού είδους επίθεση άρνησης υπηρεσιών και προτείνει ένα πρωτότυπο τρόπο αντιμετώπισής της. / In our thesis we deal with the issue of Distributed Denial of Service attacks on the Internet. We analyze the current defense methodologies and the tools that are used to unleash this type of attacks. We study the way that those attacks are constructed and organized and present a novel architecture, and its implementation details, of a system that is able to trace back to the true sources of such an attack as well as effectively filter such attacks in real time. Lastly we deal with the issue of spam e-mail as a different form of a distributed denial of service attack and propose a novel methodology that deals with the problem. Ασφάλεια δικτύων 005.8 Network security
150	Security and Privacy Preservation in Mobile Social Networks Liang, Xiaohui January 2013 (has links) Social networking extending the social circle of people has already become an important integral part of our daily lives. As reported by ComScore, social networking sites such as Facebook and Twitter have reached 82 percent of the world's online population, representing 1.2 billion users around the world. In the meantime, fueled by the dramatic advancements of smartphones and the ubiquitous connections of Bluetooth/WiFi/3G/LTE networks, social networking further becomes available for mobile users and keeps them posted on the up-to-date worldwide news and messages from their friends and families anytime anywhere. The convergence of social networking, advanced smartphones, and stable network infrastructures brings us a pervasive and omnipotent communication platform, named mobile social network (MSN), helping us stay connected better than ever. In the MSN, multiple communication techniques help users to launch a variety of applications in multiple communication domains including single-user domain, two-user domain, user-chain domain, and user-star domain. Within different communication domains, promising mobile applications are fostered. For example, nearby friend search application can be launched in the two-user or user-chain domains to help a user find other physically-close peers who have similar interests and preferences; local service providers disseminate advertising information to nearby users in the user-star domain; and health monitoring enables users to check the physiological signals in the single-user domain. Despite the tremendous benefits brought by the MSN, it still faces many technique challenges among of which security and privacy protections are the most important ones as smartphones are vulnerable to security attacks, users easily neglect their privacy preservation, and mutual trust relationships are difficult to be established in the MSN. In this thesis, we explore the unique characteristics and study typical research issues of the MSN. We conduct our research with a focus on security and privacy preservation while considering human factors. Specifically, we consider the profile matching application in the two-user domain, the cooperative data forwarding in the user-chain domain, the trustworthy service evaluation application in the user-star domain, and the healthcare monitoring application in the single-user domain. The main contributions are, i) considering the human comparison behavior and privacy requirements, we first propose a novel family of comparison-based privacy-preserving profile matching (PPM) protocols. The proposed protocols enable two users to obtain comparison results of attribute values in their profiles, while the attribute values are not disclosed. Taking user anonymity requirement as an evaluation metric, we analyze the anonymity protection of the proposed protocols. From the analysis, we found that the more comparison results are disclosed, the less anonymity protection is achieved by the protocol. Further, we explore the pseudonym strategy and an anonymity enhancing technique where users could be self-aware of the anonymity risk level and take appropriate actions when needed; ii) considering the inherent MSN nature --- opportunistic networking, we propose a cooperative privacy-preserving data forwarding (PDF) protocol to help users forward data to other users. We indicate that privacy and effective data forwarding are two conflicting goals: the cooperative data forwarding could be severely interrupted or even disabled when the privacy preservation of users is applied, because without sharing personal information users become unrecognizable to each other and the social interactions are no longer traceable. We explore the morality model of users from classic social theory, and use game-theoretic approach to obtain the optimal data forwarding strategy. Through simulation results, we show that the proposed cooperative data strategy can achieve both the privacy preservation and the forwarding efficiency; iii) to establish the trust relationship in a distributed MSN is a challenging task. We propose a trustworthy service evaluation (TSE) system, to help users exchange their service reviews toward local vendors. However, vendors and users could be the potential attackers aiming to disrupt the TSE system. We then consider the review attacks, i.e., vendors rejecting and modifying the authentic reviews of users, and the Sybil attacks, i.e., users abusing their pseudonyms to generate fake reviews. To prevent these attacks, we explore the token technique, the aggregate signature, and the secret sharing techniques. Simulation results show the security and the effectiveness of the TSE system can be guaranteed; iv) to improve the efficiency and reliability of communications in the single-user domain, we propose a prediction-based secure and reliable routing framework (PSR). It can be integrated with any specific routing protocol to improve the latter's reliability and prevent data injection attacks during data communication. We show that the regularity of body gesture can be learned and applied by body sensors such that the route with the highest predicted link quality can always be chose for data forwarding. The security analysis and simulation results show that the PSR significantly increases routing efficiency and reliability with or without the data injection attacks. Information Security Network Security Privacy Preservation Mobile Social Networks Electrical and Computer Engineering

Search results