Introduction to Network Security Missouri S&T University CPE 5420 Anomaly Detection
|
|
- Sophia Farmer
- 6 years ago
- Views:
Transcription
1 Introduction to Network Security Missouri S&T University CPE 5420 Anomaly Detection Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology 31 October 2016 rev Egemen K. Çetinkaya
2 Anomaly Detection in Networks Outline Introduction and motivation Anomaly detection taxonomy Detection in wireless networks Signal analysis of anomalies Conclusions and summary 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 2
3 Anomaly Detection in Networks Introduction and Motivation Introduction and motivation Anomaly detection taxonomy Detection in wireless networks Signal analysis of anomalies Conclusions and summary 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 3
4 ResiliNets Strategy D 2 R 2 + DR Real time control loop: D 2 R 2 defend against challenges to normal ops passive active detect when defenses fail remediate to do the best possible recover to original state Background loop: DR diagnose fault that lead to failure refine future D 2 R 2 behavior Diagnose Defend Refine [SHÇ+2010] 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 4
5 Anomaly Detection in Networks Introduction and Motivation Detection is required once the defenses fail Threat model is essential for successful detection Primarily work in literature is about security flash crowds don t follow this Different domains need different detection algorithms wired vs. wireless Several types of detection mechanisms exist Historical progress: console monitoring for user activity reviewing logs: tedious, takes long time, after the attack? real-time systems: new attack recognition is not easy 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 5
6 Challenges to Normal Operation Perturbations Unintentional misconfiguration, operational mistakes random node or random link failures Large scale natural disasters (geo-correlated failures) natural: hurricanes, tsunami, floods, earthquakes, etc. man-made: fire, explosions, etc. Attacks from an intelligent adversary Environmental challenges primarily wireless environments Unusual but legitimate traffic (e.g. flash crowd) Dependent failures Social, political, economical, and business factors 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 6
7 P(t) 1 S a +S r T1 Model Survivability Attributes S u S r Remediate Egemen K. Çetinkaya Recover S a 0 t r t R t 0 t 1 t 2 t S u fraction unservable after failure at t 0 S a fraction available at t 0 S r fraction restored at t 1 full restoration at t 2 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 7
8 Challenge Evaluation ANSA Model V v 2 v 2 o 1 e 1 e 2 o 2 e 3 o 3 t 2 Correct operation all events occur within expectations e i E o i O : val(o i ) (t i, t i ) t 2 t [ER1994] 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 8
9 Anomaly Detection in Networks Anomaly Detection Taxonomy Introduction and motivation Anomaly detection taxonomy Detection in wireless networks Signal analysis of anomalies Conclusions and summary 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 9
10 Anomaly Detection in Networks Detection Model = M, D Anomaly detection system: Model of normal behavior: M Degree of deviation: D [TTV2004] 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 10
11 Anomaly Detection in Networks Classification Model Learn a model classifier From a set of labeled data instances training Classify using learned model testing [CBK2009] 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 11
12 Anomaly Detection in Networks Classification Boundaries Objects might classified based on attributes: x 1 & x 2 Linear classification finds a line between classes Classification boundaries may be non-linear [BBK2014] 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 12
13 Detection normal anomalous Egemen K. Çetinkaya Anomaly Detection in Networks Correct Detection of Events Also known as false alarm Successful detection false positive true negative true positive false negative Harmless event labeled normal Attacks not detected, similar to normal behavior harmless attack Event Nature [TTV2004] 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 13
14 Anomaly Detection Taxonomy Overview Network feature analyzed network traffic flow analysis protocol analysis network elements and topology Behavior model learnt models specification-based models Analysis scale microscale mesoscale macroscale 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 14
15 Anomaly Detection Taxonomy Network Feature Analyzed Network traffic flow analysis: utilizes temporal evolution of traffic flow stochastic process and signal analysis are main methods protocol analysis data link network transport application Network elements and topology 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 15
16 Anomaly Detection Taxonomy Behavior Models Constructing the normal behavior of the system by machine learning techniques manually providing specifications Learnt models statistical (e.g. estimators, Markov chains, etc.) rule-based artificial neural networks high false alarm rate since data is trained Specification-based models (signature or misuse) difficult, time consuming, only done once low false alarm rate 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 16
