Network forensics is the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents. (The term, attributed to firewall expert Marcus Ranum is borrowed from the legal and criminology fields where forensics pertains to the investigation of crimes.) According to Simson Garnkel, author of several books on security, network forensics systems can be one of two kinds.
This document summarizes various soft computing techniques that can be used for intrusion detection, including fuzzy logic, graph-based approaches, and neural networks. Fuzzy logic can be used to classify parameters and detect anomalies by comparing normal and new fuzzy association rule sets. Graph-based approaches model network traffic as graphs of nodes and edges and use clustering algorithms to detect anomalies. Neural networks can be trained on audit log data to recognize normal behavior and detect deviations that may indicate attacks. These soft computing methods aim to improve on signature-based detection by learning patterns of normal network activity and detecting anomalies.
Network Forensics is scientifically proven technique to accumulate, perceive, identify, examine, associate, analyse and document digital evidence from multiple systems for the purpose of uncovering the fact of attacks and other problem incident as well as performing the action to recover from the attack. Many systems are proposed for designing the network forensic systems. In this paper we have prepared comparative analysis of various models based on different techniques.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Detecting and Preventing Attacks Using Network Intrusion Detection SystemsCSCJournals
Intrusion detection is an important technology in business sector as well as an active area of research. It is an important tool for information security. A Network Intrusion Detection System is used to monitor networks for attacks or intrusions and report these intrusions to the administrator in order to take evasive action. Today computers are part of networked; distributed systems that may span multiple buildings sometimes located thousands of miles apart. The network of such a system is a pathway for communication between the computers in the distributed system. The network is also a pathway for intrusion. This system is designed to detect and combat some common attacks on network systems. It follows the signature based IDs methodology for ascertaining attacks. A signature based IDS will monitor packets on the network and compare them against a database of signatures or attributes from known malicious threats. It has been implemented in VC++. In this system the attack log displays the list of attacks to the administrator for evasive action. This system works as an alert device in the event of attacks directed towards an entire network.
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...IJNSA Journal
The Internet Threat Monitoring (ITM) is an efficient monitoring system used globally to measure, detect, characterize and track threats such as denial of service (DoS) and distributed Denial of Service (DDoS) attacks and worms. . To block the monitoring system in the internet the attackers are targeted the ITM system. In this paper we address the flooding attack of DDoS against ITM monitors to exhaust the network resources, such as bandwidth, computing power, or operating system data structures by sending the malicious traffic. We propose an information-theoretic frame work that models the flooding attacks using Botnet on ITM. One possible way to counter DDoS attacks is to trace the attack sources and punish the perpetrators. we propose a novel traceback method for DDoS using Honeypots. IP tracing through honeypot is a single packet tracing method and is more efficient than commonly used packet marking techniques.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Identity-Based Key Management in MANETs Using Public Key CryptographyCSCJournals
Wireless mobile Ad Hoc Networks (MANETs) are an emerging area of mobile computing. MANETs face serious security problems due to their unique characteristics such as mobility, dynamic topology and lack of central infrastructure support. In conventional networks, deploying a robust and reliable security scheme such as Public Key Infrastructure (PKI) requires a central authority or trusted third party to provide fundamental security services including digital certificates, authentication and encryption. In the proposed scheme, a secure identity-based key management scheme is proposed for networks in environments without any PKI. This scheme solved the security problem in the MANET and is suitable for application to other wired network structures
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
This document summarizes various soft computing techniques that can be used for intrusion detection, including fuzzy logic, graph-based approaches, and neural networks. Fuzzy logic can be used to classify parameters and detect anomalies by comparing normal and new fuzzy association rule sets. Graph-based approaches model network traffic as graphs of nodes and edges and use clustering algorithms to detect anomalies. Neural networks can be trained on audit log data to recognize normal behavior and detect deviations that may indicate attacks. These soft computing methods aim to improve on signature-based detection by learning patterns of normal network activity and detecting anomalies.
