Detecting Covert Timing Channels Using Normalizing Weights
|
|
- Madison Mathews
- 5 years ago
- Views:
Transcription
1 Detecting Covert Timing Channels Using Normalizing Weights Edna Milgo TSYS Department of computer Science Columbus State University Georgia, USA milgo Submitted on 06/04/2009 Abstract Covert timing channels utilized unused space in the packets to breach security of a network traffic. The information is send based on whether synchronization occurred over a given time or not. The pattern of on and off, can later be interpreted by the attacker as a series of 1 s or 0 s and may even be used to send large information in a short time. Attackers evade detection by mimicking a legitimate traffic and even varying the delays so as to evade detection.we propose a method which captures both the regularities and the irregularities in a network to determine whether it is legitimate or covert timing channels. We use weighted values to normalize the irregular patterns, and based on the normalize distribution graph, the system can determine if it is covert timing channel or not. 1 Introduction Covert channels are illegitimate network channels which could be used by attacker to breach security policies by sending information without the knowledge of the sender [1, 4]. Covert Timing channels uses synchronized timing to communicate information by either delaying synchronization for a given interval, or skipping the interval. Covert timing channels causes security breach by channeling sensitive private information when exploited by malicious software [5, 4].Covert timing channes are classified based on its connection with the legitimate channel. Active covert timing channel creates a new connection besides a legitimate one and utilize it to communicate, whereas, passive covert timing channels finds unused packet space in the legitimate traffic without creating a new connection. Passive covert channels are hard to detect due to their dependence nature on legitimate traffic, hence hard to distinguish them. Another classification is based on the resource affected namely: storage and timing [1]. Storage convert channels are used to directly or indirectly write or read from a memory location. Timing covert channels utilized the CPU synchronization to convey a message each time a clock is triggered. The attacker system have first to negotiate the mode of communication with the attacked system [1]. First they identify the start signal and the time interval of each communication. They 1
2 also agree on the silent period definition. The receiver will then analyze the information based on when the trigger was made, where a connection represents 1 and silence 0.The receiver can then formulate a meaningful information based on the binary bits. The regularity of the traffic pattern of covert channels could be used to distinguish them from the legitimate traffic, but attackers have device ways to evade this by varying the delay time at a given interval. Many research works have been done on ways of disrupting or stopping covert timing channels [3], most of which uses statistical methods of detection. These statistical tools alone are suitable if a strict statistical pattern can be followed by the attacker i.e. the channel communication is regular. Attackers have harden their detection by varying the pattern by introducing some delays from to the connection which brings irregularity in the pattern. Another challenge to the statistical approach is that there is need to collect sufficient amount of data from a covert channel to be able to analyst and proof that the communication has been compromised. This brings two major concerns to the system. 1) the attacker will be identified after he has already gathered information from the system. This is because the attacker will have an undisrupted communication during the analysis session, and 2) resource which includes the bandwidth, memory location and system time are wasted during this time of data analysis and in some cases a very detailed analysis may turn out to be legitimate. This shows that there is need to achieve a fast and approximate detector of the covert channel and the process should not consume a lot of resources. In [2], the author proposed an entropy approach for detecting covert timing channels where they follow an irregular pattern by using distribution bins. This method is suitable when the data range is small but may have varying results where the data is large. We present an approach based on the entropy approach, and introduce a weight w, which is a measure of the rate of delay and is used to normalize the distribution graph. The main contributions in this scheme are: Design a covert timing channel detection method which is prone to high jitter and irregular patterns. We normalize our distribution graphs based on the weighted value of the delay intervals. Design a real time detection which optimizes the bandwidth and faster so as to avoid causing unnecessary traffic. The data is sampled randomly and the weight calculation and analysis is done offline. Our approach is based on both statistical evaluation and fuzzy logic. The rest of the paper is organized as follows: Related work is described in section 2 and the proposed scheme in section 3. In section 4, we present conclusion and directions for future work. 2