17 Anomaly Detection Taxonomy Analysis Scale Several dimensions of analysis exist microscale mesoscale macroscale Functional perspective: service, host, network Time dimension: hourly, daily/weekly, seasonal Protocol analysis: packets, streams, simultaneous analysis of connections 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 17
18 Anomaly Detection in Networks Detection in Wireless Networks Introduction and motivation Anomaly detection taxonomy Detection in wireless networks Signal analysis of anomalies Conclusions and summary 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 18
19 IDS in Wireless Networks Overview Mobile and wireless networks differ than wired nets links susceptible to attacks nodes do not have enough physical protection dynamic topology IDS agents in each mobile host IDS agents can detect and decide locally Collaborative among the nodes if node detects anomaly with weak evidence detection state information is propagated to neighbor nodes 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 19
20 IDS in Wireless Networks Detection State Information Use of level-of-confidence value: p % Node A concludes from local data there is intrusion Node A concludes from local and neighbor states Node A, B, C, collectively concludes about intrusion Weights can be included in computation nearby nodes can have more weight then distant nodes 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 20
21 IDS in Wireless Networks Detection Procedure Node sends intrusion state request to neighbor Each node propagates state information likelihood of intrusion to its immediate neighbors Each node determines whether majority of reports indicate intrusion if yes; node concludes network is under attack Any node detecting intrusion can initiate response e.g. initiating re-authentication to exclude malicious nodes 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 21
22 IDS in Wireless Networks Anomalies of MANET Routing Protocols Training of networks required for simulation this entails aggregation of trace files Routing intrusion metrics: percentage of changed routes it can also include: bad routes stale routes updated routes percentage of changes in the sum of hops of all routes Traffic flow, routing activities, topological patterns preferred in correlating change of information 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 22
23 Anomaly Detection in Networks Signal Analysis of Anomalies Introduction and motivation Anomaly detection taxonomy Detection in wireless networks Signal analysis of anomalies Conclusions and summary 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 23
24 Signal Analysis of Anomalies Overview Wavelets describes time series in frequency and time useful for characterizing data with spikes and discontinues Fourier transform is good for frequency analysis Following results show IP flow and SNMP data flow is end-to-end association: by src/dst address, port SNMP: Simple Network Management Protocol [RFC 1157] defines a set of MIB (Management Information Base) From Univ. of Wisconsin Madison gateway router data collected over 6 months analysis includes high, medium, low band data 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 24
25 Signal Analysis of Anomalies Ambient IP Flow Traffic Egemen K. Çetinkaya Baseline IP flow traffic [BKPR2002] 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 25
26 Signal Analysis of Anomalies Ambient SNMP Traffic Egemen K. Çetinkaya Baseline SNMP traffic [BKPR2002] 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 26
27 Signal Analysis of Anomalies Byte Traffic for Flash Crowd Long-lived events can be captured by: low-band and mid-band filters [BKPR2002] 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 27
28 Signal Analysis of Anomalies Average Packet Size for Flash Crowd Long-lived events can be captured by: low-band and mid-band filters [BKPR2002] 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 28
29 Signal Analysis of Anomalies Flow Traffic During DoS Attacks Short-lived events can be captured by: high-band and mid-band filters [BKPR2002] 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 29
30 Signal Analysis of Anomalies Byte Traffic During Measurement Analysis Short-lived events can be captured by: high-band and mid-band filters [BKPR2002] 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 30
31 Anomaly Detection in Networks Conclusions and Summary Introduction and motivation Anomaly detection taxonomy Detection in wireless networks Signal analysis of anomalies Conclusions and summary 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 31
32 Anomaly Detection Taxonomy Open Challenges [PP2007] Mechanisms to keep up with the high-speed nets Reduction of false alarm rate: 1/10 5 Evaluation of detection mechanisms/algorithms Defending detection systems from attacks attacks generating false alarms Better understanding of anomalies taxonomy of challenges IDS and encryption does not work IDS for internal attacks different access requirements for different users 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 32
33 Anomaly Detection Taxonomy Conclusions and Summary Detection is essential part of a resilient network Anomaly detection primarily applied in security area Wired/wireless domains have different mechanisms 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 33
