Identifying Stepping Stone Attack using Trace Back Based Detection Approach
|
|
- Baldric Roy Spencer
- 6 years ago
- Views:
Transcription
1 International Journal of Security Technology for Smart Device Vol.3, No.1 (2016), pp Identifying Stepping Stone Attack using Trace Back Based Detection Approach Shaik.Moulali 1 Electrical & Electronics Engineering, KL University,Vaddeswaram, Guntur. itsmoulali212@kluniversity.in Abstract Networking is one of the major technological areas that face intrusion threat. Intruders on the Internet often prefer to launch network intrusions indirectly, i.e., using a chain of hosts on the Internet as relay machines by using protocols such as Telnet or SSH. This type of attack is called a stepping-stone attack.stepping-stone attacks are often used by networkintruders to hide their identities. Tracing attackers traffic through stepping stones is a challengingproblem.the main source of attack arises from intermediate hosts or routers called as stepping stones. Our paper focuses on developing an effective intrusion detection algorithm that identifies the stepping stone through a trace back policy, despite the perturbation caused by jitter and chaff.it involves tracing back the encrypted stepping stone all the way from the target host to its origin point. To trace attacks through a stepping stone, it is necessary to correlate the incoming traffic with the outgoing traffic at the stepping stone. By using our approach, we can detect any anomalous interactive traffic. 1. Introduction Internet has become more important than before, however, at the same time, Internet attack has increased significantly [1]. Intruders on the Internet often launch network intrusions indirectly, in order to decrease their chances of being discovered. Attackers can use intermediate hosts as their stepping stone before attacking the real target [2]. This compromised host has given some advantages for attackers to hide their track. In a stepping- stone attack, an attacker uses a sequence of hosts on the Internet as relay machines and constructs a chain of interactive connections using protocols such as Telnet or SSH. The attacker types commands on his local machine and then the commands are relayed via the chain of stepping stones" until they finally reach the victim. Because the final victim only sees the traffic from the last hop of the chain of the stepping stones, it is difficult for the victim to learn any information about the true origin of the attack. There has been considerable research on stepping stone detection like content-based techniques, timing-based methods and soon. Here, the methods focused on passive traffic monitoring but also raised the issue of active traffic perturbations. The initial line of research focused on content-based detection techniques, including comparing content over different streams looking for a high degree of correlation and actively injecting content watermarkinto interactive traffic. Later, timing-based stepping stone detection has become an active research area. But timing-based stepping stone detection has then focused on making the algorithm Article history: Received (December 25, 2015), Review Result (February 11, 2016), Accepted (March 02, 2016) Print ISSN: , eissn: IJSTSD Copyright c 2016GV School Publication
2 Identifying Stepping Stone Attack using Trace back based Detection Approach more resistant to evasions like timing perturbation and chaffs. Later, watermark-based scheme was proposed, which detects correlation between streams of packets by actively injecting watermark into inter-packet delays which may not hold in practice. In this paper, we propose an effective intrusion detection algorithm that identifies the stepping stone through a trace back policy, despite the perturbation caused by jitter and chaff. To construct a stepping stone detection algorithm that is robust against timing perturbations, and, that doesn t allow the stepping stone to evade from the detection process. It involves tracing back the encrypted stepping stone all the way from the target host to its origin point. To trace attacks through a stepping stone, it is necessary to correlate the incoming traffic with the outgoing traffic at the stepping stone. By using our approach, we can detect any anomalous interactive traffic. 2. Related work Staniford and Heberlein proposed a content-based algorithm that created thumbprints of streams and compared them, looking for extremely good matches. Another content-based approach, Sleepy Water-mark tracing, was proposed by Wang et al. These content-based approaches require that the content of the streams under consideration do not change significantly between the streams. Thus, for example, they do not apply to encrypted traffic such as SSH sessions. Another line of work studies correlation of streams based on connection timings. Yoda and Etoh [3] proposed a deviation-based algorithm to trace the connection chains of intruders. They computed deviations between a known intruder stream and all other concurrent streams n the Internet compared the packets of streams which have small deviations from the intruder's stream, and utilize these analyses to identify a set of streams that match the intruder stream. Wang et al. [4] proposed another timing-based