Method for security monitoring and special filtering traffic mode in info communication systems
|
|
- Candace Nicholson
- 6 years ago
- Views:
Transcription
1 Method for security monitoring and special filtering traffic mode in info communication systems Sherzod Rajaboyevich Gulomov Provide Information Security department Tashkent University of Information Technologies Tashkent, Uzbekistan Nasrullayev Nurbek Bakhtiyorovich Provide Information Security department Tashkent University of Information Technologies Tashkent, Uzbekistan Abstract- This article is presented a method assessment of security intrusion detection system, allows operatively regulate the threshold formation an alarm and provides a quantitative and qualitative assessment of security of the network. Mathematical model of a special filtering traffic mode, allow to neutralize and prevent possible threats and attacks on computer networks is designed. Keywords intrusion detection systems, fuzzy logic, deterministic finite automaton, filtering traffic. I. INTRODUCTION Most intrusion detection system (IDS) ways relies on a system of analysis and audit of network data. Network traffic can be recorded using the utilities «packet capture», and operating system activity can be recorded on the system call level. basic premise is that, when the audit mechanisms included various evidences lawful activities and intrusions will occur in the data audit. refore, instead of the static analysis of source code software system, intrusion detection is used in more practical way analysis of audit records during the execution of the activities and networking systems and users. I. METHOD FOR SECURITY ASSESSMENT OF INTRUSION DETECTION SYSTEM BASED ON FUZZY LOGIC Collectors perform data collection function generators messages. Monitoring and management of information security events MMISE includes two control module (manager). first - the manager of risk management - is designed to generate alarms based on the prioritization of risks in real time. Second - records management manager - should keep medium and long term with a view to recording and reporting of individual requests [1]. Proposed below the method evaluation of secure IDS is part of a first module is designed as security in real time. se modules and their databases, as well as the security control center console is located in one of the Local area network (LAN) IDS, where and implemented centralized monitoring of the entire IDS. In accordance with the approach to the analysis of correlations, based on risk analysis, it is necessary to consider three components, based on the assessment which the formation of the alarm and/or a reduced level of protection. se components are: type of attacks; criticality of the assets LAN; the trust level to tells the device. In this case, under the attack level is a linguistic assessment of the extent provided in terms of fuzzy logic "low - medium - high" severity of attack. It is expected that such an assessment is given of the IDS, which is an integral part of the protection of the IDS. Criticality LAN assets is a result of the evaluation of the resources that are processed in each LAN, through the classification of resources and assign them to the different levels of importance. level of trust tells the user is determined in order to increase the reliability of detection of attacks. latter can evaluate the totality of messages associated with a particular event of the information security and make the right management decisions, for example, to send to the firewall command, which will block the attack the attacker. Any incorrect identification of incident information security will lead to undesirable consequences for the LAN: in one case, the LAN will be recognized as unreliable and in another - as unreliable. Reputation used devices to reduce these errors. If the specified IP-address was previously seen during the attack in data communication system (DCS), it is most likely owned by either the attacker or infected with malicious software, and as a result, his reputation is bad. If the IP-address of wrongdoing was not seen, it does not affect its reputation. Firewall, through which various organizations LAN connected to the IDS and switches are the main sources that provide information about network activity in the IDS that is reported on LAN devices. refore, each LAN has its own firewall and switch [2]. peculiarity of this segment of the network is that each LAN has its own means of information protection. Based on this, it is possible to judge the various levels of /16/$ IEEE
2 protection information in each LAN. In this connection, it is proposed to use an additional parameter for event correlation based on the risksthe level of protection of the LAN. need for this parameter is to reduce the number of alarms. In other words, if you know that the LAN has a high level of protection, it should not be given attention to incident information security in real time. Described above options of information security are presented in terms of fuzzy logic, they characterize each individual LAN to form a tuple sets: Settings information security of: where LAN = (1) the level of attacks; critical LAN assets; the level of protection for the LAN; the trust level to tells the device. It is possible to create a matrix of fuzzy rules, which to a certain set of parameters will be presented to the final value, indicating the importance of information security incident LAN, as shown in table 1. level of attac ks TABLE I. THE MATRIX OF FUZZY RULES Critical LAN assets level of protecti on for the LAN trust level to tells the device importan ce of incident informati on security LAN 1. Н Н В В Н 2. Н Н В С Н 3. Н Н С В Н 4. Н В В С С 5. Н В С В С 6. С Н В В Н 7. С Н В С С n. В В Н Н В However, this table is very large and, if