Analysis of TCP Segment Header Based Attack Using Proposed Model
|
|
- Shon Warner
- 5 years ago
- Views:
Transcription
1 Chapter 4 Analysis of TCP Segment Header Based Attack Using Proposed Model 4.0 Introduction Though TCP has been extensively used for the wired network but is being used for mobile Adhoc network in the transport layer. As there is no complementary protocol available for providing the connection oriented services in the wireless Adhoc network. In this chapter common possible attacks using TCP segment header are summarized in both for wired and wireless TCP. Further features are extracted to identify the individual attacks, and then statistics are employed for further training and testing. After training of the training data set a model file is generated, which has a high confidence value and used for testing to generate the prediction file for detection of an intruder or friend. Test data set is adopted to check the accuracy of the model file, which is detection engine. Higher rate of true positive and true negative accuracy leads to improved results. The idea for introducing this chapter is from the 1998 DARPA intrusion detection evaluation program [59], where an environment was set up to acquire raw TCP/IP dump data for a network by simulating a typical U.S. Air Force LAN. The LAN was operated like a real environment, and is blasted by multiple attacks. 33
2 4.1 Attacks using the TCP Segment Header Using TCP segment header attack types falls into three main categories: Denial of Service Attack There are various types of DoS attacks are possible. But for this chapter we consider the case of the TCP / IP header only. If Segment Header with full capacity and start hour is busy hour and RST bit is ON Guest / Remote to Local (R2L) Login Attack (unauthorized access from a remote system) An attacker, who does not have rights of authentication on a targeted node, gains local access to extract files from the system, or modifies data in transit to the system. If TTL is the same for the different packets with FIN bit is ON and RST bit is on Probing: surveillance and other probing a. Ping sweep/ IP Sweep Ping (beacon signal) sweep is a technique used to identify which range of IP addresses map to live node. In this ICMP ECHO request are sent to multiple hosts. If a given address node is live, it will reply with an ICMP ECHO. A ping command is often used to verify that a network device/node is functioning or not. b. Port Sweep Port sweep is a method to probe a server or host for open ports and not the working ports to launch the zombie attack. If TCP/IP header by default or minimum value and SYN/FIN bit is ON. c. SYN Scan SYN scan is another form of TCP scanning. The port scanner software generates raw IP packets, and then monitors the responses from the targeted node. This scan type is called as "half-open handshaking". Exactly as it never opens a full TCP connection. The port scanner software generates a SYN packet. If the targeted node port is open, it will reply with a SYN-ACK packet. The scanner node will reply with a RST packet, and thus closing the connection before handshaking completed. d. SYN Scan with FIN SYN scans are not surreptitious enough; firewalls are present in general (for the wired network). Scanning and blocking packets in the form of SYN packets are possible by the 34
3 firewall. FIN bit ON packets are able to pass through firewalls without any modification. Closed ports from the targeted node will reply to a FIN packet with an appropriate RST packet, whereas open targeted ports will ignore the packets. 4.2 Methodology For training and testing of data set in this research employed support vector machine (SVM) is used as it is the best among the tools available [59], [63], [64], [65], [66], and [67]. SVM is used for solving a variety of learning, classification and prediction problems. SVM is a learning system that uses a hypothetically a space of linear functions. Training is given to the training data set with a learning algorithm from optimization based theory. This learning strategy introduced by Vapnik et al. [60], is a very powerful method that has been applied in a wide variety of applications. The basic SVM deals with a two-class problems in which the data are separated by a hyper plane defined by a number of support vectors. Support vectors are a subset of training data used to define the boundary between the two classes shown in Figure 4.1. Kernel function plays an important role in SVM, in practice, various kernel functions can be used, such as linear, radial, polynomial or sigmoid as per the complexity of input data set. Figure 4.1: Separation of two classes with SVM 35