34 References and Further Reading [KPS2002] Charlie Kaufman, Radia Perlman, and Mike Speciner, Network Security: Private Communication in a Public World, 2nd edition, Prentice Hall, [CBK2009] Varun Chandola, Arindam Banerjee, and Vipin Kumar, Anomaly Detection: A Survey, ACM Computing Surveys, Volume 41, Issue 3, pp. 15:1 15:58, July [ZLH2003] Yongguang Zhang, Wenke Lee, and Yi-An Huang, Intrusion Detection Techniques for Mobile Wireless Networks, Wireless Networks, Volume 9, Issues 5, pp , September [R1999] Martin Roesch, Snort Lightweight Intrusion Detection for Networks, in Proceedings of the 13th USENIX Conference on System Administration (LISA), Seattle, WA, November 1999, pp October 2016 MST CPE 5420 Anomaly Detection in Networks 34
35 References and Further Reading [SHÇ+2010] James P.G. Sterbenz, David Hutchison, Egemen K. Çetinkaya, Abdul Jabbar, Justin P. Rohrer, Marcus Schöller, and Paul Smith, Resilience and Survivability in Communication Networks: Strategies, Principles, and Survey of Disciplines, Computer Networks, Vol. 54, No. 8, pp , June [ANSA] Nigel Edwards and Owen Rees, A Model for Failures in Dependable Systems, ANSA Technical Report, March [ATIS] ATIS Technical Report 24, Network Survivability Performance, Nov October 2016 MST CPE 5420 Anomaly Detection in Networks 35
36 References and Further Reading [TTV2004] J. M. Estevez-Tapiador, P. Garcia-Teodoro, J. E. Diaz- Verdejo, Anomaly detection methods in wired networks: a survey and taxonomy, Computer Communications, Vol. 27, No. 16, October 2004, pp [BKPR2002] P. Barford, J. Kline, D. Plonka, A. Ron, A signal analysis of network traffic anomalies, ACM IMW, Marseille, 2002, pp [PP2007] A. Patcha and J. Park, An overview of anomaly detection techniques: Existing solutions and latest technological trends, Computer Networks, Vol. 51, No. 12, August 2007, pp [BBK2014] M. H. Bhuyan, D. K. Bhattacharyya, and J. K. Kalita, Network Anomaly Detection: Methods, Systems and Tools, IEEE Comm. Surveys & Tutorials, Vol. 16, No. 1, 2014, pp October 2016 MST CPE 5420 Anomaly Detection in Networks 36
37 End of Foils 31 October 2016 MST CPE 5420 Anomaly Detection in Networks 37
Introduction to Network Security Missouri S&T University CPE 5420 Network Access Control
Introduction to Network Security Missouri S&T University CPE 5420 Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu
More informationA Signal Analysis of Network Traffic Anomalies
A Signal Analysis of Network Traffic Anomalies Paul Barford with Jeffery Kline, David Plonka, Amos Ron University of Wisconsin Madison Fall, Overview Motivation: Anomaly detection remains difficult Objective:
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms
Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationResilient Networks Missouri S&T University CPE 6510 Graph Robustness and Algorithms
Resilient Networks Missouri S&T University CPE 6510 Graph Robustness and Algorithms Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science
More informationIntrusion Detection Systems
Intrusion Detection Systems Dr. Ahmad Almulhem Computer Engineering Department, KFUPM Spring 2008 Ahmad Almulhem - Network Security Engineering - 2008 1 / 15 Outline 1 Introduction Overview History 2 Types
More informationSpecification-based Intrusion Detection. Michael May CIS-700 Fall 2004
Specification-based Intrusion Detection Michael May CIS-700 Fall 2004 Overview Mobile ad hoc networking (MANET) new area of protocols Some old networking solutions work (TCP/IP) but things change with
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution
Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University
More informationResilient Networks Missouri S&T University CPE 6510 Network Security Overview
Resilient Networks Missouri S&T University CPE 6510 Network Security Overview Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Exam 2 Logistics
Introduction to Network Security Missouri S&T University CPE 5420 Exam 2 Logistics Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science
More informationAnalysis of Black-Hole Attack in MANET using AODV Routing Protocol
Analysis of Black-Hole Attack in MANET using Routing Protocol Ms Neha Choudhary Electronics and Communication Truba College of Engineering, Indore India Dr Sudhir Agrawal Electronics and Communication
More informationNetwork Traffic Anomaly Detection based on Ratio and Volume Analysis
190 Network Traffic Anomaly Detection based on Ratio and Volume Analysis Hyun Joo Kim, Jung C. Na, Jong S. Jang Active Security Technology Research Team Network Security Department Information Security
More informationITTC A Geographical Routing Protocol for Highly-Dynamic Aeronautical Networks
A Geographical Routing Protocol for Highly-Dynamic Aeronautical Networks Kevin Peters, Abdul Jabbar, Egemen K. Çetinkaya, James P.G. Sterbenz Department of Electrical Engineering & Computer Science Information
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard
Introduction to Network Security Missouri S&T University CPE 5420 Data Encryption Standard Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationIntroduction and Statement of the Problem
Chapter 1 Introduction and Statement of the Problem 1.1 Introduction Unlike conventional cellular wireless mobile networks that rely on centralized infrastructure to support mobility. An Adhoc network
More informationNarra, et al. Performance Analysis of AeroRP with Ground Station Advertisements. Hemanth Narra, Egemen K. Çetinkaya, and James P.G.