necessary, make changes to the totals need to rewrite the table 1, which is a lengthy procedure. II. EVALUATION OF THE IMPORTANCE OF INCIDENT INFORMATION SECURITY IN E-GOVERNMENT To better address this problem, including the rapid changes in the level of the importance of incident information security LAN, you can use the formula (1), which takes into account all the parameters described above [3]. importance of incident information security a single LAN is defined as:, (2) where normalizing factor that allows to present the result in the range [0; 1]. To apply the formula (1) is necessary to make transformation of fuzzy variables, after which each corresponds fuzzy variable positive integer in the range [1; 5]. Conversion is shown in table 2-5. TABLE II. TRANSFORMATION FUZZY VARIABLE "THE LEVEL OF ATTACKS" IN THE NUMERICAL VALUES numerical value Very low 1 Low 2 High 4 Very high 5 Low levels of protection and low reputation will match the number increases, and vice versa [4]. most critical incident information security can have a maximum numeric value of 1 and the most insignificant TABLE III. TRANSFORMATION FUZZY VARIABLE "THE LEVEL OF PROTECTION FOR THE LAN" IN THE NUMERICAL VALUES numerical value Very low 5 Low 4 High 2 Very high 1 TABLE IV. TRANSFORMATION FUZZY VARIABLE "CRITICAL LAN ASSETS" IN THE NUMERICAL VALUES numerical value Very low 1 Low 2 High 4 Very high 5 TABLE V. TRANSFORMATION FUZZY VARIABLE "THE TRUST LEVEL TO TELLS THE DEVICE" IN THE NUMERICAL VALUES numerical value Very low 5 Low 4 High 2 Very high 1 Thus, knowing the numerical values of the four parameters of the information security LAN, it is possible to get a numerical assessment of the importance of incident information security LAN, representing in the range from 0 to 1. III. EVALUATION THE LEVEL SECURITY OF THE IDS Knowing the importance of incidents information security for each LAN, it is possible to get a numerical (quantitative) assessment of the level security of the IDS as a whole according to the formula: where ( ) (3) number of LAN in the IDS; the importance of incident information security of th LAN. Substituting value of formula (2), it is obtained the final formula, allow obtain a quantitative evaluation of the security DCS:
3 where ( ) (4) number of LAN in the IDS; the normalization factor, allowing to present the result in the range [0;1]; level of attacks on the th LAN, equal to th numerical value; critical assets in the th LAN, which is equal to the th integer numeric value; protection level th LAN, equal to th numerical value; the trust level to tells the device of LAN, equal to th integer numeric value. Based on the values quantitative evaluation security of the IDS can be obtained values of qualitative evaluation security of the IDS in the Fig.1. above method can be represented by the scheme illustrated in Fig.2. Providing output values information security parameters in terms of fuzzy logic Setting the threshold level for the security of Р DCS Conversion of fuzzy variables into numeric value l m Calculating the correction factor k m calculation of the level security of the DCS Р DCS n K m At ij As ij P LANij T ij Comparison of results Р DCS with the threshold value Р DCS 1. Formation of the alarm on console management. 2. An indication of the degree of signal importance Fig.2. scheme obtaining of the level evaluation security of the IDS Fig.1. dependence of the values of the qualitative evaluation security of the DCS from values quantitative evaluation security of the DCS To generate an alarm is predetermined threshold value of the IDS, the achievement of which will result in the formation of the signal. As an example, consider the following scenario. IDS has 4 LAN. IDS detects the attack on the two firewall, connected to different LAN. For one firewall: the attack has a level of "high - 4"; critical LAN assets "average - 3"; the level of protection - "low - 4"; the trust level to tells the device "very high - 1". For two firewall: attack has a level of "medium - 3"; "low - 2" critical asset; the level of protection "high - 2"; the trust level of firewall "high - 2". Threshold of DCS equal to 0.8. On other network devices detected attacks was not, therefore, the importance of incident information security to them is 0. MMISE correlates events information security from the formula (4) and obtains a quantitative evaluation security of the IDS. IV. MODELS THREAT ASSESSMENT IN A SPECIAL TRAFFIC FILTERING MODE proposed model of network protection device operation should not affect the structure of the network processes. Identify the process of passing through the firewall is possible under reasonable traffic characteristics unrelated to the filtration process. In other words, the measurement will be accessible to the characteristics of the aircraft which are not prohibited filtering rules or monitoring mechanism of streaming sessions firewall. Firewall in a special traffic filtering mode allows realize packet filtering protocols more to higher levels (ARP, RARP, IP, IPX and state table application protocols). scheme of operation firewall in a special traffic filtering mode is illustrated in fig.3. Let the packet flows are input firewall, distributed exponentially. From this it may say that if the input stream in a real system is different from the simple, then the firewall will be functioning characteristics [5]. Firewall in a special traffic filtering mode includes a reception path which processes the incoming packet stream to them. Packets come with intensity, where the buffer is written to the special regime of traffic filtering. Contact stream of packets in each transmission path is equally probable. As packets arrive at a special traffic filtering mode are regardless. And so, below is presented the final formula for the desired characteristics.