4 4.3 Feature Selection In order to recognize attacks and to distinguish between a normal and an intrusive behavior; specific features are needed. Therefore, pre-processing algorithms have been applied to extract statistical information from the raw TCP dump output provided by the DARPA. Altogether 137 different features have been extracted from TCP/IP header information. With the help of Evolutionary Algorithm [61], these 137 features are grouped into 19 different categories by combining those features which are based on the same TCP/IP header information. Table 4.1: Feature extracted from TCP/IP header Feature Description F-1 Source Port F-2 Destination Port F-3 Connection Duration F-4 Number of Packets F-5 TTL (Time to Life) F-6 ToS (Type of Service) F-7 TCP Segment length F-8 Reserved Flag Groups F-9 URG- Flag F-10 ACK- Flag F-11 PSH Flag F-12 RST- Reset Flag F-13 SYN- Flag F-14 FIN- Flag F-15 Window length group F-16 TCP options Group F-17 Data Length Group F-18 TCP length Group F-19 Start Hour 4.4 Features Pruning For features pruning and features ranking, three performance criteria can be considered using SVM; accuracy (A) of classification, training time (TT) and testing time (TST). Each 36
5 feature can be ranked as important (I), secondary (S) and useless (U) for IDS. Above 19 features shown in Table 4.1 can be ranked according to the following rules: Rule Set: (MukkaMala) [59] 1. If A and TT and TST I 2. If A and TT and TST I 3. If A and TT and TST I 4. If A and TT and TST I 5. If A and TT and TST S 6. If A and TT and TST S 7. If A and TT and TST U 8. If A and TT and TST S 9. If A and TT and TST S 10. If A and TT and TST U MukkaMala, used these pruning rules for self identified 41 features from the DARPA data set. But in this research only 19 features are used for training and testing. From these features again we extracted the important feature {F-5, F-7, F-12, F-14}; secondary feature< F-3, F-10, F-11, F-13, F-19>; and useless features (F-1, F-2, F-4, F-6, F-8, F-9, F- 15, F-16, F-17, F-18) 4.5 Rules Set for Attack Using TCP Segment Header Association rules set of attacks identified using the important and secondary features can be described as follows. a. Denial of Service attack If (F7== P Max ^ F12 == ON ^ F14 == ON ^ F19 {9:00, 17:00}) b. Guest /Remote login If (F5==Equal TTL from previous request ^F12 == ON ^ F14 ==ON ^ F7 {0,514}) c. Probing (IP Sweep, NMap, Port Sweep) 37
6 IP Sweep If (F5 == Equal TTL from Previous Request ^ F7 == ICMP Request) NMap If (F5 == Equal TTL from Previous Request ^ F7 == ICMP Request ^ F14 == ON) Port Sweep If (F5 == Equal TTL from Previous Request ^ F12 == ON ^ F13 == ON ^ F14 == ON) d. General Rule Set If( (F7== P Max ^ F12 == ON ^ F14 == ON ^ F19 {9:00, 17:00}) (F5==Equal TTL From Previous Request ^ F12 == ON ^ F14 ==ON ^ F7 {0,514}) (F5 == Equal TTL from Previous Request ^ F7 == ICMP Request) (F5 == Equal TTL from Previous Request ^ F7 == ICMP Request ^ F14 == ON) (F5 == Equal TTL from Previous Request ^ F12 == ON ^ F13 == ON ^ F14 == ON) 4.6 Audited Data Training Data Set for Attacks Using TCP Segment Header 482 data sets are used for training and testing. Iterated and noisy data set is removed and then is arranged according to the features discussed in section 4.4. Four important features and five secondary features, i.e. total 9 features are used. rule sets from section 4.5 are applied to these data sets and perform the classification for malicious and trusted nodes. SVM LIGHT used binary classification and for this thesis; +1 stands for normal node and -1 stands for malicious node. Training file used in the simulation is added in appendix A. For training the data set following command is used in SVM: $. /svm_learn data/train. text data/model. text (4.1) 38
7 After verifying the accuracy, model file can be deployed in the process model of the appropriate layer of node model for Adhoc network. A node model for Adhoc network is shown in Figure 4.2 and the process model is given in Figure 4.3. Table 4.2: Training data set for TCP segment header based attack Input Feature Train Data Set Function Parameter (C, γ) CPU Run Time (in Sec) Mis- Classified Support Vector Linear Default Linear (0.5,0.5) Linear (1,0.5) Linear 1, Linear 2, Radial Default Radial (0.5,0.5) Radial (1,0.5) Radial 1, Radial 2, Sigmoid Default Sigmoid (0.5,0.5) Sigmoid (1,0.5) Sigmoid 1, Sigmoid 2, Figure 4.2: Node model of Adhoc network 39
8 4.6.2 Testing Data Set for Attack Using TCP Segment Header A model file generated after the training of the data set is the confidence value generated by SVM LIGHT, which is used to test the given test data set of prediction. The accuracy shows the true positive and true negative generated by detection engine. Accuracy generated above is on the basis of parameter cost (C) and gamma (γ); linear, radial and sigmoid kernel functions are used. On the basis of prediction file, prediction can be provided that indicates whether the node is an intruder or a normal node. For Testing the data set following command is used in SVM: $./svm_classify data/test. text data/model. txtdata/prediction. text (4.2) Figure 4.3: Process model of MANET (arbitrary layer only for description) Table 4.3: Test data set for TCP segment header based attack Input Test Function Correct Incorrect Accuracy Precision/Recall Features Data Set (%) Linear %/100% Linear %/34.81% Linear %/70.99% Linear %/70.99% Linear %/48.07% 40