approach that uses the arrival and departure times of packets to correlate connections in real-time. They showed that the interpacket timing characteristics are preserved across many router hops, and often uniquely identify the correlations between connections. These algorithms based on connection timings, however, are all vulnerable to active timing pertubation by the attacker - they will not be able to detect stepping stones when the attacker actively perturbs the timings of the packets on the stepping-stone streams. Snapp et al. [5] develop Distributed Intrusion Detection System (DIDS), a host-based tracing mechanism that keep track of user in the network and account for all activities to network-wide IDS. Research by Jung et al. [6] also studies ahost-based and passive based tracing mechanism called Caller Identification System (CIS).Caller ID, research conducted by Air Force is anhost-based approach. Both DIDS and CIS use passiveapproaches where network packets need to be captured continuously. However, it is different from Caller ID where tracing is executed when an intrusion is occurred. Wang and Reeves [7] proposed a watermark-based scheme, which can detect correlation between streams of encrypted packets. However, they assumethat the attacker's timing perturbation of packets is independent and identically distributed (iid). 3. Attack model Considers an origin host (where the attacker is located), a final host (the attack target) and a stepping stone chain between attacker and target. In this model, the stepping stone detectionproblem consists of detecting whether a given node belongs to the chain between 16 Shaik.Moulali
3 International Journal of Security Technology for Smart Device Vol.3, No.1 (2016)pp attacker and target, and the attacker tracebackproblem consists of detecting all stepping stones and the origin host associated with an attack to a target host. Attackers typically utilize interactive sessions (e.g., Telnet, SSH) between the origin host and the stepping stones, and between pairs of stepping stones, for initiating the attack. Monitoring the communication exchanged across these sessions is a typical initial step towards solving both problems. A session can be characterized as a sequence of ON and OFF periods, as follows. When there is no data traffic on a session for more than Tidle seconds, the session is considered to be in an OFF period. We consider a packet as containing data only if it carries data in its TCP payload. When a packet with non- empty payload then appears, the flow ends its OFF period and begins an ON period, which lasts until the session again goes data-idle for Tidleseconds Figure 1. Model for stepping stone 4. Algorithm for stepping stone detection The stepping stone algorithm is based on the fact that if two nodes are part of a stepping stone chain, then the flow of traffic on these machines will be highly correlated. Each connection is split into a stream of ON-OFF periods. An OFF period starts if no data traffic has been observed on a connection for more than Tidle (set to 500 milliseconds). Any packet seen after a connection is in an OFF period marks the end of the OFF period and the start of an ON period. If the difference between end times of OFF periods (or start times of ON periods) across two connections is less than (set to 80 milliseconds), then these OFF periods are said to be correlated as shown in Figure 1. If the attacker injects timing jitter or delay of more than α milliseconds in one of the connections, then he will be able to evade detection. This is because OFF periods are considered correlated only if their end times differ by less than α. If the attacker injects chaff packets randomly in one of the connections then the ratio of correlated OFF periods to the total OFF periods will reduce. Injecting sufficient chaff will cause this ratio to fall below and the attacker will be able to evade detection. 5. Anomaly detection algorithm and trace back methodology Anomaly is referred to the jitter and chaff that is introduced in the stepping stone detection algorithm in order to evade it. Response-time based algorithm is developed to detect jitter and Copyright c 2016GV School Publication 17
4 Identifying Stepping Stone Attack using Trace back based Detection Approach chaff based anomalies in interactive traffic. The stepping stone detection algorithms together with the anomaly detection techniques form a robust attacker traceback methodology that is difficult to evade. All the anomaly detection algorithms are online and can detect jitter and chaff in live interactive traffic. Our response-time based anomaly detection algorithm is based on the fact that in an interactive session, a packet on the forward leg of a connection (e.g. from a client to a server) must be followed by a response on the backward leg within a certain amount of time. Let C be an interactive connection where C12 indicates the flow of packets from client to server and C21 indicates the flow of packets from server to client. The pseudo code for response-time based anomaly detection algorithm is as follows: 1. Initialize ON Packets = 0, Anomalous Packets = 0 2. Let C12 (resp., C21) be the forward (resp., reverse) direction of an interactive connection 3. Split the packets on C12 into ON