Performance Analysis of AeroRP with Ground Station Advertisements Hemanth Narra, Egemen K. Çetinkaya, and James P.G. Sterbenz Department of Electrical Engineering & Computer Science Information Technology
More informationAnomaly Detection. You Chen
Anomaly Detection You Chen 1 Two questions: (1) What is Anomaly Detection? (2) What are Anomalies? Anomaly detection refers to the problem of finding patterns in data that do not conform to expected behavior
More informationAttack Patterns Recognition Framework
Attack Patterns Recognition Framework Noor-ul-hassan Shirazi, Alberto Schaeffer-Filho and David Hutchison Lancaster University MSN2012:The Multi Service Networks Workshop Cosener s House, Abingdon, Oxfordshire,
More informationA Levy Alpha Stable Model for Anomaly Detection in Network Traffic
A Levy Alpha Stable Model for Anomaly Detection in Network Traffic Diana A Dept of IT, KalasalingamUniversity, Tamilnadu, India E-mail: arul.diana@gmail.com Mercy Christial T Asst. Prof I/IT, Dept of IT,
More informationResilient Communications: Staying connected during a disaster.
Resilient Communications: Staying connected during a disaster. A presentation by the Telecommunications Services of Trinidad and Tobago Limited (TSTT) on behalf of CANTO Agenda Resilient Telecommunication
More informationDetecting Anomalies in Network Traffic Using Maximum Entropy Estimation
Detecting Anomalies in Network Traffic Using Maximum Entropy Estimation Yu Gu, Andrew McCallum, Don Towsley Department of Computer Science, University of Massachusetts, Amherst, MA 01003 Abstract We develop
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationISSN: [Preet* et al., 6(5): May, 2017] Impact Factor: 4.116
IJESRT INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES & RESEARCH TECHNOLOGY DESIGNING SECURE MULTICASTING ROUTING ALGORITHMS IN MANET USING IDS Mrs Pooja Preet*, Dr. Rahul Mishra, Dr. Saket Agrawal * Ph.D.Scholar,Department
More informationInternational Journal of Scientific & Engineering Research, Volume 4, Issue 7, July-2013 ISSN
1 Review: Boosting Classifiers For Intrusion Detection Richa Rawat, Anurag Jain ABSTRACT Network and host intrusion detection systems monitor malicious activities and the management station is a technique
More informationA SYSTEM FOR DETECTION AND PRVENTION OF PATH BASED DENIAL OF SERVICE ATTACK
A SYSTEM FOR DETECTION AND PRVENTION OF PATH BASED DENIAL OF SERVICE ATTACK P.Priya 1, S.Tamilvanan 2 1 M.E-Computer Science and Engineering Student, Bharathidasan Engineering College, Nattrampalli. 2
More informationEffective Cluster Based Certificate Revocation with Vindication Capability in MANETS Project Report
Effective Cluster Based Certificate Revocation with Vindication Capability in MANETS Project Report Mandadapu Sravya M.Tech, Department of CSE, G. Narayanamma Institute of Technology and Science. Ch.Mandakini
More informationIntrusion Detection and Containment in Database Systems. Abhijit Bhosale M.Tech (IT) School of Information Technology, IIT Kharagpur
in Database Systems Abhijit Bhosale M.Tech (IT) School of Information Technology, IIT Kharagpur Topics Intrusion and Intrusion Detection Intrusion Detection in Database Systems Data Mining Approach Intrusion
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 9
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 9 Attacks and Attack Detection (Prevention, Detection and Response) Attacks and Attack
More informationANOMALY DETECTION IN COMMUNICTION NETWORKS
Anomaly Detection Summer School Lecture 2014 ANOMALY DETECTION IN COMMUNICTION NETWORKS Prof. D.J.Parish and Francisco Aparicio-Navarro Loughborough University (School of Electronic, Electrical and Systems
More informationOverview Intrusion Detection Systems and Practices
Overview Intrusion Detection Systems and Practices Chapter 13 Lecturer: Pei-yih Ting Intrusion Detection Concepts Dealing with Intruders Detecting Intruders Principles of Intrusions and IDS The IDS Taxonomy
More informationDouble Guard: Detecting intrusions in Multitier web applications with Security
ISSN 2395-1621 Double Guard: Detecting intrusions in Multitier web applications with Security #1 Amit Patil, #2 Vishal Thorat, #3 Amit Mane 1 amitpatil1810@gmail.com 2 vishalthorat5233@gmail.com 3 amitmane9975@gmail.com
More informationANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS
ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS Saulius Grusnys, Ingrida Lagzdinyte Kaunas University of Technology, Department of Computer Networks, Studentu 50,
More informationPerformance Analysis of Wireless Mobile ad Hoc Network with Varying Transmission Power
, pp.1-6 http://dx.doi.org/10.14257/ijsacs.2015.3.1.01 Performance Analysis of Wireless Mobile ad Hoc Network with Varying Transmission Power Surabhi Shrivastava, Laxmi Shrivastava and Sarita Singh Bhadauria
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationSpamming Botnets: Signatures and Characteristics
Spamming Botnets: Signatures and Characteristics Himanshu Jethawa Department of Computer Science Missouri University of Science and Technology hj5y3@mst.edu http://www.sigcomm.org/sites/default/files/ccr/papers/2008/
More informationMapping Internet Sensors with Probe Response Attacks
Mapping Internet Sensors with Probe Response Attacks John Bethencourt, Jason Franklin, and Mary Vernon {bethenco, jfrankli, vernon}@cs.wisc.edu Computer Sciences Department University of Wisconsin, Madison
More informationFlowzilla: A Methodology for Detecting Data Transfer Anomalies in Research Networks. Anna Giannakou, Daniel Gunter, Sean Peisert
Flowzilla: A Methodology for Detecting Data Transfer Anomalies in Research Networks Anna Giannakou, Daniel Gunter, Sean Peisert Research Networks Scientific applications that process large amounts of data
More informationInternational Journal of Computer Engineering and Applications, Volume XII, Issue I, Jan. 18, ISSN
International Journal of Computer Engineering and Applications, Volume XII, Issue I, Jan. 18, www.ijcea.com ISSN 2321-3469 INTRUSION DETECTION IN INTERNET OF THINGS A SURVEY T. S. Urmila, Dr. B. Balasubramanian
More informationOn Demand secure routing protocol resilient to Byzantine failures
On Demand secure routing protocol resilient to Byzantine failures Primary Reference: B. Awerbuch, D. Holmer, C. Nita-Rotaru, and H. Rubens, An on-demand secure routing protocol resilient to Byzantine failures,
More informationA METHOD TO DETECT PACKET DROP ATTACK IN MANET
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology ISSN 2320 088X IMPACT FACTOR: 6.017 IJCSMC,
More informationA Technique for Improving Security in Mobile Ad-hoc Networks
A Technique for Improving Security in Mobile Ad-hoc Networks By Ahmed Mahmoud Abdel Mo men A Master Thesis Submitted to the Faculty of Computers and Information Cairo University Information Technology
More informationSUMMERY, CONCLUSIONS AND FUTURE WORK
Chapter - 6 SUMMERY, CONCLUSIONS AND FUTURE WORK The entire Research Work on On-Demand Routing in Multi-Hop Wireless Mobile Ad hoc Networks has been presented in simplified and easy-to-read form in six
More informationMapping Internet Sensors with Probe Response Attacks
Mapping Internet Sensors with Probe Response Attacks Computer Sciences Department University of Wisconsin, Madison Introduction Outline Background Example Attack Introduction to the Attack Basic Probe
More informationCINBAD. CERN/HP ProCurve Joint Project on Networking. Post-C5 meeting, 12 June 2009 (hepix, 26 May 2009)
CINBAD CERN/HP ProCurve Joint Project on Networking Post-C meeting, 12 June 2009 (hepix, 26 May 2009) Ryszard Erazm Jurga - CERN Milosz Marian Hulboj - CERN Outline Introduction to CERN network CINBAD
More informationA Comprehensive Survey on Anomaly-Based Intrusion Detection in MANET
Computer and Information Science; Vol. 5, No. 4; 2012 ISSN 1913-8989 E-ISSN 1913-8997 Published by Canadian Center of Science and Education A Comprehensive Survey on Anomaly-Based Intrusion Detection in
More informationDetection Techniques in MANET
Detection Techniques in MANET Asma Ahmed 1, S. Razak 2, A. Hanan 2, Izzeldin Osman 3 1 Faculty of Computer Science and Information System, Universiti Technologi Malaysia, Johor, Malaysia 2 Department of
More informationCND Exam Blueprint v2.0
EC-Council C ND Certified Network Defende r CND Exam Blueprint v2.0 CND Exam Blueprint v2.0 1 Domains Objectives Weightage Number of Questions 1. Computer Network and Defense Fundamentals Understanding
More informationSystems and Network Security (NETW-1002)
Systems and Network Security (NETW-1002) Dr. Mohamed Abdelwahab Saleh IET-Networks, GUC Spring 2017 Course Outline Basic concepts of security: Attacks, security properties, protection mechanisms. Basic
More informationADVANCES in NATURAL and APPLIED SCIENCES