4 Physical level Filtering is not available Data link level Network level Transport level Control switches Static and dynamic packet filtering State inspection Proxy of session level Session level Presentation level Filtering is not available Application level Proxy server Special traffic filtering mode Table of filtering MAC ARP IP IPX Applied protocols Fig.3. scheme of operation firewall in a special traffic filtering mode Table of session average length of the queue of packets can be designed for the system M/M/1: (5) Probability of loss packets is Р No connection A 0 Initiates a connection A 1 At the entrance is not a stream of packets queuing system is processed packet Transition scheme For special filtering mode traffic it does not matter which side initiated the connection. Transition scheme between states of the TCPconnection to the special traffic filtering mode is shown in fig.4. Thus, there is a graph transition between state special traffic filtering mode. To detect threats in a special traffic filtering mode offered the model based on finite automata. Let it be, input alphabet, and alphabet outputs, the final A machine called an ordered five sets of, where set of initial states. In this case we consider an initial deterministic finite automaton, which, having a fixed structure and the following function outputs. letter of the alphabet input is a set of all actions of the test suite required for the implementation of a model. connection is established A 2 connection is established A 3 queuing system is processed packet 1, while in standby buffer is packet 1 Queuing system is processed in the packet, in the line is found L packets connection is terminated A 5 Established A 4 Connection closed A 7 Fig.4. Transitions scheme between TCP-connection for a special traffic filtering mode Reset the connecti on A 6
5 letter of the alphabet of enters is a set of reactions of a special traffic filtering mode, determining its action on the test packet. letter of the alphabet of states will represent model rules, forming the response of the system to the test. Alphabetical operator is defined by the rules of the system applying the algorithm. Thus, a special traffic filtering mode is reduced to the operation of the linear digital machine (LDM). Operation LDM is described using alignment system: (6) (7) where input vector, output vector, is the vector of the state machine (see Fig.5). u t Fig.5. operation of the LDM Here LDM matrix: s t y t (8) If four of the matrix were given, dimensions of which are defined in formula (8), then there is always the LDM matrix with inputs, outputs and delays and characteristic LDM matrix will coincide with the set (see Fig.6). as well as the equation (9), the output action of the special traffic filtering is a matrix. At the same time, in this matrix are interested in the main diagonal [6]. Namely it carries the output response of special traffic filtering mode to input action. If considering the fact that the vector and are binary, the matrix is also binary. presence of the unit at position in that matrix indicates that special traffic filtering mode cannot to counter the threat of code. For example, suppose the input mode with a special traffic filtering mode is served vector (8x1): which is situated information about seven different types of threats. At the same time the input mode with a special traffic filtering mode is served threat with code 4,5,7 and 8. matrix, should have the dimension (1x8), the content of this vector defines arbitrarily: In this case is determined special traffic filtering as device that does not counter to threat with codes 5,6 and 8. From formula (10) will get the output action: l LDM m n Fig.6. characteristic of LDM matrix In LDM input modeling with a special traffic filtering mode is served threats vector and its length determines the number of inputs LDM parameter. Each threat is assigned a unique code from to. As the input vector is convenient to use a binary column vector [8,10]. Unit in the vector is set in the position, if the input with a special traffic filtering mode is served threat code to. Assume that a special traffic filtering mode devices without delay, that is. n, equations (6) and (7) is converted into a single equation: (9) From equation (9) it is clear that the functioning of LDM, determined according to the equation completely characterizes the matrix and that it should be laid down about the special traffic filtering settings (threats, which counteracts the firewall). Considering the dimension of the vector, matrix is a row vector length l. Furthermore, the vector is a binary string. Zero in this vector exhibited at position, if special traffic filtering mechanism to counter the threat of traffic is defined with the code. Given the dimension of the vectors and, As can be seen, on the main diagonal of the matrix the unit is situated only at the position [5,5] and [8,8], which indicates the inability of the special traffic filtering, given the matrix (5,8) and counter to threat with the code 5 and Conclusions Proposed method for evaluating security of the IDS allows trippingly adjust threshold of the shaping warning signal. At the same time the management console is referred to as a quantitative and qualitative evaluating security of the IDS. Designed a mathematical model of a special filtering traffic mode for protection of network resources, allows for neutralizing and preventing possible threats, attacks and action of external destructive influences in computer networks. References: [1] Barbara D., et al. Detecting Novel Network Intrusions Using Bayes Estimators. /In: Proceedings of the First SIAM Conference on Data Mining, Chicago, April [2] Lazarevic A., et al. A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. /In: Proceedings of the Third SIAM International Conference on Data Mining. - San Francisco. May, [3] Hanaa M. S., et al. Neural networks approach for monitoring and securing the E-Government informational systems // European Journal of Computer Science and Information Technology. - December, Vol.2, 4. - P
6 [4] Lazarevic A., et al. A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection. /In: Proceedings of the Third SIAM International Conference on Data Mining. - San Francisco. May, [5] Sherzod Gulomov, Abduaziz Abdurakhmanov and Nurbek Nasrullaev. «Design Method and Monitoring Special Traffic Filtering under Developing «Electronic Government» International Journal of Emerging Technology & Advanced Engineering (ISSN , ISO 9001:2008 Certified Journal), Volume 5, Issue 1, January 2015, India. [6] Karimov M.M., Gulomov Sh.R., Yusupov B.K. «Approach development accelerate of process special traffic filtering». Journal of Computer and Communications, Vol.3 No.9, September 2015, PP , USA.