3 2 Related work Various covert channels have been developed and used to test the system s vulnerability to covert timing channels. Most of the research had been focused on the active covert timing channels detection. Cabuk in [1], describes a scheme which could be used to detect and block covert timing channels on the TCP/IP section of the network layer. He first describes how the attacker could utilize the data section of the packet due to its inconsistence pattern and the size and then demostrate how a the irreqularity of the traffic can be used to distiguish it from legitimate traffic. In [2], the author proposed an entropy approach to detect covert timing channels. Their approach test the irregularity in the traffic pattern, rather that the distribution of the traffic, to identify a covert channel. They use binning strategy to achieve conditional entropy to for a given traffic. This method is however limited where the dataset is big and the bins will tend to be so large that the function is reduced. The approach uses estimations based on the corrected conditional entropy to determine the entropy rate. Gianvecchio et.al. [3], designed a model of the covert channel and used filters to characterize the features of legitimate traffic, while an analyzer fits the observed traffic to a model. In their scheme a model is believed to imitate the features of an ordinary traffic. This approach however may have the limitations where the training data may not always represent the varying characteristics of the current network, and where the attacker tries to evade detection by borrowing some of the features of a normal traffic. 3 Proposed Solution Distribution function An distribution graph is generated based on the idea proposed in [2].The number of bins and the area is then computed, such that each bin has the same area under the curve, but different widths. This approach is used based on its resistance to randomness in small data and to bring a uniform representation of the data, since the data is selected randomly. Time interval and weight The weight wis a measure between 0 and 1, where the value represents how irregular the pattern is in a network traffic. The time interval between any delay is measured and assigned a weight based on the difference between the current delay period and the preceding delay. The all the delays have the same interval i.e. the delay is uniform, the weight is 0 and there will be no normalization in the distribution function. The zero weight scenario is a regular covert timing channel. In a situation where the delay varies in every clock trigger, the weight is close to 1, and the distributed graph will be skewed upwards. 3
4 Normalization Once the weight has been determined, the original graph is then normalized where adjustments are made to every bin based on the weighted value of the delay. For high weights, the bins are altered in such a way that the variance and the mean are increased, but the distribution remain unchanged. Results The normalized graph tend to be follow a distributed function, which when compared to known functions of normal network traffic, the system can determine whether it is legitimate or not.a legitimate traffic follows a normal or a Poisson distribution while a covert channel follows a Kolmogorov chain distribution. 4 Conclusion The proposed approach is suitable to both regular and irregular timing patterns. The approach uses weighted value to normalize the distribution of an irregular pattern. This approach uses the algorithm proposed by [2] in the second part of the processing, where the weight is applied to the graph to adjust the binning scheme. The scheme utilizes the fuzzy error detection and weighted error correction to achieve a constant and well distributed graph. The scheme has the limitation in the extra time used to compute the weights and normalize the graph. This duration is however negligible when dealing with small data sets. Our future work will include the more input detection such as the error detection in order to achieve a higher normalizing value. The weights will also be extended to capture the weighted mean in the analysis stage. References [1] S. Cabuk, C. E. Brodley, and C. Shields. Ip covert timing channels: design and detection. CCS 04: Proceedings of the 11th ACM conference on Computer and communications security, pages , [2] S. Gianvecchio and H. Wang. Detecting covert timing channels: an entropy-based approach. 2nd In,ternational Conference on i-warfare and Security, pages , [3] S. Gianvecchio, H. Wang, D. Wijesekera, and S. Jajodia. Model-based covert timing channels:automated modeling and evasion. Lecture Notes in Computer Science, pages , [4] R. C. Newman. Covert computer and network communications. Proceedings of the 4th annual conference on Information security curriculum development, pages 1 8,
5 [5] A. B. Shaffer, M. Auguston, C. E. Irvine, and T. E. Levin. A security domain model to assess software for exploitable covert channels. Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security, pages 45 56,
Analysis of Attacks and Defense Mechanisms for QoS Signaling Protocols in MANETs
Analysis of Attacks and Defense Mechanisms for QoS Signaling Protocols in MANETs by Charikleia Zouridaki Charikleia Zouridaki 1, Marek Hejmo 1, Brian L. Mark 1, Roshan K. Thomas 2, and Kris Gaj 1 1 ECE
More informationWei Wang, Mehul Motani and Vikram srinivasan Department of Electrical & Computer Engineering National University of Singapore, Singapore
Wei Wang, Mehul Motani and Vikram srinivasan Department of Electrical & Computer Engineering National University of Singapore, Singapore CCS '08: Proceedings of the 15th ACM conference on Computer and
More informationCryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationLecture 12 Malware Defenses. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422
Lecture 12 Malware Defenses Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Bailey s ECE 422 Malware review How does the malware start running? Logic bomb? Trojan horse?