9 9 482 Radial %/100% Radial %/100% Radial %/100% Radial %/100% Radial %/100% Sigmoid %/100% Sigmoid %/100% Sigmoid %/100% Sigmoid %/100% Sigmoid %/100% 4.7 Results and Validation In this thesis SVM LIGHT [62] is used for training and testing. Feature extracted from the TCP / IP header and binary classification is used for detecting the intruders. The accuracy of the model is given in Table 4.3 which achieves the highest in the radial function. A model file generated in Table 4.2 for radial function is the detection engine and will be deployed at an appropriate layer in the future. The accuracy of the proposed model is the highest in comparison to previous models shown in Table 4.4. But this accuracy is achieved in the given simulation environment and conditions it may vary for different scenarios. Table 4.4: Result comparison with previous models for TCP Segment Header based attacks 4.8 Conclusion S.No. Model Accuracy 1. PAYL (Wang and Stolfo et. Al [75]) 58.8% 2. POSEIDON (Damiano Bolzoni et. Al [76]) 73.2% 3. Wenke Lee et. Al [78] 80.2% 4. PbPHAD IDS Model (Shamsuddin et. Al [77]) % 5. Yuancheng Li et. Al [79] 87% 6. Tian Xinguang et. Al [80] 83.33% 7. Proposed Model 99.20% This chapter gives the idea about designing an intrusion detection engine for Transport layer. It introduces the possible attacks using a TCP segment header. Collection of data, extraction of features from raw data set and features pruning then rules are generated for the detection of intruders. The training data set is used to find the model file which is used to test with the test data set of different SVM functions (linear, radial, and sigmoid). To 41
10 stabilize the accuracy of the system, different C and gamma parameters are used. Accuracy of the system is very good and observed approximately 99% in the case of radial function. And the results are improved from the previously available conventional models. We can deploy the model file generated by this function for the detection engine in intrusion detection system for an Adhoc network environment. 42
Packet Header Formats
A P P E N D I X C Packet Header Formats S nort rules use the protocol type field to distinguish among different protocols. Different header parts in packets are used to determine the type of protocol used
More informationModule 19 : Threats in Network What makes a Network Vulnerable?
Module 19 : Threats in Network What makes a Network Vulnerable? Sharing Unknown path Many points of attack What makes a network vulnerable? Unknown perimeter Anonymity Complexity of system Categories of
More informationScanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE
UNIT III STUDY GUIDE Course Learning Outcomes for Unit III Upon completion of this unit, students should be able to: 1. Recall the terms port scanning, network scanning, and vulnerability scanning. 2.
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationINF5290 Ethical Hacking. Lecture 3: Network reconnaissance, port scanning. Universitetet i Oslo Laszlo Erdödi
INF5290 Ethical Hacking Lecture 3: Network reconnaissance, port scanning Universitetet i Oslo Laszlo Erdödi Lecture Overview Identifying hosts in a network Identifying services on a host What are the typical
More informationDetecting Specific Threats
The following topics explain how to use preprocessors in a network analysis policy to detect specific threats: Introduction to Specific Threat Detection, page 1 Back Orifice Detection, page 1 Portscan
More informationFriend Features Extraction to Design Detection Engine for Intrusion Detection System in Mobile Adhoc Network
Friend Features Extraction to Design Detection Engine for Intrusion Detection System in Mobile Adhoc Network Husain. Shahnawaz 1, Gupta S.C. 2, 1 Graphic Era University, Dehradun(U.K) India 2 Prof. Emeritus
More informationConfiguring attack detection and prevention 1
Contents Configuring attack detection and prevention 1 Overview 1 Attacks that the device can prevent 1 Single-packet attacks 1 Scanning attacks 2 Flood attacks 3 TCP fragment attack 4 Login DoS attack
More informationA quick theorical introduction to network scanning. 23rd November 2005
A quick theorical introduction to network ASBL CSRRT-LU (Computer Security Research and Response Team Luxembourg) http://www.csrrt.org/ 23rd November 2005 IP protocol ACK Network is not exact science When