The Experiment about Providing the Security of the Network with the base of the Special Filtering of the Traffic
ISSN: 350-038 The Experiment about Providing the of the Network with the base of the Filtering of the Traffic Gulomov Sherzod Rajaboevich, Akhmedov Kodirjon Sokhibjon ugli Senior lecturer, Department of
More informationInternet Security: Firewall
Internet Security: Firewall What is a Firewall firewall = wall to protect against fire propagation More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationChapter 9. Firewalls
Chapter 9 Firewalls The Need For Firewalls Internet connectivity is essential Effective means of protecting LANs Inserted between the premises network and the Internet to establish a controlled link however
More informationCOMPUTER NETWORK SECURITY
COMPUTER NETWORK SECURITY Prof. Dr. Hasan Hüseyin BALIK (9 th Week) 9. Firewalls and Intrusion Prevention Systems 9.Outline The Need for Firewalls Firewall Characterictics and Access Policy Type of Firewalls
More informationIPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions
IPS Effectiveness IPS with isensor sees, identifies and blocks more malicious traffic than other IPS solutions An Intrusion Prevention System (IPS) is a critical layer of defense that helps you protect
More informationComparison of pre-backoff and post-backoff procedures for IEEE distributed coordination function
Comparison of pre-backoff and post-backoff procedures for IEEE 802.11 distributed coordination function Ping Zhong, Xuemin Hong, Xiaofang Wu, Jianghong Shi a), and Huihuang Chen School of Information Science
More informationOverview of TCP/IP Overview of TCP/IP protocol: TCP/IP architectural models TCP protocol layers.
Overview of TCP/IP 3 Overview of TCP/IP protocol: TCP/IP architectural models TCP protocol layers. 4 2 5 6 3 7 8 4 9 10 5 11 12 6 13 14 7 15 16 8 17 18 9 19 20 10 21 Why TCP/IP? Packet based Provides decentralized
More informationTrust Services for Electronic Transactions
Trust Services for Electronic Transactions ROUMEN TRIFONOV Faculty of Computer Systems and Control Technical University of Sofia 8 st. Kliment Ohridski bul., 1000 Sofia BULGARIA r_trifonov@tu-sofia.bg
More informationInternet Traffic Classification using Machine Learning
Internet Traffic Classification using Machine Learning by Alina Lapina 2018, UiO, INF5050 Alina Lapina, Master student at IFI, Full stack developer at Ciber Experis 2 Based on Thuy T. T. Nguyen, Grenville
More informationFormalization of Objectives of Grid Systems Resources Protection against Unauthorized Access
Nonlinear Phenomena in Complex Systems, vol. 17, no. 3 (2014), pp. 272-277 Formalization of Objectives of Grid Systems Resources Protection against Unauthorized Access M. O. Kalinin and A. S. Konoplev
More informationUniversity ICT Security Certification. Francesco Ciclosi, University of Camerino
University ICT Security Certification Francesco Ciclosi, University of Camerino 1 Is secure an organization complies with the standard ISO/IEC 27001? TRUE FALSE Is the standard ISO/IEC 27001 a metric of
More informationWhite Paper. Why IDS Can t Adequately Protect Your IoT Devices
White Paper Why IDS Can t Adequately Protect Your IoT Devices Introduction As a key component in information technology security, Intrusion Detection Systems (IDS) monitor networks for suspicious activity
More informationIBM Security QRadar Version Architecture and Deployment Guide IBM
IBM Security QRadar Version 7.3.1 Architecture and Deployment Guide IBM Note Before you use this information and the product that it supports, read the information in Notices on page 41. Product information
More informationLecture 12. Application Layer. Application Layer 1
Lecture 12 Application Layer Application Layer 1 Agenda The Application Layer (continue) Web and HTTP HTTP Cookies Web Caches Simple Introduction to Network Security Various actions by network attackers
More informationNetwork Defenses 21 JANUARY KAMI VANIEA 1
Network Defenses KAMI VANIEA 21 JANUARY KAMI VANIEA 1 First, the news The Great Cannon of China https://citizenlab.org/2015/04/chinas-great-cannon/ KAMI VANIEA 2 Today Open System Interconnect (OSI) model
More informationOverview of Akamai s Personal Data Processing Activities and Role
Overview of Akamai s Personal Data Processing Activities and Role Last Updated: April 2018 This document is maintained by the Akamai Global Data Protection Office 1 Introduction Akamai is a global leader
More informationW is a Firewall. Internet Security: Firewall. W a Firewall can Do. firewall = wall to protect against fire propagation
W is a Firewall firewall = wall to protect against fire propagation Internet Security: Firewall More like a moat around a medieval castle restricts entry to carefully controlled points restricts exits
More informationAdaptive Data Burst Assembly in OBS Networks
Adaptive Data Burst Assembly in OBS Networks Mohamed A.Dawood 1, Mohamed Mahmoud 1, Moustafa H.Aly 1,2 1 Arab Academy for Science, Technology and Maritime Transport, Alexandria, Egypt 2 OSA Member muhamed.dawood@aast.edu,
More informationIC32E - Pre-Instructional Survey
Name: Date: 1. What is the primary function of a firewall? a. Block all internet traffic b. Detect network intrusions c. Filter network traffic d. Authenticate users 2. A system that monitors traffic into
More informationHow to implement NIST Cybersecurity Framework using ISO WHITE PAPER. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
How to implement NIST Cybersecurity Framework using ISO 27001 WHITE PAPER Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved. Copyright 2017 Advisera Expert Solutions Ltd. All rights reserved.