More informationCLACK: A Network Covert Channel Based on Partial Acknowledgment Encoding
CLACK: A Network Covert Channel Based on Partial Acknowledgment Encoding Xiapu Luo, Edmond W W Chan and Rocky K C Chang Department of Computing The Hong Kong Polytechnic University Hung Hom, Hong Kong,
More informationResist Intruders Manipulation via Context-based TCP/IP Packet Matching
2010 24th IEEE International Conference on Advanced Information Networking and Applications Resist Intruders Manipulation via Context-based TCP/IP Packet Matching Yongzhong Zhang College of Management
More informationCYBER ATTACKS EXPLAINED: WIRELESS ATTACKS
CYBER ATTACKS EXPLAINED: WIRELESS ATTACKS Wireless networks are everywhere, from the home to corporate data centres. They make our lives easier by avoiding bulky cables and related problems. But with these
More informationIdentifying Stepping Stone Attack using Trace Back Based Detection Approach
International Journal of Security Technology for Smart Device Vol.3, No.1 (2016), pp.15-20 http://dx.doi.org/10.21742/ijstsd.2016.3.1.03 Identifying Stepping Stone Attack using Trace Back Based Detection
More informationEvading Network Anomaly Detection Sytems - Fogla,Lee. Divya Muthukumaran
Evading Network Anomaly Detection Sytems - Fogla,Lee Divya Muthukumaran Intrusion detection Systems Signature Based IDS Monitor packets on the network Compare them against database of signatures/attributes
More informationMTAT Research Seminar in Cryptography Building a secure aggregation database
MTAT.07.006 Research Seminar in Cryptography Building a secure aggregation database Dan Bogdanov University of Tartu, Institute of Computer Science 22.10.2006 1 Introduction This paper starts by describing
More informationSemantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids
Semantic Security Analysis of SCADA Networks to Detect Malicious Control Commands in Power Grids Hui Lin, Adam Slagell, Zbigniew Kalbarczyk, Peter W. Sauer, and Ravishankar K. Iyer Department of Electrical
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationA Covert Timing Channel Based on DCT Domain of Inter Packet Delay Sequence
Journal of Information Hiding and Multimedia Signal Processing c 2016 ISSN 2073-4212 Ubiquitous International Volume 7, Number 6, November 2016 A Covert Timing Channel Based on DCT Domain of Inter Packet
More informationAuthors. Passive Data Link Layer Wireless Device Driver Fingerprinting. Agenda OVERVIEW. Problems. Device Drivers
Passive Data Link Layer 802.11 Wireless Device Driver Fingerprinting Presenter: Tyler Sidell April 2, 2008 Authors Jason Franklin, Carnegie Mellon Damon McCoy, University of Colorado Paria Tabriz, University
More informationMultivariate Correlation Analysis based detection of DOS with Tracebacking
1 Multivariate Correlation Analysis based detection of DOS with Tracebacking Jasheeda P Student Department of CSE Kathir College of Engineering Coimbatore jashi108@gmail.com T.K.P.Rajagopal Associate Professor
More informationMultimedia Congestion Control: Circuit Breakers for RTP Sessions draft-ietf-avtcore-rtp-circuit-breakers-07
Multimedia Congestion Control: Circuit Breakers for RTP Sessions draft-ietf-avtcore-rtp-circuit-breakers-07 Colin Perkins University of Glasgow Varun Singh Aalto University Changes in -06 Editorial fixes
More informationNew Approach towards Covert Communication using TCP-SQN Reference Model
ISSN 2278 0211 (Online) New Approach towards Covert Communication using TCP-SQN Reference Model Dhananjay M. Dakhane Department of Computer science & Engineering Sipna College of Engineering & Technology,