Network Forensics is scientifically proven technique to accumulate, perceive, identify, examine, associate, analyse and document digital evidence from multiple systems for the purpose of uncovering the fact of attacks and other problem incident as well as performing the action to recover from the attack. Many systems are proposed for designing the network forensic systems. In this paper we have prepared comparative analysis of various models based on different techniques.
The International Journal of Engineering & Science is aimed at providing a platform for researchers, engineers, scientists, or educators to publish their original research results, to exchange new ideas, to disseminate information in innovative designs, engineering experiences and technological skills. It is also the Journal's objective to promote engineering and technology education. All papers submitted to the Journal will be blind peer-reviewed. Only original articles will be published.
Detecting and Preventing Attacks Using Network Intrusion Detection SystemsCSCJournals
Intrusion detection is an important technology in business sector as well as an active area of research. It is an important tool for information security. A Network Intrusion Detection System is used to monitor networks for attacks or intrusions and report these intrusions to the administrator in order to take evasive action. Today computers are part of networked; distributed systems that may span multiple buildings sometimes located thousands of miles apart. The network of such a system is a pathway for communication between the computers in the distributed system. The network is also a pathway for intrusion. This system is designed to detect and combat some common attacks on network systems. It follows the signature based IDs methodology for ascertaining attacks. A signature based IDS will monitor packets on the network and compare them against a database of signatures or attributes from known malicious threats. It has been implemented in VC++. In this system the attack log displays the list of attacks to the administrator for evasive action. This system works as an alert device in the event of attacks directed towards an entire network.
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...IJNSA Journal
The Internet Threat Monitoring (ITM) is an efficient monitoring system used globally to measure, detect, characterize and track threats such as denial of service (DoS) and distributed Denial of Service (DDoS) attacks and worms. . To block the monitoring system in the internet the attackers are targeted the ITM system. In this paper we address the flooding attack of DDoS against ITM monitors to exhaust the network resources, such as bandwidth, computing power, or operating system data structures by sending the malicious traffic. We propose an information-theoretic frame work that models the flooding attacks using Botnet on ITM. One possible way to counter DDoS attacks is to trace the attack sources and punish the perpetrators. we propose a novel traceback method for DDoS using Honeypots. IP tracing through honeypot is a single packet tracing method and is more efficient than commonly used packet marking techniques.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Identity-Based Key Management in MANETs Using Public Key CryptographyCSCJournals
Wireless mobile Ad Hoc Networks (MANETs) are an emerging area of mobile computing. MANETs face serious security problems due to their unique characteristics such as mobility, dynamic topology and lack of central infrastructure support. In conventional networks, deploying a robust and reliable security scheme such as Public Key Infrastructure (PKI) requires a central authority or trusted third party to provide fundamental security services including digital certificates, authentication and encryption. In the proposed scheme, a secure identity-based key management scheme is proposed for networks in environments without any PKI. This scheme solved the security problem in the MANET and is suitable for application to other wired network structures
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Survey on Host and Network Based Intrusion Detection SystemEswar Publications
With invent of new technologies and devices, Intrusion has become an area of concern because of security issues, in the ever growing area of cyber-attack. An intrusion detection system (IDS) is defined as a device or software application which monitors system or network activities for malicious activities or policy violations. It produces reports to a management station [1]. In this paper we are mainly focused on different IDS concepts based on Host and Network systems.
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHMIJNSA Journal
Nowadays it is very important to maintain a high level security to ensure safe and trusted communication of information between various organizations. But secured data communication over internet and any other network is always under threat of intrusions and misuses. So Intrusion Detection Systems have
become a needful component in terms of computer and network security. There are various approaches being utilized in intrusion detections, but unfortunately any of the systems so far is not completely flawless. So, the quest of betterment continues. In this progression, here we present an Intrusion
Detection System (IDS), by applying genetic algorithm (GA) to efficiently detect various types of network intrusions. Parameters and evolution processes for GA are discussed in details and implemented. This approach uses evolution theory to information evolution in order to filter the traffic data and thus reduce the complexity. To implement and measure the performance of our system we used the KDD99
benchmark dataset and obtained reasonable detection rate.