More informationCSC 574 Computer and Network Security. TCP/IP Security
CSC 574 Computer and Network Security TCP/IP Security Alexandros Kapravelos kapravelos@ncsu.edu (Derived from slides by Will Enck and Micah Sherr) Network Stack, yet again Application Transport Network
More informationChapter 8 roadmap. Network Security
Chapter 8 roadmap 8.1 What is network security? 8.2 Principles of cryptography 8.3 Message integrity 8.4 Securing e-mail 8.5 Securing TCP connections: SSL 8.6 Network layer security: IPsec 8.7 Securing
More informationAttack Prevention Technology White Paper
Attack Prevention Technology White Paper Keywords: Attack prevention, denial of service Abstract: This document introduces the common network attacks and the corresponding prevention measures, and describes
More informationLayer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers
Layer 4: UDP, TCP, and others based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers Concepts application set transport set High-level, "Application Set" protocols deal only with how handled
More informationK2289: Using advanced tcpdump filters
K2289: Using advanced tcpdump filters Non-Diagnostic Original Publication Date: May 17, 2007 Update Date: Sep 21, 2017 Topic Introduction Filtering for packets using specific TCP flags headers Filtering
More informationHands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last revised 10-4-17 KonBoot Get into any account without the password Works on Windows and Linux No longer free Link Ch 5r From the
More informationHands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last revised 1-11-17 KonBoot Get into any account without the password Works on Windows and Linux No longer free Link Ch 5r From the
More informationTCP /IP Fundamentals Mr. Cantu
TCP /IP Fundamentals Mr. Cantu OSI Model and TCP/IP Model Comparison TCP / IP Protocols (Application Layer) The TCP/IP subprotocols listed in this layer are services that support a number of network functions:
More informationSoftware Engineering 4C03 Answer Key
Software Engineering 4C03 Answer Key DAY CLASS Dr. William M. Farmer DURATION OF EXAMINATION: 2 Hours MCMASTER UNIVERSITY FINAL EXAMINATION April 2002 (1) [2 pts.] Conventional encryption cannot be used
More informationConfiguring Flood Protection
Configuring Flood Protection NOTE: Control Plane flood protection is located on the Firewall Settings > Advanced Settings page. TIP: You must click Accept to activate any settings you select. The Firewall
More informationnetwork security s642 computer security adam everspaugh
network security s642 adam everspaugh ace@cs.wisc.edu computer security today Announcement: HW3 to be released WiFi IP, TCP DoS, DDoS, prevention 802.11 (wifi) STA = station AP = access point BSS = basic
More information9. Security. Safeguard Engine. Safeguard Engine Settings
9. Security Safeguard Engine Traffic Segmentation Settings Storm Control DoS Attack Prevention Settings Zone Defense Settings SSL Safeguard Engine D-Link s Safeguard Engine is a robust and innovative technology
More informationTCP TCP/IP: TCP. TCP segment. TCP segment. TCP encapsulation. TCP encapsulation 1/25/2012. Network Security Lecture 6
TCP TCP/IP: TCP Network Security Lecture 6 Based on IP Provides connection-oriented, reliable stream delivery service (handles loss, duplication, transmission errors, reordering) Provides port abstraction
More informationComputer Security and Privacy
CSE P 590 / CSE M 590 (Spring 2010) Computer Security and Privacy Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for
More informationFOCUS on Intrusion Detection: Intrusion Detection Level Analysis of Nmap and Queso Page 1 of 6
FOCUS on Intrusion Detection: Intrusion Detection Level Analysis of Nmap and Queso Page 1 of 6 Intrusion Detection Level Analysis of Nmap and Queso by Toby Miller last updated Wednesday, August 30, 2000
More informationM.Sc. Thesis Forensic examination of log files IMM-THESIS Written by Jóan Petur Petersen (s022087) Supervised by Robin Sharp IMM
M.Sc. Thesis Forensic examination of log files IMM-THESIS-2005-2 Written by Jóan Petur Petersen (s022087) Supervised by Robin Sharp IMM Informatics and Mathematical Modelling Technical University of Denmark
More informationA study on fuzzy intrusion detection
A study on fuzzy intrusion detection J.T. Yao S.L. Zhao L. V. Saxton Department of Computer Science University of Regina Regina, Saskatchewan, Canada S4S 0A2 E-mail: [jtyao,zhao200s,saxton]@cs.uregina.ca
More informationSingle Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking
1 Review of TCP/IP working Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path Frame Path Chapter 3 Client Host Trunk Link Server Host Panko, Corporate
More informationInternet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.