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationA Security Analysis of the Precise Time Protocol
A Security Analysis of the Precise Time Protocol Jeanette Tsang & Konstantin Beznosov December 5, 2006 Laboratory for Education and Research in Secure Systems Engineering (LERSSE) University of British
More informationLast lecture we talked about how Intrusion Detection works. Today we will talk about the attacks. Intrusion Detection. Shell code
4/25/2006 Lecture Notes: DOS Beili Wang Last lecture we talked about how Intrusion Detection works. Today we will talk about the attacks. Intrusion Detection Aps Monitor OS Internet Shell code Model In
More informationSecure coding practices
Secure coding practices www.infosys.com/finacle Universal Banking Solution Systems Integration Consulting Business Process Outsourcing Secure coding practices Writing good code is an art but equally important
More information1-7 Attacks on Cryptosystems
1-7 Attacks on Cryptosystems In the present era, not only business but almost all the aspects of human life are driven by information. Hence, it has become imperative to protect useful information from
More informationComputer Based Image Algorithm For Wireless Sensor Networks To Prevent Hotspot Locating Attack
Computer Based Image Algorithm For Wireless Sensor Networks To Prevent Hotspot Locating Attack J.Anbu selvan 1, P.Bharat 2, S.Mathiyalagan 3 J.Anand 4 1, 2, 3, 4 PG Scholar, BIT, Sathyamangalam ABSTRACT:
More informationEXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS
EXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS Andry Putra Fajar and Tito Waluyo Purboyo Faculty of Electrical Engineering,
More informationImplementation of AODV Protocol and Detection of Malicious Nodes in MANETs
Implementation of AODV Protocol and Detection of Malicious Nodes in MANETs Savithru Lokanath 1, Aravind Thayur 2 1 Department of Electronics & Communication Engineering, DayanandaSagar College of Engineering,
More informationTowards measuring anonymity
Towards measuring anonymity Claudia Díaz, Stefaan Seys, Joris Claessens, and Bart Preneel K.U.Leuven ESAT-COSIC Kasteelpark Arenberg 0, B-300 Leuven-Heverlee, Belgium claudia.diaz@esat.kuleuven.ac.be http://www.esat.kuleuven.ac.be/cosic/
More informationHigh Assurance Evaluations Challenges in Formal Security Policy Modeling & Covert Channel Analysis. Sai Pulugurtha September 24, 2008
High Assurance Evaluations Challenges in Formal Security Policy Modeling & Covert Channel Analysis Sai Pulugurtha September 24, 2008 Overview Introduction and Goals SPM and CCA Requirements in Common Criteria
More informationCongestion Control In The Internet Part 2: How it is implemented in TCP. JY Le Boudec 2014
1 Congestion Control In The Internet Part 2: How it is implemented in TCP JY Le Boudec 2014 Contents 1. Congestion control in TCP 2. The fairness of TCP 3. The loss throughput formula 4. Explicit Congestion
More informationMcPAD and HMM-Web: two different approaches for the detection of attacks against Web applications
McPAD and HMM-Web: two different approaches for the detection of attacks against Web applications Davide Ariu, Igino Corona, Giorgio Giacinto, Fabio Roli University of Cagliari, Dept. of Electrical and
More informationCyber Resiliency & Agility Call to Action
Cyber Resiliency & Agility Call to Action MITRE Resiliency Workshop May 31, 2012 Suzanne Hassell Engineering Fellow Raytheon Network Centric Systems shassell@raytheon.com Copyright 2012 Raytheon Company.