This document summarizes a proposed network attack alerting system that aims to reduce redundant alerts from intrusion detection systems (IDS). The system uses both network-based and host-based IDS to detect attacks launched using the Backtrack penetration testing tool on a virtual network environment. Well-known open source IDS tools from the Security Onion distribution are used to generate alerts. The system builds a database of alerts and defines rules to eliminate duplicate alerts for the same attack based on attributes like source/destination IP and port. It also establishes a severity classification scheme using threshold values of alerts and time to help administrators prioritize responses.
Survey on classification techniques for intrusion detectioncsandit
Intrusion detection is the most essential component
in network security. Traditional Intrusion
Detection methods are based on extensive knowledge
of signatures of known attacks. Signature-
based methods require manual encoding of attacks by
human experts. Data mining is one of the
techniques applied to Intrusion Detection that prov
ides higher automation capabilities than
signature-based methods. Data mining techniques suc
h as classification, clustering and
association rules are used in intrusion detection.
In this paper, we present an overview of
intrusion detection, KDD Cup 1999 dataset and detai
led analysis of different classification
techniques namely Support vector Machine, Decision
tree, Naïve Bayes and Neural Networks
used in intrusion detection.
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
This document proposes a hybrid architecture for a distributed intrusion detection system using multiple agents. The key aspects of the architecture include:
- Using multiple independent tracker agents that monitor hosts and generate reports sent to monitors and storage.
- Monitors analyze activity and compare to signatures to detect known attacks, or send data to anomaly detectors.
- Anomaly and misuse detectors use classification and pattern matching to detect known and unknown attacks.
- An inference module coordinates entities across hosts to classify new attacks using a knowledge base and signature generator.
- A countermeasure module alerts administrators and can take actions like dropping packets in response to detected attacks.
Self Adaptive Automatch Protocol for Batch Identification Mechanism in Wirele...IRJET Journal
This document discusses a self-adaptive automatch protocol for batch identification in wireless mobile networks. It proposes two algorithms, Condensed Binary Identification (CBI) and Multiple Rounds Identification (MRI), to improve the performance of identifying invalid signatures when batch verification fails at the receiver or sink node. The system forms nodes, transmits encrypted messages through intermediate nodes which may include attackers, and uses the sink node to perform batch verification and identify invalid signatures using the most suitable identification algorithm based on the transaction history of attackers.
Preventing Distributed Denial of Service Attacks in Cloud Environments IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of
nodes that interrelate with each other for switch over the information. This information is necessary for
that node is reserved confidentially. Attacker in the system may capture this private information and
distorted. So security is the major issue. There are several security attacks in network. One of the major
intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends
services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two
different behaviors they may happen obviously or it may due to some attackers .Various schemes are
developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...Tương Hoàng
This document is the master's thesis of Nadeem Ahmad and M. Kashif Habib submitted to Blekinge Institute of Technology. The thesis analyzes network security threats and vulnerabilities and develops a network security monitoring solution. It contains chapters on networks and protocols, security threats and attacks, countermeasures techniques and tools, security solutions, and simulation/testing results. The abstract indicates it will address questions about network security implementation and management and give an idea of the current state of network security.
Distributed Denial of Service (DDoS) attack is the most severe cyber-attack that
affects the availability of critical applications. The attackers identify the weakness in
the machines and compromise them to involve in the flooding attack. During the
DDOS attack generation, they also gain access to secret information. These
computers are then used to wage a DDoS Attack in host’s computer. Through many
security measures have been taken in order to stop DDOS Attack to be protect our
data, the attackers have developed new techniques and attack methodology. Hence it
is very important that instead of reacting to new attacks, it is necessary to build a
complete DDoS solution that will defend all types of DDoS attacks. So, the
researchers must understand the cyber space and methods utilized to block the DDoS
attacks. The proposed system provides a unique method to detect DDoS attack using
Splunk. We propose two methods for prevention of DDoS attack. One is using
Randomly generated Captchas and other one is using Linux bash script to prevent
DDoS attack by automatically blocking IP of the client, who is sending multiple
request at a time.