ADVANCES in NATURAL and APPLIED SCIENCES ISSN: 1995-0772 Published BYAENSI Publication EISSN: 1998-1090 http://www.aensiweb.com/anas 2017 February 11(2): pages 14-18 Open Access Journal A Novel Framework
More informationNetwork Security. Chapter 0. Attacks and Attack Detection
Network Security Chapter 0 Attacks and Attack Detection 1 Attacks and Attack Detection Have you ever been attacked (in the IT security sense)? What kind of attacks do you know? 2 What can happen? Part
More informationImpact of Sampling on Anomaly Detection
Impact of Sampling on Anomaly Detection DIMACS/DyDan Workshop on Internet Tomography Chen-Nee Chuah Robust & Ubiquitous Networking (RUBINET) Lab http://www.ece.ucdavis.edu/rubinet Electrical & Computer
More informationAn advanced data leakage detection system analyzing relations between data leak activity
An advanced data leakage detection system analyzing relations between data leak activity Min-Ji Seo 1 Ph. D. Student, Software Convergence Department, Soongsil University, Seoul, 156-743, Korea. 1 Orcid
More informationComputer and Network Security
Computer and Network Security c Copyright 2000 R. E. Newman Computer & Information Sciences & Engineering University Of Florida Gainesville, Florida 32611-6120 nemo@cise.ufl.edu Network Security (Pfleeger
More informationITTC Communication Networks Laboratory The University of Kansas EECS 563 Introduction to Protocol Analysis with Wireshark
Communication Networks Laboratory The University of Kansas EECS 563 Introduction to Protocol Analysis with Wireshark Trúc Anh N. Nguyễn, Egemen K. Çetinkaya, Mohammed Alenazi, and James P.G. Sterbenz Department
More informationProvision of Quality of Service with Router Support
Provision of Quality of Service with Router Support Hongli Luo Department of Computer and Electrical Engineering Technology and Information System and Technology Indiana University Purdue University Fort
More informationIntruders, Human Identification and Authentication, Web Authentication
Intruders, Human Identification and Authentication, Web Authentication David Sanchez Universitat Pompeu Fabra 06-06-2006 Lecture Overview Intruders and Intrusion Detection Systems Human Identification
More informationTowards Traffic Anomaly Detection via Reinforcement Learning and Data Flow
Towards Traffic Anomaly Detection via Reinforcement Learning and Data Flow Arturo Servin Computer Science, University of York aservin@cs.york.ac.uk Abstract. Protection of computer networks against security
More informationMeans for Intrusion Detection. Intrusion Detection. INFO404 - Lecture 13. Content
Intrusion Detection INFO404 - Lecture 13 21.04.2009 nfoukia@infoscience.otago.ac.nz Content Definition Network vs. Host IDS Misuse vs. Behavior Based IDS Means for Intrusion Detection Definitions (1) Intrusion:
More informationComputer Based Image Algorithm For Wireless Sensor Networks To Prevent Hotspot Locating Attack
Computer Based Image Algorithm For Wireless Sensor Networks To Prevent Hotspot Locating Attack J.Anbu selvan 1, P.Bharat 2, S.Mathiyalagan 3 J.Anand 4 1, 2, 3, 4 PG Scholar, BIT, Sathyamangalam ABSTRACT:
More informationSimulation of Intrusion Prevention System
106 Simulation of Intrusion Prevention System S.S.CHOPADE and Prof. Nitiket N.Mhala DMIETR,Wardha,M.S.,India H.O.D. of Electronics Engg, Bapurao Deshmukh COE, Sevagram,Wardha,M.S.,India ABSTRACT The security
More informationInternational Journal of Advance Engineering and Research Development
Scientific Journal of Impact Factor (SJIF): 3.134 ISSN (Online): 2348-4470 ISSN (Print) : 2348-6406 International Journal of Advance Engineering and Research Development Volume 1, Issue 11, November -2014
More informationLecture Notes on Critique of 1998 and 1999 DARPA IDS Evaluations
Lecture Notes on Critique of 1998 and 1999 DARPA IDS Evaluations Prateek Saxena March 3 2008 1 The Problems Today s lecture is on the discussion of the critique on 1998 and 1999 DARPA IDS evaluations conducted
More informationIJRIM Volume 1, Issue 4 (August, 2011) (ISSN ) A SURVEY ON BEHAVIOUR OF BLACKHOLE IN MANETS ABSTRACT
A SURVEY ON BEHAVIOUR OF BLACKHOLE IN MANETS Pinki Tanwar * Shweta** ABSTRACT A mobile adhoc network is a collection of mobile nodes which form a network which is not fixed. The nodes in the network dynamically
More informationAnomaly Detection in Communication Networks