More informationMapping Internet Sensors with Probe Response Attacks
Mapping Internet Sensors with Probe Response Attacks John Bethencourt, Jason Franklin, and Mary Vernon {bethenco, jfrankli, vernon}@cs.wisc.edu Computer Sciences Department University of Wisconsin, Madison
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationEC-Council V9 Exam
Volume: 203 Questions Question: 1 TCP/IP model is a framework for the Internet Protocol suite of computer network protocols that defines the communication in an IP-based network. It provides end-to-end
More informationMeans for Intrusion Detection. Intrusion Detection. INFO404 - Lecture 13. Content
Intrusion Detection INFO404 - Lecture 13 21.04.2009 nfoukia@infoscience.otago.ac.nz Content Definition Network vs. Host IDS Misuse vs. Behavior Based IDS Means for Intrusion Detection Definitions (1) Intrusion:
More informationEFFECTIVE INTRUSION DETECTION AND REDUCING SECURITY RISKS IN VIRTUAL NETWORKS (EDSV)
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 8, August 2014,
More informationBehavior-Based Covert Channel in Cyberspace
Rochester Institute of Technology RIT Scholar Works Presentations and other scholarship 11-2009 Behavior-Based Covert Channel in Cyberspace Daryl Johnson Rochester Institute of Technology Bo Yuan Rochester
More informationCongestion Control In The Internet Part 2: How it is implemented in TCP. JY Le Boudec 2015
Congestion Control In The Internet Part 2: How it is implemented in TCP JY Le Boudec 2015 1 Contents 1. Congestion control in TCP 2. The fairness of TCP 3. The loss throughput formula 4. Explicit Congestion
More informationIntegrating Network QoS and Web QoS to Provide End-to-End QoS
Integrating Network QoS and Web QoS to Provide End-to-End QoS Wang Fei Wang Wen-dong Li Yu-hong Chen Shan-zhi State Key Lab of Networking and Switching, Beijing University of Posts & Telecommunications,
More informationFast and Evasive Attacks: Highlighting the Challenges Ahead
Fast and Evasive Attacks: Highlighting the Challenges Ahead Moheeb Rajab, Fabian Monrose, and Andreas Terzis Computer Science Department Johns Hopkins University Outline Background Related Work Sampling
More informationAN AD HOC NETWORK is a group of nodes without requiring
2260 IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 23, NO. 12, DECEMBER 2005 Attack-Resistant Cooperation Stimulation in Autonomous Ad Hoc Networks Wei Yu, Student Member, IEEE, and K. J. Ray
More informationHOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL
HOW TO CHOOSE A NEXT-GENERATION WEB APPLICATION FIREWALL CONTENTS EXECUTIVE SUMMARY 1 WEB APPLICATION SECURITY CHALLENGES 2 INSIST ON BEST-IN-CLASS CORE CAPABILITIES 3 HARNESSING ARTIFICIAL INTELLIGENCE
More informationANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS
ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS Saulius Grusnys, Ingrida Lagzdinyte Kaunas University of Technology, Department of Computer Networks, Studentu 50,
More informationExperiments with Applying Artificial Immune System in Network Attack Detection
Kennesaw State University DigitalCommons@Kennesaw State University KSU Proceedings on Cybersecurity Education, Research and Practice 2017 KSU Conference on Cybersecurity Education, Research and Practice
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationVisualizing Network Data for Intrusion Detection. Kulsoom Abdullah, Chris Lee, Gregory Conti, John A. Copeland June 16, 2005
Visualizing for Intrusion Detection Kulsoom Abdullah, Chris Lee, Gregory Conti, John A. Copeland June 16, 2005 Motivation/Background traffic capacity is greater than systems can process. attacks have not
More informationRobust Defenses for Cross-Site Request Forgery Review
Robust Defenses for Cross-Site Request Forgery Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 16, 2011 1 Introduction to the topic and the reason for the topic
More informationSECURE CLOUD BACKUP AND RECOVERY
SECURE CLOUD BACKUP AND RECOVERY Learn more about how KeepItSafe can help to reduce costs, save time, and provide compliance for online backup, disaster recovery-as-a-service, mobile data protection, and
More informationset active-probe (PfR)
set active-probe (PfR) set active-probe (PfR) To configure a Performance Routing (PfR) active probe with a forced target assignment within a PfR map, use the set active-probe command in PfR map configuration
More informationTransporting Voice by Using IP