Internet Layers Application Application Transport Transport Network Network Network Network Link Link Link Link Ethernet Fiber Optics Physical Layer Wi-Fi ARP requests and responses IP: 192.168.1.1 MAC:
More informationStateless Firewall Implementation
Stateless Firewall Implementation Network Security Lab, 2016 Group 16 B.Gamaliel K.Noellar O.Vincent H.Tewelde Outline : I. Enviroment Setup II. Today s Task III. Conclusion 2 Lab Objectives : After this
More informationIdentification of Effective Optimal Network Feature Set for Probing Attack Detection Using PCA Method
Identification of Effective Optimal Network Feature Set for Probing Attack Detection Using PCA Method Peyman Kabiri 1, Gholam Reza Zargar 2 1 School of Computer Engineering Iran University of Science and
More informationImproved Detection of Low-Profile Probes and Denial-of-Service Attacks*
Improved Detection of Low-Profile Probes and Denial-of-Service Attacks* William W. Streilein Rob K. Cunningham, Seth E. Webster Workshop on Statistical and Machine Learning Techniques in Computer Intrusion
More informationHP High-End Firewalls
HP High-End Firewalls Attack Protection Configuration Guide Part number: 5998-2650 Software version: F1000-A-EI&F1000-S-EI: R3721 F5000: F3210 F1000-E: F3171 Firewall module: F3171 Document version: 6PW101-20120719
More informationUser Datagram Protocol
Topics Transport Layer TCP s three-way handshake TCP s connection termination sequence TCP s TIME_WAIT state TCP and UDP buffering by the socket layer 2 Introduction UDP is a simple, unreliable datagram
More informationTable of Contents. 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1
Table of Contents 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1 i 1 Intrusion Detection Statistics Overview Intrusion detection is an important network
More informationIntrusion Detection - Snort
Intrusion Detection - Snort 1 Sometimes, Defenses Fail Our defenses aren t perfect Patches aren t applied promptly enough AV signatures not always up to date 0-days get through Someone brings in an infected
More informationBasics of executing a penetration test
Basics of executing a penetration test 25.04.2013, WrUT BAITSE guest lecture Bernhards Blumbergs, CERT.LV Outline Reconnaissance and footprinting Scanning and enumeration System exploitation Outline Reconnaisance
More informationIntroduction and Statement of the Problem
Chapter 1 Introduction and Statement of the Problem 1.1 Introduction Unlike conventional cellular wireless mobile networks that rely on centralized infrastructure to support mobility. An Adhoc network
More informationELEC5616 COMPUTER & NETWORK SECURITY
ELEC5616 COMPUTER & NETWORK SECURITY Lecture 17: Network Protocols I IP The Internet Protocol (IP) is a stateless protocol that is used to send packets from one machine to another using 32- bit addresses
More informationOutline. What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack
Attacks on TCP Outline What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack TCP Protocol Transmission Control Protocol (TCP) is a core protocol
More informationConfiguring ACLs. ACL overview. ACL categories. ACL numbering and naming
Contents Configuring ACLs 1 ACL overview 1 ACL categories 1 ACL numbering and naming 1 Match order 2 ACL rule numbering 3 Implementing time-based ACL rules 3 IPv4 fragments filtering with ACLs 3 Flow templates
More informationHP High-End Firewalls
HP High-End Firewalls Attack Protection Configuration Guide Part number: 5998-2630 Software version: F1000-E/Firewall module: R3166 F5000-A5: R3206 Document version: 6PW101-20120706 Legal and notice information
More informationHands-On Ethical Hacking and Network Defense
Hands-On Ethical Hacking and Network Defense Chapter 2 TCP/IP Concepts Review Last modified 1-11-17 Objectives Describe the TCP/IP protocol stack Explain the basic concepts of IP addressing Explain the
More informationCCNA 1 Chapter 7 v5.0 Exam Answers 2013
CCNA 1 Chapter 7 v5.0 Exam Answers 2013 1 A PC is downloading a large file from a server. The TCP window is 1000 bytes. The server is sending the file using 100-byte segments. How many segments will the
More informationEthical Hacking Basics Course
Ethical Hacking Basics Course By : Mohammad Askar @Mohammadaskar2 Module 3 Information Gathering. Definition of Information Gathering Information Gathering means the proccess to collecting data and information
More informationNetwork Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)
1 Network Security Kitisak Jirawannakool Electronics Government Agency (public organisation) A Brief History of the World 2 OSI Model vs TCP/IP suite 3 TFTP & SMTP 4 ICMP 5 NAT/PAT 6 ARP/RARP 7 DHCP 8
More informationComputer Science 3CN3 and Software Engineering 4C03 Final Exam Answer Key
Computer Science 3CN3 and Software Engineering 4C03 Final Exam Answer Key DAY CLASS Dr. William M. Farmer DURATION OF EXAMINATION: 2 Hours MCMASTER UNIVERSITY FINAL EXAMINATION April 2008 THIS EXAMINATION
More informationIntrusion Detection System based on Support Vector Machine and BN-KDD Data Set
Intrusion Detection System based on Support Vector Machine and BN-KDD Data Set Razieh Baradaran, Department of information technology, university of Qom, Qom, Iran R.baradaran@stu.qom.ac.ir Mahdieh HajiMohammadHosseini,
More informationNetwork Security. Thierry Sans
Network Security Thierry Sans HTTP SMTP DNS BGP The Protocol Stack Application TCP UDP Transport IPv4 IPv6 ICMP Network ARP Link Ethernet WiFi The attacker is capable of confidentiality integrity availability
More informationMining Audit Data for Intrusion Detection Systems Using Support Vector Machines and Neural Networks
Journal on Information Sciences and Computing, Vol.1, No.1, December 2007 Mining Audit Data for Intrusion Detection Systems Using Support Vector Machines and Neural Networks 47 Ramamoorthy Subbureddiar,
More informationn Understand EC-Council s scanning methodology n Describe scan types and the objectives of scanning
Outline n Understand EC-Council s scanning methodology n Describe scan types and the objectives of scanning n Understand the use of various scanning and enumeration tools Chapter #3: n Describe TCP communication
More informationNetwork Security: Firewall, VPN, IDS/IPS, SIEM
Security: Firewall, VPN, IDS/IPS, SIEM Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr What is a Firewall? A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
More informationch02 True/False Indicate whether the statement is true or false.