and OFF periods using T idle. 4. For every acknowledgement sent on C21 for a data packet sent on C12 Update RTT using Jacobson/Karles algorithm For every packet sent at ON period from C12 Increment count for ON Packets If response packet from C21 is sent within (RTT + RT )msec Packet is not anomalous Else Packet is anomalous Increment count for Anomalous Packets If procedure Check for anomaly returns yes Return: connection is anomalous due to jitter 5. Return: connection is not anomalous. The timing based stepping stone detection algorithm and the anomaly detection technique can be efficiently combined to form an integrated methodology for detecting the source of an intrusion and tracing back to the attacker, as follows. If the attacker uses a chain of intermediate nodes for malicious activity then this methodology consists of iterating the combination of the timing based stepping stone detection algorithm and the three anomaly detection techniques. Each execution of this combination helps detecting a new stepping stone even in the presence of active traffic perturbation like jitter and chaff, and adds a new node on the path from the target to the attacker, until tracing back to the attacker is completed. In this process, any attempts by the attacker to evade detection using jitter or chaff will cause the traffic to appear anomalous and the anomaly detection algorithms will flag the connections as anomalous. 18 Shaik.Moulali
5 International Journal of Security Technology for Smart Device Vol.3, No.1 (2016)pp Conclusion In this paper, we propose an effective intrusion detection algorithm that identifies the stepping stone through a trace back policy, despite the perturbation caused by jitter and chaff. To construct a stepping stone detection algorithm that is robust against timing perturbations, and, that doesn t allow the stepping stone to evade from the detection process. It involves tracing back the encrypted stepping stone all the way from the target host to its origin point. The anomaly detection algorithm coupled with the stepping stone detection algorithm provides an integrated framework that is robust and difficult to evade. To trace attacks through a stepping stone, it is necessary to correlate the incoming traffic with the outgoing traffic at the stepping stone. By using our approach, we can detect any anomalous interactive traffic. References [1] CERT, Explosion of Incidents, accessed June (2007). [2] Y. Zhang and V. Paxson, Detecting Stepping Stones, Proceeding on 9 th USENIX Security Symposium, pp , (2000), Denver, CO. [3] K. Yoda andh. Etoh, Finding a connection chain for tracing intruders, In: F. Guppens, Y. Deswarte, D. Gollmann and M. Waidner, editors, 6th European Symposium on Research in Computer Security,ESORICS 2000 LNCS-1895, October (2000), Toulouse, France. [4] X. Wang, D. Reeves and S. Wu, Inter-packet delay-based correlation for tracing encrypted connections through stepping stones, In D.Gollmann, G.Karjoth, M.Waidner, eds.: 7th European Symposium on Research in Computer Security, (ESORICS 2002), Lecture Notes in Computer Science, Springer, Vol. 2502, pp ,(2002). [5] S.R. Snapp, J. Brentano, G.V. Dias, T.L. Goan, L.T. Heberlein, C. Ho, K.N. Levitt, B. Mukherjee, S. E. Smaha, T. Grance, D.M. Teal and D. Mansur, DIDS (Distributed Intrusion Detection System) Motivation, Architecture and Early Prototype, Proceeding 14th National Computer Security Conference, pp , (1991). [6] H.T. Jung, H.L. Kim, Y.M. Seo, G. Choe, S.L. Min and C.S. Kim, Caller Identification System In The Internet Environment, Proceedings of 4th USENIX Security Symposium, (1997). [7] X. Wang and D. Reeves, Robust correlation of encrypted attack traffic through stepping stones by manipulation of inter-packet delays, In: Proceedings of the 2003 ACM Conference on Computer and Communications Security (CCS 2003), ACM Press, pp , (2003). Copyright c 2016GV School Publication 19
6 Identifying Stepping Stone Attack using Trace back based Detection Approach 20 Shaik.Moulali
Detecting Intrusion Attacks Caused By Stepping Stones in Interactive Networks
Detecting Intrusion Attacks Caused By Stepping Stones in Interactive Networks M. Shirine Banu 1, C. Rajanandhini 2 Periyar Maniammai University, Vallam. Tamilnadu, India. Email: shirine29@gmail.com Abstract:
More informationError-Free correlation in Encrypted Attack Traffic by Watermarking flow through Stepping Stones
e t International Journal on Emerging Technologies 6(2): 235-239(2015) ISSN No. (Print) : 0975-8364 ISSN No. (Online) : 2249-3255 Error-Free correlation in Encrypted Attack Traffic by Watermarking flow
More informationResist Intruders Manipulation via Context-based TCP/IP Packet Matching
2010 24th IEEE International Conference on Advanced Information Networking and Applications Resist Intruders Manipulation via Context-based TCP/IP Packet Matching Yongzhong Zhang College of Management
More informationDesign of Network-based Connection Traceback System for Current Internet Environment
Design of Network-based Connection Traceback for Current Internet Environment Yang-seo Choi, Hwan-kuk Kim, Byong-cheol Choi, Dong-ho Kang, Seung-wan Han, Dong-il Seo Anti-Cyber Terror Team Electronics
More informationMatching TCP/IP Packets to Resist Stepping-Stone Intruders Evasion