Transporting Voice by Using IP Voice over UDP, not TCP Speech Small packets, 10 40 ms Occasional packet loss is not a catastrophe Delay-sensitive TCP: connection set-up, ack, retransmit delays 5 % packet
More informationCongestion Control In The Internet Part 2: How it is implemented in TCP. JY Le Boudec 2015
1 Congestion Control In The Internet Part 2: How it is implemented in TCP JY Le Boudec 2015 Contents 1. Congestion control in TCP 2. The fairness of TCP 3. The loss throughput formula 4. Explicit Congestion
More informationIntroduction Challenges with using ML Guidelines for using ML Conclusions
Introduction Challenges with using ML Guidelines for using ML Conclusions Misuse detection Exact descriptions of known bad behavior Anomaly detection Deviations from profiles of normal behavior First proposed
More informationAnomaly Detection in Communication Networks
Anomaly Detection in Communication Networks Prof. D. J. Parish High Speed networks Group Department of Electronic and Electrical Engineering D.J.Parish@lboro.ac.uk Loughborough University Overview u u
More informationPROFESSIONAL SERVICES
PROFESSIONAL SERVICES TELEPRESENCE CONSULTING 75% OF BUSINESS LEADERS BELIEVE THAT FACE-TO-FACE COLLABORATION IS CRITICAL. IT IMPROVES WORKFORCE PRODUCTIVITY, MAKES VIRTUAL TEAMS MORE EFFECTIVE AND SIGNIFICANTLY
More informationUsing Threat Analytics to Protect Privileged Access and Prevent Breaches
Using Threat Analytics to Protect Privileged Access and Prevent Breaches Under Attack Protecting privileged access and preventing breaches remains an urgent concern for companies of all sizes. Attackers
More informationA Hybrid Approach for Misbehavior Detection in Wireless Ad-Hoc Networks
A Hybrid Approach for Misbehavior Detection in Wireless Ad-Hoc Networks S. Balachandran, D. Dasgupta, L. Wang Intelligent Security Systems Research Lab Department of Computer Science The University of
More informationRuijie Anti-ARP Spoofing
White Paper Contents Introduction... 3 Technical Principle... 4 ARP...4 ARP Spoofing...5 Anti-ARP Spoofing Solutions... 7 Non-Network Device Solutions...7 Solutions...8 Application Cases of Anti-ARP Spoofing...11
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationCHAPTER 5 PROPAGATION DELAY
98 CHAPTER 5 PROPAGATION DELAY Underwater wireless sensor networks deployed of sensor nodes with sensing, forwarding and processing abilities that operate in underwater. In this environment brought challenges,
More informationForensic Network Analysis in the Time of APTs
SharkFest 16 Forensic Network Analysis in the Time of APTs June 16th 2016 Christian Landström Senior IT Security Consultant Airbus Defence and Space CyberSecurity Topics - Overview on security infrastructure
More informationH3C S9500 QoS Technology White Paper
H3C Key words: QoS, quality of service Abstract: The Ethernet technology is widely applied currently. At present, Ethernet is the leading technology in various independent local area networks (LANs), and
More informationPractical Lazy Scheduling in Wireless Sensor Networks. Ramana Rao Kompella and Alex C. Snoeren
Practical Lazy Scheduling in Wireless Sensor Networks Ramana Rao Kompella and Alex C. Snoeren Distributed Rate Adaptation Problem: In wireless networks (e.g., sensor nets, 802.11) radios consume significant
More informationProviding SCADA network data sets for intrusion detection research Antoine Lemay (ÉPM) José M. Fernandez (ÉPM) WORLD-CLASS ENGINEERING
Providing SCADA network data sets for intrusion detection research Antoine Lemay (ÉPM) José M. Fernandez (ÉPM) WORLD-CLASS ENGINEERING 1 PLAN Introduction to SCADA networks (Mis?)use of SCADA data sets
More informationPacket Length Based Steganography Detection in Transport Layer
International Journal of Scientific and Research Publications, Volume 2, Issue 2, December 202 Packet Length Based Steganography Detection in Transport Layer Rajeshwari Goudar, Anjali Patil Department
More informationPolymorphic Blending Attacks. Slides by Jelena Mirkovic
Polymorphic Blending Attacks Slides by Jelena Mirkovic 1 Motivation! Polymorphism is used by malicious code to evade signature-based IDSs Anomaly-based IDSs detect polymorphic attacks because their byte
More informationAUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID
AUTOMATED SECURITY ASSESSMENT AND MANAGEMENT OF THE ELECTRIC POWER GRID Sherif Abdelwahed Department of Electrical and Computer Engineering Mississippi State University Autonomic Security Management Modern