Anomaly Detection in Communication Networks Prof. D. J. Parish High Speed networks Group Department of Electronic and Electrical Engineering D.J.Parish@lboro.ac.uk Loughborough University Overview u u
More informationITTC Communication Networks Laboratory The University of Kansas EECS 780 Introduction to Protocol Analysis with Wireshark
Communication Networks Laboratory The University of Kansas EECS 780 Introduction to Protocol Analysis with Wireshark Trúc Anh N. Nguyễn, Egemen K. Çetinkaya, Mohammed Alenazi, and James P.G. Sterbenz Department
More informationProCurve Network Immunity
ProCurve Network Immunity Hans-Jörg Elias Key Account Manager hans-joerg.elias@hp.com 2007 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
More informationA TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS
ISSN: 2229-6948 (ONLINE) ICTACT JOURNAL OF COMMUNICATION TECHNOLOGY, JUNE 2010, VOLUME: 01, ISSUE: 02 DOI: 10.21917/ijct.2010.0013 A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING
More informationIdentifying Stepping Stone Attack using Trace Back Based Detection Approach
International Journal of Security Technology for Smart Device Vol.3, No.1 (2016), pp.15-20 http://dx.doi.org/10.21742/ijstsd.2016.3.1.03 Identifying Stepping Stone Attack using Trace Back Based Detection
More informationSpoofing Detection in Wireless Networks
RESEARCH ARTICLE OPEN ACCESS Spoofing Detection in Wireless Networks S.Manikandan 1,C.Murugesh 2 1 PG Scholar, Department of CSE, National College of Engineering, India.mkmanikndn86@gmail.com 2 Associate
More informationSecure Routing in Wireless Sensor Networks: Attacks and Countermeasures
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures By Chris Karlof and David Wagner Lukas Wirne Anton Widera 23.11.2017 Table of content 1. Background 2. Sensor Networks vs. Ad-hoc
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Cryptology Overview
Introduction to Network Security Missouri S&T University CPE 5420 Cryptology Overview Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science
More informationZone-based Proactive Source Routing Protocol for Ad-hoc Networks
2014 IJSRSET Volume i Issue i Print ISSN : 2395-1990 Online ISSN : 2394-4099 Themed Section: Science Zone-based Proactive Source Routing Protocol for Ad-hoc Networks Dr.Sangheethaa.S 1, Dr. Arun Korath
More informationA Survey of BGP Security Review
A Survey of BGP Security Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka November 16, 2011 1 Introduction to the topic and the reason for the topic being interesting Border
More informationCONTROLLER AREA NETWORK (CAN) DEEP PACKET INSPECTION. Görkem Batmaz, Systems Engineer Ildikó Pete, Systems Engineer 28 th March, 2018
CONTROLLER AREA NETWORK (CAN) DEEP PACKET INSPECTION Görkem Batmaz, Systems Engineer Ildikó Pete, Systems Engineer 28 th March, 2018 Car Hacking Immediately my accelerator stopped working. As I frantically
More informationRaj Jain. Washington University in St. Louis
Intrusion Detection Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationMeasuring Intrusion Detection Capability: An Information- Theoretic Approach
Measuring Intrusion Detection Capability: An Information- Theoretic Approach Guofei Gu, Prahlad Fogla, David Dagon, Wenke Lee Georgia Tech Boris Skoric Philips Research Lab Outline Motivation Problem Why
More informationTHE PROPOSAL OF HYBRID INTRUSION DETECTION FOR DEFENCE OF SYNC FLOOD ATTACK IN WIRELESS SENSOR NETWORK
THE PROPOSAL OF HYBRID INTRUSION DETECTION FOR DEFENCE OF SYNC FLOOD ATTACK IN WIRELESS SENSOR NETWORK ABSTRACT Ruchi Bhatnagar 1 and Udai Shankar 2 1 Department of Information Technology, IIMT Engineering
More informationIntrusion Detection Systems Overview
Intrusion Detection Systems Overview Chris Figueroa East Carolina University figueroac13@ecu.edu Abstract Modern intrusion detection systems provide a first line of defense against attackers for organizations.
More informationNetwork Resilience Improvement and Evaluation Using Link Additions Ph.D. Dissertation Defense
Network Resilience Improvement and Evaluation Using Link Additions Ph.D. Dissertation Defense Mohammed J.F. Advisor: James P.G. Sterbenz Department of Electrical Engineering & Computer Science Information
More informationAn study of the concepts necessary to create, as well as the implementation of, a flexible data processing and reporting engine for large datasets.