Matching TCP/IP Packets to Resist Stepping-Stone Intruders Evasion 1 Ni Long, 2 Jianhua Yang, 1 David Y. Song 1 Department of Electrical and Computer Engineering, North Carolina A & T University E-mail:
More informationActive Timing-Based Correlation of Perturbed Traffic Flows with Chaff Packets
Active Timing-Based Correlation of Perturbed Traffic Flows with Chaff Packets Pai Peng, Peng Ning, Douglas S. Reeves Department of Computer Science North Carolina State University Xinyuan Wang Department
More informationAn Algorithm to Detect Stepping-Stones in the Presence of Chaff Packets
An Algorithm to Detect Stepping-Stones in the Presence of Chaff Packets Ying-Wei Kuo and Shou-Hsuan Stephen Huang Department of Computer Science University of Houston Houston, TX, 77204, USA Email: {ykuo,
More informationTh e L o o p F a lla c y a n d S e ria liz a tio n in Tra c in g
Th e L o o p F a lla c y a n d S e ria liz a tio n in Tra c in g In tru s io n C o n n e c tio n s th ro u g h S te p p in g S to n e s Xin y u a n W a n g C y b e r D e fe n s e L a b D e p a rtm e n
More informationCorrelating Temporal Thumbprints for Tracing Intruders
Correlating Temporal Thumbprints for Tracing Intruders Jianhua Yang 1, Shou-Hsuan Stephen Huang 1 The Department of Mathematics and Computer Science, Bennett College 900 E. Washington Street, Greensboro,
More informationSolving Time Gap Problems Through The Optimization of Detecting Stepping Stone Algorithm
Solving Time Gap Problems Through The Optimization of Detecting Stepping Stone Algorithm Mohd Nizam Omar 1, Mohd Aizaini Maarof 2 and Anazida Zainal 3 1, 2, 3 Group on Artificial Immune Network and Security
More informationThe FootFall Project Tracing Attacks Through Non-Cooperative Networks and Stepping Stones with Timing-Based Watermarking
Computer Science The FootFall Project Tracing Attacks Through Non-Cooperative Networks and Stepping Stones with Timing-Based Watermarking Douglas Reeves Peng Ning N.C. State University Xinyuan Wang The
More informationA MULTI-AGENT BASED DISTRIBUTED INTRUSION PREVENTION SYSTEM AGAINST DDOS FLOODING ATTACKS
A MULTI-AGENT BASED DISTRIBUTED INTRUSION PREVENTION SYSTEM AGAINST DDOS FLOODING ATTACKS 1 A. SAIDI, 2 A. KARTIT, 3 M. EL MARRAKI 1 ALaboratoire De Recherche En Informatique Et Télécommunications Unité
More informationCorrelating TCP/IP Interactive Sessions with Correlation Coefficient to Detect Stepping-Stone Intrusion
9 International Conference on Advanced Information Networking and Applications Correlating TCP/IP Interactive Sessions with Correlation Coefficient to Detect Stepping-Stone Intrusion Guoqing Zhao College
More informationMatching TCP/IP Packets to Detect Stepping-Stone Intrusion
IJCSNS International Journal of Computer Science and Network Security, VOL.6 No.10, October 2006 269 Matching TCP/IP Packets to Detect Stepping-Stone Intrusion Jianhua Yang, and Shou-Hsuan Stephen Huang
More informationFinding a Connection Chain for Tracing Intruders
Finding a Connection Chain for Tracing Intruders Kunikazu Yoda and Hiroaki Etoh IBM Tokyo Research Laboratory, 1623-14 Shimotsuruma, Yamato, Kanagawa 242-8502, Japan {yoda,etoh}@jp.ibm.com Abstract. Intruders
More informationCERIAS Tech Report A RECURSIVE SESSION TOKEN PROTOCOL FOR USE IN COMPTUER FORENSICS AND TCP TRACEBACK. by Brian Carrier & Clay Shields
CERIAS Tech Report 2002-41 A RECURSIVE SESSION TOKEN PROTOCOL FOR USE IN COMPTUER FORENSICS AND TCP TRACEBACK by Brian Carrier & Clay Shields Center for Education and Research in Information Assurance
More informationEfficient Detection of Delay-Constrained Relay Nodes
Efficient Detection of Delay-Constrained Relay Nodes Baris Coskun Polytechnic University, ECE Dept. Six Metrotech Center Brooklyn, NY baris@isis.poly.edu Nasir Memon Polytechnic University, CIS Dept. Six
More informationKeywords: fingerprinting; flow watermarking; dynamic watermark; proactive network security.
2016 International Conference on Information Engineering and Communications Technology (IECT 2016) ISBN: 978-1-60595-375-5 SoftMF: A Software Defined Moving Fingerprinting Framework for Proactive Security
More informationMultivariate Correlation Analysis based detection of DOS with Tracebacking
1 Multivariate Correlation Analysis based detection of DOS with Tracebacking Jasheeda P Student Department of CSE Kathir College of Engineering Coimbatore jashi108@gmail.com T.K.P.Rajagopal Associate Professor
More informationOnion Routing. Varun Pandey Dept. of Computer Science, Virginia Tech. CS 6204, Spring
Onion Routing Varun Pandey Dept. of Computer Science, Virginia Tech 1 What is Onion Routing? a distributed overlay network to anonymize TCP based routing Circuit based (clients choose the circuit) Each
More informationA TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS
ISSN: 2229-6948 (ONLINE) ICTACT JOURNAL OF COMMUNICATION TECHNOLOGY, JUNE 2010, VOLUME: 01, ISSUE: 02 DOI: 10.21917/ijct.2010.0013 A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING
More informationFuzzy Intrusion Detection System
AU J.T. 6(2): 109-114 (Oct. 2002) Fuzzy Intrusion Detection System Piyakul Tillapart, Thanachai Thumthawatworn and Pratit Santiprabhob Faculty of Science and Technology, Assumption University Bangkok,
More informationThe New Cell-Counting-Based Against Anonymous Proxy