ch02 True/False Indicate whether the statement is true or false. 1. No matter what medium connects computers on a network copper wires, fiber-optic cables, or a wireless setup the same protocol must be
More informationChair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8
Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Security Chapter 8 System Vulnerabilities and Denial of Service Attacks System Vulnerabilities and
More informationTCP = Transmission Control Protocol Connection-oriented protocol Provides a reliable unicast end-to-end byte stream over an unreliable internetwork.
Overview Formats, Data Transfer, etc. Connection Management (modified by Malathi Veeraraghavan) 1 Overview TCP = Transmission Control Protocol Connection-oriented protocol Provides a reliable unicast end-to-end
More informationCCNA R&S: Introduction to Networks. Chapter 7: The Transport Layer
CCNA R&S: Introduction to Networks Chapter 7: The Transport Layer Frank Schneemann 7.0.1.1 Introduction 7.0.1.2 Class Activity - We Need to Talk Game 7.1.1.1 Role of the Transport Layer The primary responsibilities
More informationECE4110 Internetwork Programming. Introduction and Overview
ECE4110 Internetwork Programming Introduction and Overview 1 EXAMPLE GENERAL NETWORK ALGORITHM Listen to wire Are signals detected Detect a preamble Yes Read Destination Address No data carrying or noise?
More informationHistory Page. Barracuda NextGen Firewall F
The Firewall > History page is very useful for troubleshooting. It provides information for all traffic that has passed through the Barracuda NG Firewall. It also provides messages that state why traffic
More informationPreview from Notesale.co.uk Page 3 of 36
2150002 - CYBER SECURITY 130020107024 Debian GNU/Linux: This distribution is one of the oldest and recognized favorites among advanced technical groups. It is relatively difficult to install due to the
More informationIntroduction to Network. Topics
Introduction to Network Security Chapter 7 Transport Layer Protocols 1 TCP Layer Topics Responsible for reliable end-to-end transfer of application data. TCP vulnerabilities UDP UDP vulnerabilities DNS
More informationIntrusion Detection - Snort
Intrusion Detection - Snort Network Security Workshop 3-5 October 2017 Port Moresby, Papua New Guinea 1 Sometimes, Defenses Fail Our defenses aren t perfect Patches aren t applied promptly enough AV signatures
More informationStorage Efficient Capturing of Port Scanning Attack Traffic
Storage Efficient Capturing of Port Scanning Attack Traffic Rajni Ranjan Singh Department of Computer Science and Engineering Maulana Azad National Institute of Technology, Bhopal, M.P., India Orcid Id:
More informationInternetwork Expert s CCNA Security Bootcamp. Common Security Threats
Internetwork Expert s CCNA Security Bootcamp Common Security Threats http:// Today s s Network Security Challenge The goal of the network is to provide high availability and easy access to data to meet
More informationA Software Tool for Network Intrusion Detection
A Software Tool for Network Intrusion Detection 4th Biennial Conference Presented by: Christiaan van der Walt Date:October 2012 Presentation Outline Need for intrusion detection systems Overview of attacks
More informationCSCI 680: Computer & Network Security
CSCI 680: Computer & Network Security Lecture 15 Prof. Adwait Nadkarni Fall 2017 Derived from slides by William Enck and Micah Sherr 1 Grading Class Participat ion and Quizzes 10% Grade Breakdown Homewo
More informationNetwork Security: Scan
Network Security: Scan Seungwon Shin, KAIST some slides from Dr. Brett Tjaden More about Scan Scan Techniques Network scanning where is a target? which service is available on a target? can I have more
More informationDetecting Denial of Service Intrusion Detection Aamir Islam Dept. of Computer Science, University of Central Punjab, Lahore, Pakistan.