An study of the concepts necessary to create, as well as the implementation of, a flexible data processing and reporting engine for large datasets. Ignus van Zyl 1 Statement of problem Network telescopes
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 11
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 11 Attack prevention, detection and response Acknowledgments This course is based
More informationSecurity of Mobile Ad Hoc and Wireless Sensor Networks
Security of Mobile Ad Hoc and Wireless Sensor Networks July, 2013 Edward Bonver LA Board Member Symantec Corporation edward@owasp.org Copyright The Foundation Permission is granted to copy, distribute
More informationCOMPARISON OF THE ACCURACY OF BIVARIATE REGRESSION AND BOX PLOT ANALYSIS IN DETECTING DDOS ATTACKS
International Journal of Electronics and Communication Engineering & Technology (IJECET) Volume 6, Issue 12, Dec 2015, pp. 43-48, Article ID: IJECET_06_12_007 Available online at http://www.iaeme.com/ijecetissues.asp?jtype=ijecet&vtype=6&itype=12
More informationCommunication Pattern Anomaly Detection in Process Control Systems
Communication Pattern Anomaly Detection in Process Control Systems Sponsored by the Department of Energy National SCADA Test Bed Program Managed by the National Energy Technology Laboratory The views herein
More informationDixit Verma Characterization and Implications of Flash Crowds and DoS attacks on websites
Characterization and Implications of Flash Crowds and DoS attacks on websites Dixit Verma Department of Electrical & Computer Engineering Missouri University of Science and Technology dv6cb@mst.edu 9 Feb
More informationDefending MANET against Blackhole Attackusing Modified AODV
IJSTE - International Journal of Science Technology & Engineering Volume 1 Issue 2 August 214 ISSN(online) : 2349-784X Defending MANET against Blackhole Attackusing Modified AODV Devang S. Patel P.G. Student
More informationA Hybrid Approach for Misbehavior Detection in Wireless Ad-Hoc Networks
A Hybrid Approach for Misbehavior Detection in Wireless Ad-Hoc Networks S. Balachandran, D. Dasgupta, L. Wang Intelligent Security Systems Research Lab Department of Computer Science The University of
More informationDetection and Localization of Multiple Spoofing using GADE and IDOL in WSN. U.Kavitha 1.
Detection and Localization of Multiple Spoofing using GADE and IDOL in WSN U.Kavitha 1 1 PG Student, Department of ECE, CK College of Engineering & Technology, Cuddalore, Tamil Nadu, India Abstract Wireless
More informationE-Commerce/Web Security
E-Commerce/Web Security Prepared For: Software Engineering 4C03 Kartik Sivaramakrishnan McMaster University 2005 Prepared by James Allin 9902847 1.0 - Introduction... 3 2.0 - E-Commerce Transaction Overview...
More informationIJSER. Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology
ISSN 2229-5518 321 Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology Abstract - Nowadays all are working with cloud Environment(cloud
More informationPerformance Evaluation of DSDV, DSR AND ZRP Protocol in MANET
Performance Evaluation of, AND Protocol in MANET Zaiba Ishrat IIMT Engg college,meerut Meerut, India Pankaj singh Sidhi vinayak Group of College,Alwar Alwar,Rajasthan Rehan Ahmad IIMT Engg college,meerut
More informationDetecting and Preventing Network Address Spoofing
Detecting and Preventing Network Address Spoofing Hamza A. Olwan 1, Mohammed A. Babiker 2 and Mohammed E. Hago 3 University of Khartoum, Sudan olwan777@gmail.com 1, moh_teg821@hotmail.com 2 and melzain88@gmail.com
More informationResearch in the Network Management Laboratory
Research in the Network Management Laboratory Adarsh Sethi Professor Department of Computer & Information Sciences University of Delaware About Myself PhD Indian Institute of Technology (IIT) Kanpur On
More informationalign security instill confidence
align security instill confidence cyber security Securing data has become a top priority across all industries. High-profile data breaches and the proliferation of advanced persistent threats have changed
More informationA Measurement Companion to the CIS Critical Security Controls (Version 6) October
A Measurement Companion to the CIS Critical Security Controls (Version 6) October 2015 1 A Measurement Companion to the CIS Critical Security Controls (Version 6) Introduction... 3 Description... 4 CIS
More informationINTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGIES, VOL. 02, ISSUE 01, JAN 2014
INTERNATIONAL JOURNAL OF INNOVATIVE TECHNOLOGIES, VOL. 02, ISSUE 01, JAN 2014 ISSN 2321 8665 LOW BANDWIDTH DDOS ATTACK DETECTION IN THE NETWORK 1 L. SHIVAKUMAR, 2 G. ANIL KUMAR 1 M.Tech CSC Dept, RVRIET,
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationSecuring BGP Networks using Consistent Check Algorithm
Securing BGP Networks using Consistent Check Algorithm C. K. Man, K.Y. Wong, and K. H. Yeung Abstract The Border Gateway Protocol (BGP) is the critical routing protocol in the Internet infrastructure.
More informationCE Advanced Network Security
CE 817 - Advanced Network Security Lecture 5 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained from other
More informationSSL Automated Signatures
SSL Automated Signatures WilliamWilsonandJugalKalita DepartmentofComputerScience UniversityofColorado ColoradoSprings,CO80920USA wjwilson057@gmail.com and kalita@eas.uccs.edu Abstract In the last few years
More information