The New Cell-Counting-Based Against Anonymous Proxy Yadarthugalla Raju M.Tech Student, Department of CSE, Dr.K.V.S.R.I.T, Kurnool. K. Pavan Kumar Assistant Professor, Department of IT, Dr.K.V.S.R.I.T,
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Intrusion Detection Systems Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Privacy on Public Networks Internet is designed as a public network Wi-Fi access points,
More informationWeb Security Vulnerabilities: Challenges and Solutions
Web Security Vulnerabilities: Challenges and Solutions A Tutorial Proposal for ACM SAC 2018 by Dr. Hossain Shahriar Department of Information Technology Kennesaw State University Kennesaw, GA 30144, USA
More informationProtecting Network Quality of Service Against Denial of Service Attacks
Protecting Network Quality of Service Against Denial of Service Attacks Douglas S. Reeves Peter Wurman NC State University S. Felix Wu U.C. Davis Dan Stevenson Xiaoyong Wu MCNC DARPA FTN PI Meeting January
More informationOptimization of Firewall Rules
Optimization of Firewall Rules Tihomir Katić Predrag Pale Faculty of Electrical Engineering and Computing University of Zagreb Unska 3, HR 10000 Zagreb, Croatia tihomir.katic@fer.hr predrag.pale@fer.hr
More informationRobust TCP Stream Reassembly In the Presence of Adversaries
Robust TCP Stream Reassembly In the Presence of Adversaries Sarang Dharmapurikar and Vern Paxson Washington Univ. UC Berkeley Usenix Security 2005 Presented by N. Sertac Artan Motivation TCP Reassembly
More informationXun Gong, Student Member, IEEE, Mavis Rodrigues, Negar Kiyavash, Member, IEEE. Abstract
Invisible Flow Watermarks for Channels with 1 Dependent Substitution, Deletion, and Bursty Insertion Errors (Draft) arxiv:1302.5734v2 [cs.cr] 14 Jun 2013 Xun Gong, Student Member, IEEE, Mavis Rodrigues,
More informationDouble Guard: Detecting intrusions in Multitier web applications with Security
ISSN 2395-1621 Double Guard: Detecting intrusions in Multitier web applications with Security #1 Amit Patil, #2 Vishal Thorat, #3 Amit Mane 1 amitpatil1810@gmail.com 2 vishalthorat5233@gmail.com 3 amitmane9975@gmail.com
More informationDDOS Attack Prevention Technique in Cloud
DDOS Attack Prevention Technique in Cloud Priyanka Dembla, Chander Diwaker CSE Department, U.I.E.T Kurukshetra University Kurukshetra, Haryana, India Email: priyankadembla05@gmail.com Abstract Cloud computing
More informationA SIMPLE INTRODUCTION TO TOR
A SIMPLE INTRODUCTION TO TOR The Onion Router Fabrizio d'amore May 2015 Tor 2 Privacy on Public Networks Internet is designed as a public network Wi-Fi access points, network routers see all traffic that
More informationSmart Cooperative Firewalls
Smart Cooperative Firewalls An aid to a safer and secure cyber world Thomas Graves Computer Science Truman State University Kirksville Missouri USA tcg6531@truman.edu Abstract A Firewall is a necessity
More informationBotCatch: Botnet Detection Based on Coordinated Group Activities of Compromised Hosts
2014 7th International Symposium on Telecommunications (IST'2014) BotCatch: Botnet Based on Coordinated Group Activities of Compromised Hosts Mosa Yahyazadeh and Mahdi Abadi Faculty of Electrical and Computer
More information1.1 SYMPTOMS OF DDoS ATTACK:
2018 IJSRSET Volume 4 Issue 4 Print ISSN: 2395-1990 Online ISSN : 2394-4099 Themed Section : Engineering and Technology An Efficient Entropy Based Approach for the Detection of DDOS Attack Abhilash Singh,
More informationCE Advanced Network Security Anonymity II
CE 817 - Advanced Network Security Anonymity II Lecture 19 Mehdi Kharrazi Department of Computer Engineering Sharif University of Technology Acknowledgments: Some of the slides are fully or partially obtained
More informationA New Enhancement for Security Mechanism in Routers
Journal of Computer Science 4 (7): 565-570, 2008 ISSN 1549-3636 2008 Science Publications A New Enhancement for Security Mechanism in Routers 1 Khalid Khanfar, 2 Riyad Khanfar, 3 Walid Al-Ahmad and 4 Eyas
More informationAN exam March
AN exam March 29 2018 Dear student This exam consists of 7 questions. The total number of points is 100. Read the questions carefully. Be precise and concise. Write in a readable way. Q1. UDP and TCP (25
More informationFPGA based Network Traffic Analysis using Traffic Dispersion Graphs
FPGA based Network Traffic Analysis using Traffic Dispersion Graphs 2 nd September, 2010 Faisal N. Khan, P. O. Box 808, Livermore, CA 94551 This work performed under the auspices of the U.S. Department
More informationAnalyzing the Dual-Path Peer-to-Peer Anonymous Approach
Analyzing the Dual-Path Peer-to-Peer Anonymous Approach Ehsan Saboori K.N Toosi University of Technology Tehran, Iran Majid Rafigh Shahid Beheshti University (Former National University) Tehran, Iran Alireza
More informationIJSER. Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology
ISSN 2229-5518 321 Virtualization Intrusion Detection System in Cloud Environment Ku.Rupali D. Wankhade. Department of Computer Science and Technology Abstract - Nowadays all are working with cloud Environment(cloud
More informationForensic Analysis for Epidemic Attacks in Federated Networks
Forensic Analysis for Epidemic Attacks in Federated Networks Yinglian Xie, Vyas Sekar, Michael K. Reiter, Hui Zhang Carnegie Mellon University Presented by Gaurav Shah (Based on slides by Yinglian Xie