IRJET- Software Defined Network: DDOS Attack DetectionIRJET Journal
This document discusses software defined networks (SDNs) and detecting distributed denial-of-service (DDoS) attacks in SDNs. It provides background on SDN architecture and how DDoS attacks work. The paper aims to address risks of DDoS attacks in SDNs and focuses on detection. It describes existing DDoS attack techniques and solutions. The document proposes using algorithms like TCM-KNN and DPTCM-KNN for detection of attacks in network traffic flows, and compares the two algorithms using parameters like packet length and response time.
A Study on Data Mining Based Intrusion Detection SystemAM Publications
In recent years security has remained unsecured for computers as well as data network systems. Intrusion detecting
system used to safeguard the data confidentiality, integrity and system availability from various types of attacks. Data mining
techniques that can be applied to intrusion detection system to detect normal and abnormal behavior patterns. This paper studies
nature of network attacks and the current trends of data mining based intrusion detection techniques
Survey of Clustering Based Detection using IDS Technique IRJET Journal
This document discusses intrusion detection systems (IDS) and different techniques used for IDS, including clustering-based detection. It first provides background on IDS, describing their purpose of detecting intruders and protecting systems. It then outlines various IDS types, including mobile agent-based, cluster-based, cryptography-based, and others. The document also summarizes related work from other papers applying data mining techniques like clustering to improve IDS detection rates and reduce false alarms. Finally, it discusses problems with current and traditional IDS, such as threshold detection leading to false positives, and false negatives where attacks are missed.
This document proposes a machine learning approach using the Naive Bayes algorithm to detect distributed denial of service (DDoS) attacks through network intrusion detection. It first discusses the issues with existing intrusion detection systems, including long training times and low accuracy. It then summarizes research on applying various machine learning techniques like neural networks, decision trees, and Naive Bayes to intrusion detection. The proposed system would build a classifier using Naive Bayes, which provides faster training than other methods, to distinguish normal and attack traffic. This approach aims to improve upon the training time and detection accuracy of existing intrusion detection systems.
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONIJNSA Journal
In this paper, a new learning algorithm for adaptive network intrusion detection using naive Bayesian classifier and decision tree is presented, which performs balance detections and keeps false positives at acceptable level for different types of network attacks, and eliminates redundant attributes as well as contradictory examples from training data that make the detection model complex. The proposed algorithm also addresses some difficulties of data mining such as handling continuous attribute, dealing with missing attribute values, and reducing noise in training data. Due to the large volumes of security audit data as well as the complex and dynamic properties of intrusion behaviours, several data miningbased intrusion detection techniques have been applied to network-based traffic data and host-based data in the last decades. However, there remain various issues needed to be examined towards current intrusion detection systems (IDS). We tested the performance of our proposed algorithm with existing learning algorithms by employing on the KDD99 benchmark intrusion detection dataset. The experimental results prove that the proposed algorithm achieved high detection rates (DR) and significant reduce false positives (FP) for different types of network intrusions using limited computational resources.
Supervisory control and data acquisition (SCADA) are applications that collect data from a system in order to automate the monitoring and controlling of its activities. Several industrial fields such as, electric utilities, water supplies and buildings' facilities have already adopted SCADA systems to increase the efficiency and reduce cost. However, the IT community is concerned about the level of security that any applied SCADA system provides. This paper concentrates on the major security threats encountered in SCADA systems. In addition, it discusses a new proposed methodology in order to increase the system security with minimal impact on efficiency. The proposed scheme provides several security services which are mutual authentication, confidentiality, data integrity and accountability.