Detecting Denial of Service Intrusion Detection Aamir Islam Dept. of Computer Science, University of Central Punjab, Lahore, Pakistan. aamir.islam@pcit.ucp.edu.pk Abstract Denial of Service (DoS) attack
More informationTable of Contents 1 IP Addressing Configuration IP Performance Configuration 2-1
Table of Contents 1 IP Addressing Configuration 1-1 IP Addressing Overview 1-1 IP Address Classes 1-1 Special Case IP Addresses 1-2 Subnetting and Masking 1-2 Configuring IP Addresses 1-3 Displaying IP
More informationTCP : Fundamentals of Computer Networks Bill Nace
TCP 14-740: Fundamentals of Computer Networks Bill Nace Material from Computer Networking: A Top Down Approach, 6 th edition. J.F. Kurose and K.W. Ross Administrivia Lab #1 due now! Reminder: Paper Review
More informationLecture 33. Firewalls. Firewall Locations in the Network. Castle and Moat Analogy. Firewall Types. Firewall: Illustration. Security April 15, 2005
Firewalls Lecture 33 Security April 15, 2005 Idea: separate local network from the Internet Trusted hosts and networks Intranet Firewall DMZ Router Demilitarized Zone: publicly accessible servers and networks
More informationTCP IP Header Attack Vectors and Countermeasures
American Journal of Science, Engineering and Technology 2017; 2(1): 39-49 http://www.sciencepublishinggroup.com/j/ajset doi: 10.11648/j.ajset.20170201.17 TCP IP Header Attack Vectors and Countermeasures
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 19: Intrusion Detection Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Intruders Intrusion detection host-based network-based
More informationLast lecture we talked about how Intrusion Detection works. Today we will talk about the attacks. Intrusion Detection. Shell code
4/25/2006 Lecture Notes: DOS Beili Wang Last lecture we talked about how Intrusion Detection works. Today we will talk about the attacks. Intrusion Detection Aps Monitor OS Internet Shell code Model In
More informationOn Assessing the Impact of Ports Scanning on the Target Infrastructure
2018 On Assessing the Impact of Ports Scanning on the Target Infrastructure Dr Mahdi Aiash 4/24/2018 1. Introduction A port scan is a method for determining which ports on a network are open. As ports
More informationDeveloping the Sensor Capability in Cyber Security
Developing the Sensor Capability in Cyber Security Tero Kokkonen, Ph.D. +358504385317 tero.kokkonen@jamk.fi JYVSECTEC JYVSECTEC - Jyväskylä Security Technology - is the cyber security research, development
More informationDefending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial
Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial Paper by Rocky K C Chang, The Hong Kong Polytechnic University Published in the October 2002 issue of IEEE Communications
More informationI TCP 1/2. Internet TA: Connection-oriented (virtual circuit) Connectionless (datagram) (flow control) (congestion control) TCP Connection-oriented
I TCP 1/2 TA: Connection-oriented (virtual circuit) Connectionless (datagram) (flow control) (congestion control) Internet TCP Connection-oriented UDP Connectionless IP + TCP (connection-oriented) (byte
More informationIntroduction to TCP/IP networking
Introduction to TCP/IP networking TCP/IP protocol family IP : Internet Protocol UDP : User Datagram Protocol RTP, traceroute TCP : Transmission Control Protocol HTTP, FTP, ssh What is an internet? A set
More informationSecBlade Firewall Cards Attack Protection Configuration Example
SecBlade Firewall Cards Attack Protection Configuration Example Keywords: Attack protection, scanning, blacklist Abstract: This document describes the attack protection functions of the SecBlade firewall
More informationSE 4C03 Winter 2005 Network Firewalls
SE 4C03 Winter 2005 Network Firewalls Mohammed Bashir Khan - 0150805 Last revised 2005-04-04 1.0 Introduction Firewalls are literally walls which are embedded in the external and internal network interface
More informationHybrid Feature Selection for Modeling Intrusion Detection Systems
Hybrid Feature Selection for Modeling Intrusion Detection Systems Srilatha Chebrolu, Ajith Abraham and Johnson P Thomas Department of Computer Science, Oklahoma State University, USA ajith.abraham@ieee.org,
More informationExamTorrent. Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you
ExamTorrent http://www.examtorrent.com Best exam torrent, excellent test torrent, valid exam dumps are here waiting for you Exam : 400-251 Title : CCIE Security Written Exam (v5.0) Vendor : Cisco Version
More informationFirewalls, Tunnels, and Network Intrusion Detection
Firewalls, Tunnels, and Network Intrusion Detection 1 Intrusion Detection Systems Intrusion Actions aimed at compromising the security of the target (confidentiality, integrity, availability of computing/networking