More informationAbstract. Keywords: Virus, inetmon Engine, Virus Parser, Virus Matching Engine. 1. Introduction
Real-Time Detection System Using inetmon Engine Sureswaran Ramadass, Azlan Bin Osman, Rahmat Budiarto, N. Sathiananthan, Ng Chin Keong, Choi Sy Jong Network Research Group, School Of Computer Science,
More informationMeans for Intrusion Detection. Intrusion Detection. INFO404 - Lecture 13. Content
Intrusion Detection INFO404 - Lecture 13 21.04.2009 nfoukia@infoscience.otago.ac.nz Content Definition Network vs. Host IDS Misuse vs. Behavior Based IDS Means for Intrusion Detection Definitions (1) Intrusion:
More informationDetecting Covert Timing Channels Using Normalizing Weights
Detecting Covert Timing Channels Using Normalizing Weights Edna Milgo TSYS Department of computer Science Columbus State University Georgia, USA milgo edna@colstate.edu Submitted on 06/04/2009 Abstract
More informationTowards Traffic Anomaly Detection via Reinforcement Learning and Data Flow
Towards Traffic Anomaly Detection via Reinforcement Learning and Data Flow Arturo Servin Computer Science, University of York aservin@cs.york.ac.uk Abstract. Protection of computer networks against security
More informationANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS
ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS Saulius Grusnys, Ingrida Lagzdinyte Kaunas University of Technology, Department of Computer Networks, Studentu 50,
More informationEECS 428 Final Project Report Distributed Real-Time Process Control Over TCP and the Internet Brian Robinson
EECS 428 Final Project Report Distributed Real-Time Process Control Over TCP and the Internet Brian Robinson 1.0 Introduction Distributed real-time process control, from a network communication view, involves
More informationThe Need for Flow Fingerprints to Link Correlated Network Flows
The Need for Flow Fingerprints to Link Correlated Network Flows Amir Houmansadr 1 and Nikita Borisov 2 1 The University of Texas at Austin amir@cs.utexas.edu 2 University of Illinois at Urbana-Champaign
More informationintelop Stealth IPS false Positive
There is a wide variety of network traffic. Servers can be using different operating systems, an FTP server application used in the demilitarized zone (DMZ) can be different from the one used in the corporate
More informationImplementation and Analysis of DoS Attack Detection Algorithms
Implementation and Analysis of DoS Attack Detection Algorithms Rupesh Jaiswal 1, Dr. Shashikant Lokhande 2, Aditya Gulavani 3 1 Assistant Professor, Dept. of E&TC, Pune Institute of Computer Technology,
More informationA Two-Layered Anomaly Detection Technique based on Multi-modal Flow Behavior Models
A Two-Layered Anomaly Detection Technique based on Multi-modal Flow Behavior Models Marc Ph. Stoecklin Jean-Yves Le Boudec Andreas Kind
More informationImproving the Database Logging Performance of the Snort Network Intrusion Detection Sensor
-0- Improving the Database Logging Performance of the Snort Network Intrusion Detection Sensor Lambert Schaelicke, Matthew R. Geiger, Curt J. Freeland Department of Computer Science and Engineering University
More informationDenial of Service, Traceback and Anonymity
Purdue University Center for Education and Research in Information Assurance and Security Denial of Service, Traceback and Anonymity Clay Shields Assistant Professor of Computer Sciences CERIAS Network
More informationWei Wang, Mehul Motani and Vikram srinivasan Department of Electrical & Computer Engineering National University of Singapore, Singapore
Wei Wang, Mehul Motani and Vikram srinivasan Department of Electrical & Computer Engineering National University of Singapore, Singapore CCS '08: Proceedings of the 15th ACM conference on Computer and
More informationAnonymous Communication: DC-nets, Crowds, Onion Routing. Simone Fischer-Hübner PETs PhD course Spring 2012
Anonymous Communication: DC-nets, Crowds, Onion Routing Simone Fischer-Hübner PETs PhD course Spring 2012 DC (Dining Cryptographers) nets [Chaum 1988 ] Chaum, CACM 28(10), October 1985 Who paid for the
More informationEnriching intrusion alerts through multi-host causality
Enriching intrusion alerts through multi-host causality Samuel T. King, Z. Morley Mao, Dominic G. Lucchetti, Peter M. Chen University of Michigan Abstract Current intrusion detection systems point out
More informationIntrusion Detection. Overview. Intrusion vs. Extrusion Detection. Concepts. Raj Jain. Washington University in St. Louis
Intrusion Detection Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: 22-1 1. Intruders 2. Intrusion
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationIntrusion Detection and Containment in Database Systems. Abhijit Bhosale M.Tech (IT) School of Information Technology, IIT Kharagpur
in Database Systems Abhijit Bhosale M.Tech (IT) School of Information Technology, IIT Kharagpur Topics Intrusion and Intrusion Detection Intrusion Detection in Database Systems Data Mining Approach Intrusion
More informationComputer Networks CS 552
Computer Networks CS 552 Badri Nath Rutgers University badri@cs.rutgers.edu Internet measurements-why? Why measure? What s the need? Do we need to measure? Can we just google it? What is the motivation?