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to
rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus
or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection
System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data
created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for
anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack
signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with
the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System
called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in
detecting abnormal content in the traffic data during information passing from one node to another and
also detects known attack signature and unknown attack. This approach is tested by running the artificial
network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Software engineering based self-checking process for cyber security system in...IJECEIAES
Newly, the cyber security of vehicle ad hoc network (VANET) includes two practicable: vehicle to vehicle (V2V) and Vehicle to Infrastructure (V2I) that have been considered due to importance. It has become possible to keep pace with the development in the world. The people safety is a priority in the development of technology in general and particular in of VANET for police vehicles. In this paper, we propose a software engineering based self-checking process to ensure the high redundancy of the generated keys. These keys are used in underlying cyber security system for VANET. The proposed self-checking process emploies a set of NIST tests including frequency, block and runs as a threshold for accepting the generated keys. The introduced cyber security system includes three levels: Firstly, the registration phase that asks vehicles to register in the system, in which the network excludes the unregistered ones. In this phase, the proposed software engineeringbased self-checking process is adopted. Secondly, the authentication phase that checks of the vehicles after the registration phase. Thirdly, the proposed system that is able to detect the DOS attack. The obtained results show the efficient performance of the proposed system in managing the security of the VANET network. The self-checking process increased the randomness of the generated keys, in which the security factor is increased.
IRJET- Multimedia Content Security with Random Key Generation Approach in...IRJET Journal
This document proposes a double stage encryption algorithm to securely store multimedia content like images, audio, and video in the cloud. In the first stage, multimedia content is encrypted into ciphertext using AES symmetric encryption. The ciphertext is then encrypted again in the cloud using a randomly generated symmetric key for added security. This makes it difficult for attackers to extract the encryption key and recover the original multimedia content even if they obtain the ciphertext. The algorithm aims to provide security against side channel attacks in cloud computing through its use of random key generation and double encryption. It is described as having low complexity and wide applicability for safeguarding multimedia content in the cloud.
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations.
However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent
weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS
attack in IoT networks by classifying incoming network packets on the transport layer as either
“Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep
learning algorithms and two clustering algorithms were independently trained for mitigating DDoS
attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and
UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during
the experimentation phase. The accuracy score and normalized-mutual-information score are used to
quantify the classification performance of the four algorithms. Our results show that the autoencoder
performed overall best with the highest accuracy across all the datasets.
DDoS Attack Detection on Internet o Things using Unsupervised Algorithmsijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations. However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS attack in IoT networks by classifying incoming network packets on the transport layer as either “Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep learning algorithms and two clustering algorithms were independently trained for mitigating DDoS attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during the experimentation phase. The accuracy score and normalized-mutual-information score are used to quantify the classification performance of the four algorithms. Our results show that the autoencoder performed overall best with the highest accuracy across all the datasets.
Collecting and analyzing network-based evidenceCSITiaesprime
Since nearly the beginning of the Internet, malware has been a significant deterrent to productivity for end users, both personal and business related. Due to the pervasiveness of digital technologies in all aspects of human lives, it is increasingly unlikely that a digital device is involved as goal, medium or simply ‘witness’ of a criminal event. Forensic investigations include collection, recovery, analysis, and presentation of information stored on network devices and related to network crimes. These activities often involve wide range of analysis tools and application of different methods. This work presents methods that helps digital investigators to correlate and present information acquired from forensic data, with the aim to get a more valuable reconstructions of events or action to reach case conclusions. Main aim of network forensic is to gather evidence. Additionally, the evidence obtained during the investigation must be produced through a rigorous investigation procedure in a legal context.
Survey on Host and Network Based Intrusion Detection SystemEswar Publications
With invent of new technologies and devices, Intrusion has become an area of concern because of security issues, in the ever growing area of cyber-attack. An intrusion detection system (IDS) is defined as a device or software application which monitors system or network activities for malicious activities or policy violations. It produces reports to a management station [1]. In this paper we are mainly focused on different IDS concepts based on Host and Network systems.