More informationACS-3921/ Computer Security And Privacy. Chapter 9 Firewalls and Intrusion Prevention Systems
ACS-3921/4921-001 Computer Security And Privacy Chapter 9 Firewalls and Intrusion Prevention Systems ACS-3921/4921-001 Slides Used In The Course A note on the use of these slides: These slides has been
More informationOSI Model. Teran Subasinghe MBCS, Bsc.(Hons) in Computer Science - University of Greenwich, UK
OSI Model Teran Subasinghe MBCS, Bsc.(Hons) in Computer Science - University of Greenwich, UK What is OSI Model? Open Systems Interconnection Reference Model Developed in 1984 by the International Standards
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationFirewalls can be categorized by processing mode, development era, or structure.
Firewalls A firewall in an information security program is similar to a building s firewall in that it prevents specific types of information from moving between the outside world, known as the untrusted
More informationHow AlienVault ICS SIEM Supports Compliance with CFATS
How AlienVault ICS SIEM Supports Compliance with CFATS (Chemical Facility Anti-Terrorism Standards) The U.S. Department of Homeland Security has released an interim rule that imposes comprehensive federal
More informationCSC Network Security
CSC 474 -- Security Topic 9. Firewalls CSC 474 Dr. Peng Ning 1 Outline Overview of Firewalls Filtering Firewalls Proxy Servers CSC 474 Dr. Peng Ning 2 Overview of Firewalls CSC 474 Dr. Peng Ning 3 1 Internet
More informationModelling Cyber Security Risk Across the Organization Hierarchy
Modelling Cyber Security Risk Across the Organization Hierarchy Security issues have different causes and effects at different layers within the organization one size most definitely does not fit all.
More informationDetecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0
Detecting Network Reconnaissance with the Cisco Cyber Threat Defense Solution 1.0 April 9, 2012 Introduction One of the earliest indicators of an impending network attack is the presence of network reconnaissance.
More informationGraph Theory for Modelling a Survey Questionnaire Pierpaolo Massoli, ISTAT via Adolfo Ravà 150, Roma, Italy
Graph Theory for Modelling a Survey Questionnaire Pierpaolo Massoli, ISTAT via Adolfo Ravà 150, 00142 Roma, Italy e-mail: pimassol@istat.it 1. Introduction Questions can be usually asked following specific
More informationIntroduction to Open System Interconnection Reference Model
Chapter 5 Introduction to OSI Reference Model 1 Chapter 5 Introduction to Open System Interconnection Reference Model Introduction The Open Systems Interconnection (OSI) model is a reference tool for understanding
More information20-CS Cyber Defense Overview Fall, Network Basics
20-CS-5155 6055 Cyber Defense Overview Fall, 2017 Network Basics Who Are The Attackers? Hackers: do it for fun or to alert a sysadmin Criminals: do it for monetary gain Malicious insiders: ignores perimeter
More informationGeneral Data Protection Regulation. May 25, 2018 DON T PANIC! PLAN!
General Data Protection Regulation May 25, 2018 DON T PANIC! PLAN! Protect the human behind the data record. On May 25, 2018 the General Data Protection Regulation (GDPR) is entering into force. It requires
More informationAdministration of Symantec Cyber Security Services (July 2015) Sample Exam
Administration of Symantec Cyber Security Services (July 2015) Sample Exam Contents SAMPLE QUESTIONS... 1 ANSWERS... 6 Sample Questions 1. Which DeepSight Intelligence Datafeed can be used to create a
More informationNetwork Security: Firewall, VPN, IDS/IPS, SIEM
Security: Firewall, VPN, IDS/IPS, SIEM Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr What is a Firewall? A firewall is hardware, software, or a combination of both that is used to prevent unauthorized
More informationPerformance of data mining algorithms in unauthorized intrusion detection systems in computer networks
RESEARCH ARTICLE Performance of data mining algorithms in unauthorized intrusion detection systems in computer networks Hadi Ghadimkhani, Ali Habiboghli*, Rouhollah Mostafaei Department of Computer Science
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationA Firewall Architecture to Enhance Performance of Enterprise Network
A Firewall Architecture to Enhance Performance of Enterprise Network Hailu Tegenaw HiLCoE, Computer Science Programme, Ethiopia Commercial Bank of Ethiopia, Ethiopia hailutegenaw@yahoo.com Mesfin Kifle
More informationImage Segmentation Based on. Modified Tsallis Entropy
Contemporary Engineering Sciences, Vol. 7, 2014, no. 11, 523-529 HIKARI Ltd, www.m-hikari.com http://dx.doi.org/10.12988/ces.2014.4439 Image Segmentation Based on Modified Tsallis Entropy V. Vaithiyanathan
More informationBasic Concepts in Intrusion Detection
Technology Technical Information Services Security Engineering Roma, L Università Roma Tor Vergata, 23 Aprile 2007 Basic Concepts in Intrusion Detection JOVAN GOLIĆ Outline 2 Introduction Classification
More informationSecBlade Firewall Cards Log Management and SecCenter Configuration Example