More informationComputer Networks CS 552
Computer Networks CS 552 Badri Nath Rutgers University badri@cs.rutgers.edu 1. Measurements 1 Internet measurements-why? Why measure? What s the need? Do we need to measure? Can we just google it? What
More informationResearch on WSN Secure Communication Method Based on Digital Watermark for the Monitoring of Electric Transmission Lines
DOI: 10.23977/acss.2019.31002 EISSN 2371-8838 Advances in Computer, Signals and Systems (2019) 3: 8-14 Clausius Scientific Press, Canada Research on WSN Secure Communication Method Based on Digital Watermark
More informationConnection Logging. Introduction to Connection Logging
The following topics describe how to configure the Firepower System to log connections made by hosts on your monitored network: Introduction to, page 1 Strategies, page 2 Logging Decryptable Connections
More informationNETWORK INTRUSION. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
NETWORK INTRUSION Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Recognize different
More informationA METHOD FOR DETECTING FALSE POSITIVE AND FALSE NEGATIVE ATTACKS USING SIMULATION MODELS IN STATISTICAL EN- ROUTE FILTERING BASED WSNS
A METHOD FOR DETECTING FALSE POSITIVE AND FALSE NEGATIVE ATTACKS USING SIMULATION MODELS IN STATISTICAL EN- ROUTE FILTERING BASED WSNS Su Man Nam 1 and Tae Ho Cho 2 1 College of Information and Communication
More informationMcPAD and HMM-Web: two different approaches for the detection of attacks against Web applications
McPAD and HMM-Web: two different approaches for the detection of attacks against Web applications Davide Ariu, Igino Corona, Giorgio Giacinto, Fabio Roli University of Cagliari, Dept. of Electrical and
More informationProvision of Quality of Service with Router Support
Provision of Quality of Service with Router Support Hongli Luo Department of Computer and Electrical Engineering Technology and Information System and Technology Indiana University Purdue University Fort
More informationEFFECTIVE INTRUSION DETECTION AND REDUCING SECURITY RISKS IN VIRTUAL NETWORKS (EDSV)
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 8, August 2014,
More informationThe UCSD Network Telescope
The UCSD Network Telescope Colleen Shannon cshannon @ caida.org NSF CIED Site Visit November 22, 2004 UCSD CSE Motivation Blocking technologies for automated exploits is nascent and not widely deployed
More informationLecture 13 Page 1. Lecture 13 Page 3
IPsec Network Security: IPsec CS 239 Computer Software March 2, 2005 Until recently, the IP protocol had no standards for how to apply security Encryption and authentication layered on top Or provided
More informationConnection Logging. About Connection Logging
The following topics describe how to configure the Firepower System to log connections made by hosts on your monitored network: About, page 1 Strategies, page 2 Logging Decryptable Connections with SSL
More informationSpoofing Detection in Wireless Networks
RESEARCH ARTICLE OPEN ACCESS Spoofing Detection in Wireless Networks S.Manikandan 1,C.Murugesh 2 1 PG Scholar, Department of CSE, National College of Engineering, India.mkmanikndn86@gmail.com 2 Associate
More informationDenial of Service (DoS) Attack Detection by Using Fuzzy Logic over Network Flows
Denial of Service (DoS) Attack Detection by Using Fuzzy Logic over Network Flows S. Farzaneh Tabatabaei 1, Mazleena Salleh 2, MohammadReza Abbasy 3 and MohammadReza NajafTorkaman 4 Faculty of Computer
More informationEFFICIENT DEFENSE SYSTEM FOR IP SPOOFING IN NETWORKS
EFFICIENT DEFENSE SYSTEM FOR IP SPOOFING IN NETWORKS Emil Kuriakose John 1 and Sumaiya Thaseen 2 1 School of Information Technology and Engineering, VIT University, Vellore, Tamil Nadu, India ekj171@gmail.com
More informationA Rule-Based Intrusion Alert Correlation System for Integrated Security Management *
A Rule-Based Intrusion Correlation System for Integrated Security Management * Seong-Ho Lee 1, Hyung-Hyo Lee 2, and Bong-Nam Noh 1 1 Department of Computer Science, Chonnam National University, Gwangju,
More informationFlow Control Packet Marking Scheme: to identify the sources of Distributed Denial of Service Attacks
Flow Control Packet Marking Scheme: to identify the sources of Distributed Denial of Service Attacks A.Chitkala, K.S. Vijaya Lakshmi VRSE College,India. ABSTRACT-Flow Control Packet Marking Scheme is a
More informationQuadratic Route Factor Estimation Technique for Routing Attack Detection in Wireless Adhoc Networks
European Journal of Applied Sciences 8 (1): 41-46, 2016 ISSN 2079-2077 IDOSI Publications, 2016 DOI: 10.5829/idosi.ejas.2016.8.1.22852 Quadratic Route Factor Estimation Technique for Routing Attack Detection
More informationCERIAS Tech Report
CERIAS Tech Report 2004-36 THE SESSION TOKEN PROTOCOL FOR FORENSICS AND TRACEBACK by Brian Carrier and Clay Shields Center for Education and Research in Information Assurance and Security, Purdue University,
More informationExperience with SPM in IPv6