More informationCovert Channels through External Interference
Covert Channels through External Interference Gaurav Shah and Matt Blaze Department of Computer and Information Science University of Pennsylvania {gauravsh, blaze}@cis.upenn.edu Abstract This paper introduces
More informationIntro to Niara. no compromise behavioral analytics. Tomas Muliuolis HPE Aruba Baltics Lead
Intro to Niara no compromise behavioral analytics Tomas Muliuolis HPE Aruba Baltics Lead THE SECURITY GAP SECURITY SPEND DATA BREACHES 146 days median time from compromise to discovery PREVENTION & DETECTION
More informationPredicting connection quality in peer-to-peer real-time video streaming systems
Predicting connection quality in peer-to-peer real-time video streaming systems Alex Giladi Jeonghun Noh Information Systems Laboratory, Department of Electrical Engineering Stanford University, Stanford,
More informationECE 285 Class Project Report
ECE 285 Class Project Report Based on Source localization in an ocean waveguide using supervised machine learning Yiwen Gong ( yig122@eng.ucsd.edu), Yu Chai( yuc385@eng.ucsd.edu ), Yifeng Bu( ybu@eng.ucsd.edu
More informationA SYSTEM FOR DETECTION AND PRVENTION OF PATH BASED DENIAL OF SERVICE ATTACK
A SYSTEM FOR DETECTION AND PRVENTION OF PATH BASED DENIAL OF SERVICE ATTACK P.Priya 1, S.Tamilvanan 2 1 M.E-Computer Science and Engineering Student, Bharathidasan Engineering College, Nattrampalli. 2
More informationA Security Evaluation of DNSSEC with NSEC Review
A Security Evaluation of DNSSEC with NSEC Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka November 16, 2011 1 Introduction to the topic and the reason for the topic being
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationMapping Internet Sensors with Probe Response Attacks
Mapping Internet Sensors with Probe Response Attacks Computer Sciences Department University of Wisconsin, Madison Introduction Outline Background Example Attack Introduction to the Attack Basic Probe
More informationVULNERABILITY ASSESSMENT: SYSTEM AND NETWORK PENETRATION TESTING. Presented by: John O. Adeika Student ID:
VULNERABILITY ASSESSMENT: SYSTEM AND NETWORK PENETRATION TESTING. Presented by: John O. Adeika Student ID: 000205600 What is Penetration A penetration test, is a method of evaluating the security of a
More informationWhy You Should Consider a Hardware Based Protocol Analyzer?
Why You Should Consider a Hardware Based Protocol Analyzer? Software-only protocol analyzers are limited to accessing network traffic through the utilization of mirroring. While this is the most convenient
More informationDynamic Energy-based Encoding and Filtering in Sensor Networks (DEEF)
Dynamic Energy-based Encoding and Filtering in Sensor Networks (DEEF) Hailong Hou, *Cherita Corbett, Yingshu Li, Raheem Beyah Georgia State University, Department of Computer Science * Sandia National
More informationKishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009
Securing Web Applications: Defense Mechanisms Kishin Fatnani Founder & Director K-Secure Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009 1 Agenda Current scenario in Web Application
More informationScribe Notes -- October 31st, 2017
Scribe Notes -- October 31st, 2017 TCP/IP Protocol Suite Most popular protocol but was designed with fault tolerance in mind, not security. Consequences of this: People realized that errors in transmission
More information(In)security of ecient tree-based group key agreement using bilinear map
Loughborough University Institutional Repository (In)security of ecient tree-based group key agreement using bilinear map This item was submitted to Loughborough University's Institutional Repository by
More informationVoice, Video and Data Convergence:
: A best-practice approach for transitioning your network infrastructure White Paper The business benefits of network convergence are clear: fast, dependable, real-time communication, unprecedented information
More informationCisco Advanced Malware Protection (AMP) for Endpoints
Cisco Advanced Malware Protection (AMP) for Endpoints Endpoints continue to be the primary point of entry for attacks! 70% of breaches start on endpoint devices WHY? Gaps in protection Gaps in visibility
More informationYou will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent.