SecBlade Firewall Cards Log Management and SecCenter Configuration Example Keywords: Syslog Abstract: This document describes the log management function of SecBlade firewall cards, and presents configuration
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationCYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management
CYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management Instructor: Dr. Kun Sun Outline 1. Risk management 2. Standards on Evaluating Secure System 3. Security Analysis using Security Metrics
More informationSPIDeR. A Distributed Multi-Agent Intrusion Detection and Response Framework. Patrick Miller
SPIDeR A Distributed Multi-Agent Intrusion Detection and Response Framework Patrick Miller patrick@spider.doriathproject.com Overview Goals Utilize new and existing sensors collaboratively to generate
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationCyberP3i Course Module Series
CyberP3i Course Module Series Spring 2017 Designer: Dr. Lixin Wang, Associate Professor Firewall Configuration Firewall Configuration Learning Objectives 1. Be familiar with firewalls and types of firewalls
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationANALYSIS OF THE CORRELATION BETWEEN PACKET LOSS AND NETWORK DELAY AND THEIR IMPACT IN THE PERFORMANCE OF SURGICAL TRAINING APPLICATIONS
ANALYSIS OF THE CORRELATION BETWEEN PACKET LOSS AND NETWORK DELAY AND THEIR IMPACT IN THE PERFORMANCE OF SURGICAL TRAINING APPLICATIONS JUAN CARLOS ARAGON SUMMIT STANFORD UNIVERSITY TABLE OF CONTENTS 1.
More informationQuality of Service (QoS): Managing Bandwidth More Effectively
15 Quality of Service (QoS): Managing Bandwidth More Effectively Contents Introduction................................................. 15-2 Terminology............................................... 15-5
More informationCisco IOS Firewall Intrusion Detection System Commands
Cisco IOS Firewall Intrusion Detection System Commands This chapter describes the commands used to configure the integrated Intrusion Detection System (IDS) features in Cisco IOS Firewall. Intrusion detection
More informationAAD - ASSET AND ANOMALY DETECTION DATASHEET
21 October 2018 AAD - ASSET AND ANOMALY DETECTION DATASHEET Meaningful Insights with Zero System Impact Classification: [Protected] 2018 Check Point Software Technologies Ltd. All rights reserved. This
More informationDETECTING SYBIL ATTACK USING HYBRID FUZZY K-MEANS ALGORITHM IN WSN
DETECTING SYBIL ATTACK USING HYBRID FUZZY K-MEANS ALGORITHM IN WSN 1 Shipra Diwakar, 2 Dr. R. Kashyup 1 Research Scholar, 2 HOD ECE Rayat Bahara University Ropar, Punjab ABSTRACT Security in Wireless Sensor
More informationInformation Security Architecture Gap Assessment and Prioritization
FEATURE Information Security Architecture Gap Assessment and Prioritization Do you have something to say about this article? Visit the Journal pages of the ISACA website (www.isaca. org/journal), find
More informationFuzzy Intrusion Detection
Fuzzy Intrusion Detection John E. Dickerson, Jukka Juslin, Ourania Koukousoula, Julie A. Dickerson Electrical and Computer Engineering Department Iowa State University Ames, IA, USA {jedicker,juslin,koukouso,julied}@iastate.edu
More informationAnomaly Detection in Communication Networks
Anomaly Detection in Communication Networks Prof. D. J. Parish High Speed networks Group Department of Electronic and Electrical Engineering D.J.Parish@lboro.ac.uk Loughborough University Overview u u
More informationAn Approach for Enhanced Performance of Packet Transmission over Packet Switched Network
ISSN (e): 2250 3005 Volume, 06 Issue, 04 April 2016 International Journal of Computational Engineering Research (IJCER) An Approach for Enhanced Performance of Packet Transmission over Packet Switched
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More informationA Software System for automatic reaction to network anomalies and in Real Time Data Capturing necessary for investigation of digital Forensics
A Software System for automatic reaction to network anomalies and in Real Time Data Capturing necessary for investigation of digital Forensics Mladen Vukašinović Abstract Digital forensics has a technical
More informationCover sheet for Assignment 3
Faculty of Arts and Science University of Toronto CSC 358 - Introduction to Computer Networks, Winter 2018, LEC0101 Cover sheet for Assignment 3 Due Monday March 5, 10:00am. Complete this page and attach
More informationSoftware System For Automatic Reaction To Network Anomalies And In Real Time Data Capturing Necessary For Investigation Of Digital Forensics
Software System For Automatic Reaction To Network Anomalies And In Real Time Data Capturing Necessary For Investigation Of Digital Forensics Mladen Vukašinović Faculty of Information Technology Mediterranean
More informationA Study on Intrusion Detection Techniques in a TCP/IP Environment
A Study on Intrusion Detection Techniques in a TCP/IP Environment C. A. Voglis and S. A. Paschos Department of Computer Science University of Ioannina GREECE Abstract: The TCP/IP protocol suite is the
More informationDATA AND COMPUTER COMMUNICATIONS