Experience with SPM in IPv6 Mingjiang Ye, Jianping Wu, and Miao Zhang Department of Computer Science, Tsinghua University, Beijing, 100084, P.R. China yemingjiang@csnet1.cs.tsinghua.edu.cn {zm,jianping}@cernet.edu.cn
More informationTRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS
TRACEBACK OF DOS OVER AUTONOMOUS SYSTEMS Mohammed Alenezi 1 and Martin J Reed 2 1 School of Computer Science and Electronic Engineering, University of Essex, UK mnmale@essex.ac.uk 2 School of Computer
More informationNIDS: Snort. Group 8. Niccolò Bisagno, Francesco Fiorenza, Giulio Carlo Gialanella, Riccardo Isoli
NIDS: Snort Group 8 Niccolò Bisagno, Francesco Fiorenza, Giulio Carlo Gialanella, Riccardo Isoli 1 Summary NIDS Snort Syn Flood Attack Exploit Kit Detection: Bleeding Life Packet Level Evasion Snort as
More informationImproving stream correlation attacks on anonymous networks
Improving stream correlation attacks on anonymous networks Gavin O Gorman Dublin City University Glasnevin, D9 Dublin, Ireland gavin.ogorman@computing.dcu.ie Stephen Blott Dublin City University Glasnevin,
More informationFlooding Attacks by Exploiting Persistent Forwarding Loops
Flooding Attacks by Exploiting Persistent Forwarding Jianhong Xia, Lixin Gao, Teng Fei University of Massachusetts at Amherst {jxia, lgao, tfei}@ecs.umass.edu ABSTRACT In this paper, we present flooding
More informationA hybrid IP Trace Back Scheme Using Integrate Packet logging with hash Table under Fixed Storage
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 2, Issue. 12, December 2013,
More informationDetecting Network Intruders in Real Time
Detecting Network Intruders in Real Time Vern Paxson ICSI Center for Internet Research (ICIR) International Computer Science Institute and Lawrence Berkeley National Laboratory University of California
More informationEvading Network Anomaly Detection Sytems - Fogla,Lee. Divya Muthukumaran
Evading Network Anomaly Detection Sytems - Fogla,Lee Divya Muthukumaran Intrusion detection Systems Signature Based IDS Monitor packets on the network Compare them against database of signatures/attributes
More informationOnion Routing. 1) Introduction. 2) Operations. by Harikrishnan S (M.Tech CSE) Ramji Nagariya (M.S CSE), Sai Sambhu J (M.Tech CSE).
Onion Routing by Harikrishnan S (M.Tech CSE) Ramji Nagariya (M.S CSE), Sai Sambhu J (M.Tech CSE). 1) Introduction Onion routing is an infrastructure for private communication over a public network. Traffic
More informationA Real-Time Network Simulation Application for Multimedia over IP
A Real-Time Simulation Application for Multimedia over IP ABSTRACT This paper details a Secure Voice over IP (SVoIP) development tool, the Simulation Application (Netsim), which provides real-time network
More informationCyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems
Cyber Common Technical Core (CCTC) Advance Sheet Windows Operating Systems Section 1: Command Line Tools Skill 1: Employ commands using command line interface 1.1 Use command line commands to gain situational
More informationCongestion Avoidance
Congestion Avoidance Richard T. B. Ma School of Computing National University of Singapore CS 5229: Advanced Compute Networks References K. K. Ramakrishnan, Raj Jain, A Binary Feedback Scheme for Congestion
More informationThe following topics describe how to configure correlation policies and rules.
The following topics describe how to configure correlation policies and rules. Introduction to and Rules, page 1 Configuring, page 2 Configuring Correlation Rules, page 5 Configuring Correlation Response
More informationSpecification-based Intrusion Detection. Michael May CIS-700 Fall 2004
Specification-based Intrusion Detection Michael May CIS-700 Fall 2004 Overview Mobile ad hoc networking (MANET) new area of protocols Some old networking solutions work (TCP/IP) but things change with
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationNetwork Forensics: Towards a classification of traceback mechanisms
Network Forensics: Towards a classification of traceback mechanisms Sarandis Mitropoulos, Dimitrios Patsos, Christos Douligeris Department of Informatics, University of Piraeus, 80, Karaoli and Dimitriou
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More information@IJMTER-2016, All rights Reserved ,2 Department of Computer Science, G.H. Raisoni College of Engineering Nagpur, India
Secure and Flexible Communication Technique: Implementation Using MAC Filter in WLAN and MANET for IP Spoofing Detection Ashwini R. Vaidya 1, Siddhant Jaiswal 2 1,2 Department of Computer Science, G.H.
More informationFailure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data
Failure Diagnosis and Cyber Intrusion Detection in Transmission Protection System Assets Using Synchrophasor Data Anurag Srivastava, Bo Cui, P. Banerjee Washington State University NASPI March 2017 Outline
More information(Submit to Bright Internet Global Summit - BIGS)
Reviewing Technological Solutions of Source Address Validation (Submit to Bright Internet Global Summit - BIGS) Jongbok Byun 1 Business School, Sungkyunkwan University Seoul, Korea Christopher P. Paolini
More information