More informationHP Switch Series
HP 10500 Switch Series ACL and QoS Configuration Guide Part number: 5998-5230 Software version: Release 2111P01 and later Document version: 6W101-20140331 Legal and notice information Copyright 2014 Hewlett-Packard
More informationinside: THE MAGAZINE OF USENIX & SAGE April 2002 Volume 27 Number 2 SECURITY A Remote Active OS Fingerprinting Tool Using ICMP BY OFIR ARKIN
THE MAGAZINE OF USENIX & SAGE April 2002 Volume 27 Number 2 inside: SECURITY A Remote Active OS Fingerprinting Tool Using ICMP BY OFIR ARKIN & The Advanced Computing Systems Association & The System Administrators
More informationQUIZ: Longest Matching Prefix
QUIZ: Longest Matching Prefix A router has the following routing table: 10.50.42.0 /24 Send out on interface Z 10.50.20.0 /24 Send out on interface A 10.50.24.0 /22 Send out on interface B 10.50.20.0 /22
More informationNetworking interview questions
Networking interview questions What is LAN? LAN is a computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected
More informationOverview Intrusion Detection Systems and Practices
Overview Intrusion Detection Systems and Practices Chapter 13 Lecturer: Pei-yih Ting Intrusion Detection Concepts Dealing with Intruders Detecting Intruders Principles of Intrusions and IDS The IDS Taxonomy
More informationAn active intrusion-confronting system using fake session and honeypot
An active intrusion-confronting system using fake session and honeypot Myung-Sub Lee, Chang-Hyeon Park Department of Computer Engineering Yeungnam University, #214-1, Dae-dong, Kyungsan, Kyungbuk, 712-749,
More informationNetworking Technologies and Applications
Networking Technologies and Applications Rolland Vida BME TMIT Transport Protocols UDP User Datagram Protocol TCP Transport Control Protocol and many others UDP One of the core transport protocols Used
More informationPayment Card Industry (PCI) Executive Report 11/07/2017
Payment Card Industry (PCI) Executive Report 11/07/2017 ASV Scan Report Attestation of Scan Compliance A1. Scan Customer Information A2. Approved Scanning Vendor Information Company: Allied Collection
More informationNETWORK SECURITY. Ch. 3: Network Attacks
NETWORK SECURITY Ch. 3: Network Attacks Contents 3.1 Network Vulnerabilities 3.1.1 Media-Based 3.1.2 Network Device 3.2 Categories of Attacks 3.3 Methods of Network Attacks 03 NETWORK ATTACKS 2 3.1 Network
More informationPort Scanning A Brief Introduction
Port Scanning A Brief Introduction Sven Helmer April 4, 2018 Contents 1 Background 2 1.1 Ports.................................... 2 1.2 Port Scanning............................... 2 1.3 Port Scanning
More informationSYN Flood Attack Protection Technology White Paper
Flood Attack Protection Technology White Paper Flood Attack Protection Technology White Paper Keywords: flood, Cookie, Safe Reset Abstract: This document describes the technologies and measures provided
More informationSimulation of TCP Layer
39 Simulation of TCP Layer Preeti Grover, M.Tech, Computer Science, Uttrakhand Technical University, Dehradun ABSTRACT The Transmission Control Protocol (TCP) represents the most deployed transport protocol
More informationANALYSIS INTRUSION PREVENTION SYSTEM (IPS) ON COMPUTER NETWORKING
Proceeding Forum in Research, Science, and Technology (FIRST) 2016 F27 ANALYSIS INTRUSION PREVENTION SYSTEM (IPS) ON COMPUTER NETWORKING Tamsir Ariyadi 1), Aan Restu Mukti 2) 1,2) Faculty of Computer Science,
More informationHP FlexFabric 5930 Switch Series
HP FlexFabric 5930 Switch Series ACL and QoS Configuration Guide Part number: 5998-7761a Software version: Release 241x Document version: 6W102-20151210 Legal and notice information Copyright 2015 Hewlett-Packard
More informationTCP/IP Transport Layer Protocols, TCP and UDP
TCP/IP Transport Layer Protocols, TCP and UDP Learning Objectives Identify TCP header fields and operation using a Wireshark FTP session capture. Identify UDP header fields and operation using a Wireshark
More informationOSI Transport Layer. objectives
LECTURE 5 OSI Transport Layer objectives 1. Roles of the Transport Layer 1. segmentation of data 2. error detection 3. Multiplexing of upper layer application using port numbers 2. The TCP protocol Communicating
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More informationHow to Create an IP Access List to Filter IP Options TCP Flags Noncontiguous Ports or TTL Values,
Creating an IP Access List to Filter IP Options TCP Flags Noncontiguous Ports or TTL Values This module describes how to use an IP access list to filter IP packets that contain certain IP Options, TCP
More information