DATA AND COMPUTER COMMUNICATIONS Ninth Edition William Stallings Boston Columbus Indianapolis New York San Francisco Upper Saddle River Amsterdam Cape Town Dubai London Madrid Milan Munich Paris Montreal
More informationImprove the QoS by Applying Differentiated Service over MPLS Network
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 4, Issue. 9, September 2015,
More informationUNIT 2 TRANSPORT LAYER
Network, Transport and Application UNIT 2 TRANSPORT LAYER Structure Page No. 2.0 Introduction 34 2.1 Objective 34 2.2 Addressing 35 2.3 Reliable delivery 35 2.4 Flow control 38 2.5 Connection Management
More informationReview on Data Mining Techniques for Intrusion Detection System
Review on Data Mining Techniques for Intrusion Detection System Sandeep D 1, M. S. Chaudhari 2 Research Scholar, Dept. of Computer Science, P.B.C.E, Nagpur, India 1 HoD, Dept. of Computer Science, P.B.C.E,
More informationFabrizio Patriarca. Come creare valore dalla GDPR
Fabrizio Patriarca Come creare valore dalla GDPR Disclaimer Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data
More informationTowards Intelligent Fuzzy Agents to Dynamically Control the Resources Allocations for a Network under Denial of Service Attacks
Towards Intelligent Fuzzy Agents to Dynamically Control the Resources Allocations for a Network under Denial of Service Attacks N S ABOUZAKHAR, A GANI, E SANCHEZ, G MANSON The Centre for Mobile Communications
More informationPort Facility Cyber Security
International Port Security Program Port Facility Cyber Security Cyber Security Assessment MAR'01 1 Lesson Topics ISPS Code Requirement The Assessment Process ISPS Code Requirements What is the purpose
More informationMonitoring the Device
The system includes dashboards and an Event Viewer that you can use to monitor the device and traffic that is passing through the device. Enable Logging to Obtain Traffic Statistics, page 1 Monitoring
More informationTotal Security Management PCI DSS Compliance Guide
Total Security Management PCI DSS Guide The Payment Card Industry Data Security Standard (PCI DSS) is a set of regulations to help protect the security of credit card holders. These regulations apply to
More informationImproving the Congestion Control over Stateless Wireless Ad Hoc Network Systems
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 2, Issue. 6, June 2013, pg.353
More informationResearch on adaptive network theft Trojan detection model Ting Wu
International Conference on Advances in Mechanical Engineering and Industrial Informatics (AMEII 215) Research on adaptive network theft Trojan detection model Ting Wu Guangdong Teachers College of Foreign
More informationMeans for Intrusion Detection. Intrusion Detection. INFO404 - Lecture 13. Content
Intrusion Detection INFO404 - Lecture 13 21.04.2009 nfoukia@infoscience.otago.ac.nz Content Definition Network vs. Host IDS Misuse vs. Behavior Based IDS Means for Intrusion Detection Definitions (1) Intrusion:
More informationIntrusion Detection Using Data Mining Technique (Classification)
Intrusion Detection Using Data Mining Technique (Classification) Dr.D.Aruna Kumari Phd 1 N.Tejeswani 2 G.Sravani 3 R.Phani Krishna 4 1 Associative professor, K L University,Guntur(dt), 2 B.Tech(1V/1V),ECM,
More informationThe Eight Components of a Strong Cyber Security Defense System
The Eight Components of a Strong Cyber Security Defense System SEG Secure Email Gateway An appliance that provides anti-spam and anti-malware protection. It is installed on top of a corporation s Email
More informationEducation Network Security
Education Network Security RECOMMENDATIONS CHECKLIST Learn INSTITUTE Education Network Security Recommendations Checklist This checklist is designed to assist in a quick review of your K-12 district or
More informationIntroduction to Protocols
Chapter 6 Introduction to Protocols 1 Chapter 6 Introduction to Protocols What is a Network Protocol? A protocol is a set of rules that governs the communications between computers on a network. These
More informationResearch on Quantitative and Semi-Quantitative Training Simulation of Network Countermeasure Jianjun Shen1,a, Nan Qu1,b, Kai Li1,c
2nd International Conference on Advances in Mechanical Engineering and Industrial Informatics (AMEII 2016) Research on Quantitative and Semi-Quantitative Training Simulation of Networ Countermeasure Jianjun
More informationOSSIM Fast Guide
----------------- OSSIM Fast Guide ----------------- February 8, 2004 Julio Casal http://www.ossim.net WHAT IS OSSIM? In three phrases: - VERIFICATION may be OSSIM s most valuable contribution
More informationCover sheet for Assignment 5
Faculty of Arts and Science University of Toronto CSC 358 - Introduction to Computer Networks, LEC0101 Cover sheet for Assignment 5 Due Monday April 2, 10:00am. Complete this page and attach it to the
More informationEFFECTIVE INTRUSION DETECTION AND REDUCING SECURITY RISKS IN VIRTUAL NETWORKS (EDSV)
Available Online at www.ijcsmc.com International Journal of Computer Science and Mobile Computing A Monthly Journal of Computer Science and Information Technology IJCSMC, Vol. 3, Issue. 8, August 2014,