IDPS Effectiveness and Primary Takeaways You will discuss topics related to ethical hacking, information risks, and security techniques which hackers will seek to circumvent. IDPS Effectiveness and Primary
More informationInterconnecting Components
Interconnecting Components Need interconnections between CPU, memory, controllers Bus: shared communication channel Parallel set of wires for data and synchronization of data transfer Can become a bottleneck
More informationNetworking interview questions
Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected
More informationPURDUE UNIVERSITY GRADUATE SCHOOL Thesis Acceptance
PURDUE UNIVERSITY GRADUATE SCHOOL Thesis Acceptance This is to certify that the thesis prepared By Serdar Cabuk Entitled Network Covert Channels: Design, Analysis, Detection, and Elimination Complies with
More informationNGN: Carriers and Vendors Must Take Security Seriously
Research Brief NGN: Carriers and Vendors Must Take Security Seriously Abstract: The next-generation network will need to provide security on many levels. A comprehensive set of standards should be in place
More informationn Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test
Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration
More informationA Lightweight Statistical Authentication Protocol for Access Control in Wireless LANs
A Lightweight Statistical Authentication Protocol for Access Control in Wireless LANs Haoli Wang, Joel Cardo, Yong Guan ECE, Iowa State University ASWN 24 Introduction Emergence of visitor networks Visitor
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationJuniper Vendor Security Requirements
Juniper Vendor Security Requirements INTRODUCTION This document describes measures and processes that the Vendor shall, at a minimum, implement and maintain in order to protect Juniper Data against risks
More informationDetection of Resource-Drained Attacks on SIP-Based Wireless VoIP Networks
Detection of Resource-Drained Attacks on SIP-Based Wireless VoIP Networks Jin Tang, Yong Hao, Yu Cheng and Chi Zhou Department of Electrical and Computer Engineering Illinois Institute of Technology, Chicago,
More informationGeneral Data Protection Regulation
General Data Protection Regulation Workshare Ltd ( Workshare ) is a service provider with customers in many countries and takes the protection of customers data very seriously. In order to provide an enhanced
More informationSecuring the supply chain: A multi-pronged approach
Securing the supply chain: A multi-pronged approach By Jason Jaskolka and John Villasenor Stanford University University of California, Los Angeles June 1, 2017 This presentation addresses two key issues
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Intrusion Detection Systems Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking
More informationOff-Path TCP Exploits : Global Rate Limit Considered Dangerous
Off-Path TCP Exploits : Global Rate Limit Considered Dangerous Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, and Srikanth V. Krishnamurthy, University of California, Riverside; Lisa M. Marvel, United
More informationReal-Time Protocol (RTP)
Real-Time Protocol (RTP) Provides standard packet format for real-time application Typically runs over UDP Specifies header fields below Payload Type: 7 bits, providing 128 possible different types of
More informationLecture 2: Streaming Algorithms for Counting Distinct Elements
Lecture 2: Streaming Algorithms for Counting Distinct Elements 20th August, 2008 Streaming Algorithms Streaming Algorithms Streaming algorithms have the following properties: 1 items in the stream are
More informationOperational Security Capabilities for IP Network Infrastructure
Operational Security Capabilities F. Gont for IP Network Infrastructure G. Gont (opsec) UTN/FRH Internet-Draft September 1, 2008 Intended status: Informational Expires: March 5, 2009 Status of this Memo
More information