More informationPDQRAP - Prioritized Distributed Queueing Random Access Protocol. DQRAP Research Group Report 93-2
PDQRAP - Prioritized Distributed Queueing Random Access Protocol Harn-Jier Lin Graham Campbell Computer Science Dept. Illinois Institute of Technology Chicago IL, 60616 DQRAP Research Group Report 93-2
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationAutomation the process of unifying the change in the firewall performance
Automation the process of unifying the change in the firewall performance 1 Kirandeep kaur, 1 Student - Department of Computer science and Engineering, Lovely professional university, Phagwara Abstract
More informationSolutions for Assignment 5
Faculty of Arts and Science University of Toronto CSC 358 - Introduction to Computer Networks Solutions for Assignment 5 Question 1 Suppose packets can get dropped or arbitrarily delayed inside a packet
More informationSpring 2010 CS419. Computer Security. Vinod Ganapathy Lecture 14. Chapters 6 and 9 Intrusion Detection and Prevention
Spring 2010 CS419 Computer Security Vinod Ganapathy Lecture 14 Chapters 6 and 9 Intrusion Detection and Prevention Firewalls and IPSes effective means of protecting LANs internet connectivity essential
More informationPROTECTING INFORMATION ASSETS NETWORK SECURITY
PROTECTING INFORMATION ASSETS NETWORK SECURITY PAUL SMITH 20 years of IT experience (desktop, servers, networks, firewalls.) 17 years of engineering in enterprise scaled networks 10+ years in Network Security
More informationSoftLayer Security and Compliance:
SoftLayer Security and Compliance: How security and compliance are implemented and managed Introduction Cloud computing generally gets a bad rap when security is discussed. However, most major cloud providers
More informationNetwork Defenses KAMI VANIEA 1
Network Defenses KAMI VANIEA 26 SEPTEMBER 2017 KAMI VANIEA 1 First the news http://arstech nica.com/secu rity/2015/04/ meet-greatcannon-theman-in-themiddleweapon-chinaused-ongithub/ 2 First the news http://arstechni
More informationModular Policy Framework. Class Maps SECTION 4. Advanced Configuration
[ 59 ] Section 4: We have now covered the basic configuration and delved into AAA services on the ASA. In this section, we cover some of the more advanced features of the ASA that break it away from a
More informationIntroduction to Automata Theory. BİL405 - Automata Theory and Formal Languages 1
Introduction to Automata Theory BİL405 - Automata Theory and Formal Languages 1 Automata, Computability and Complexity Automata, Computability and Complexity are linked by the question: What are the fundamental
More informationWhitepaper. Advanced Threat Hunting with Carbon Black Enterprise Response
Advanced Threat Hunting with Carbon Black Enterprise Response TABLE OF CONTENTS Overview Threat Hunting Defined Existing Challenges and Solutions Prioritize Endpoint Data Collection Over Detection Leverage
More informationWORKSHARE SECURITY OVERVIEW
WORKSHARE SECURITY OVERVIEW April 2016 COMPANY INFORMATION Workshare Security Overview Workshare Ltd. (UK) 20 Fashion Street London E1 6PX UK Workshare Website: www.workshare.com Workshare Inc. (USA) 625
More informationInformation Security Management Criteria for Our Business Partners
Information Security Management Criteria for Our Business Partners Ver. 2.1 April 1, 2016 Global Procurement Company Information Security Enhancement Department Panasonic Corporation 1 Table of Contents
More informationBlackhole Attack Detection in Wireless Sensor Networks Using Support Vector Machine
International Journal of Wireless Communications, Networking and Mobile Computing 2016; 3(5): 48-52 http://www.aascit.org/journal/wcnmc ISSN: 2381-1137 (Print); ISSN: 2381-1145 (Online) Blackhole Attack
More informationLecture 5: Performance Analysis I
CS 6323 : Modeling and Inference Lecture 5: Performance Analysis I Prof. Gregory Provan Department of Computer Science University College Cork Slides: Based on M. Yin (Performability Analysis) Overview
More informationNETWORK THREATS DEMAN
SELF-DEFENDING NETWORK NETWORK THREATS DEMAN NEW SECURITY: STRATEGIES TECHNOLOGIES Self-Propagating Threats A combination of: self propagating threats Collaborative applications Interconnected environments
More informationNetwork Performance Analysis System. White Paper
Network Performance Analysis System White Paper Copyright Copyright 2018 Colasoft. All rights reserved. Information in this document is subject to change without notice. No part of this document may be
More informationCYBER ANALYTICS. Architecture Overview. Technical Brief. May 2016 novetta.com 2016, Novetta
CYBER ANALYTICS Architecture Overview Technical Brief May 2016 novetta.com 2016, Novetta Novetta Cyber Analytics: Technical Architecture Overview 1 INTRODUCTION 2 CAPTURE AND PROCESS ALL NETWORK TRAFFIC
More informationChapter 3. The Data Link Layer
Chapter 3 The Data Link Layer 1 Data Link Layer Algorithms for achieving reliable, efficient communication between two adjacent machines. Adjacent means two machines are physically connected by a communication
More information