AN IMPLEMENTATION OF INTRUSION DETECTION SYSTEM USING GENETIC ALGORITHMIJNSA Journal
Nowadays it is very important to maintain a high level security to ensure safe and trusted communication of information between various organizations. But secured data communication over internet and any other network is always under threat of intrusions and misuses. So Intrusion Detection Systems have
become a needful component in terms of computer and network security. There are various approaches being utilized in intrusion detections, but unfortunately any of the systems so far is not completely flawless. So, the quest of betterment continues. In this progression, here we present an Intrusion
Detection System (IDS), by applying genetic algorithm (GA) to efficiently detect various types of network intrusions. Parameters and evolution processes for GA are discussed in details and implemented. This approach uses evolution theory to information evolution in order to filter the traffic data and thus reduce the complexity. To implement and measure the performance of our system we used the KDD99
benchmark dataset and obtained reasonable detection rate.
This document summarizes a proposed network attack alerting system that aims to reduce redundant alerts from intrusion detection systems (IDS). The system uses both network-based and host-based IDS to detect attacks launched using the Backtrack penetration testing tool on a virtual network environment. Well-known open source IDS tools from the Security Onion distribution are used to generate alerts. The system builds a database of alerts and defines rules to eliminate duplicate alerts for the same attack based on attributes like source/destination IP and port. It also establishes a severity classification scheme using threshold values of alerts and time to help administrators prioritize responses.
Survey on classification techniques for intrusion detectioncsandit
Intrusion detection is the most essential component
in network security. Traditional Intrusion
Detection methods are based on extensive knowledge
of signatures of known attacks. Signature-
based methods require manual encoding of attacks by
human experts. Data mining is one of the
techniques applied to Intrusion Detection that prov
ides higher automation capabilities than
signature-based methods. Data mining techniques suc
h as classification, clustering and
association rules are used in intrusion detection.
In this paper, we present an overview of
intrusion detection, KDD Cup 1999 dataset and detai
led analysis of different classification
techniques namely Support vector Machine, Decision
tree, Naïve Bayes and Neural Networks
used in intrusion detection.
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
This document proposes a hybrid architecture for a distributed intrusion detection system using multiple agents. The key aspects of the architecture include:
- Using multiple independent tracker agents that monitor hosts and generate reports sent to monitors and storage.
- Monitors analyze activity and compare to signatures to detect known attacks, or send data to anomaly detectors.
- Anomaly and misuse detectors use classification and pattern matching to detect known and unknown attacks.
- An inference module coordinates entities across hosts to classify new attacks using a knowledge base and signature generator.
- A countermeasure module alerts administrators and can take actions like dropping packets in response to detected attacks.
Self Adaptive Automatch Protocol for Batch Identification Mechanism in Wirele...IRJET Journal
This document discusses a self-adaptive automatch protocol for batch identification in wireless mobile networks. It proposes two algorithms, Condensed Binary Identification (CBI) and Multiple Rounds Identification (MRI), to improve the performance of identifying invalid signatures when batch verification fails at the receiver or sink node. The system forms nodes, transmits encrypted messages through intermediate nodes which may include attackers, and uses the sink node to perform batch verification and identify invalid signatures using the most suitable identification algorithm based on the transaction history of attackers.
Preventing Distributed Denial of Service Attacks in Cloud Environments IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of
nodes that interrelate with each other for switch over the information. This information is necessary for
that node is reserved confidentially. Attacker in the system may capture this private information and
distorted. So security is the major issue. There are several security attacks in network. One of the major
intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends
services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two
different behaviors they may happen obviously or it may due to some attackers .Various schemes are
developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
Analysis of network_security_threats_and_vulnerabilities_by_development__impl...Tương Hoàng
This document is the master's thesis of Nadeem Ahmad and M. Kashif Habib submitted to Blekinge Institute of Technology. The thesis analyzes network security threats and vulnerabilities and develops a network security monitoring solution. It contains chapters on networks and protocols, security threats and attacks, countermeasures techniques and tools, security solutions, and simulation/testing results. The abstract indicates it will address questions about network security implementation and management and give an idea of the current state of network security.
Distributed Denial of Service (DDoS) attack is the most severe cyber-attack that
affects the availability of critical applications. The attackers identify the weakness in
the machines and compromise them to involve in the flooding attack. During the
DDOS attack generation, they also gain access to secret information. These
computers are then used to wage a DDoS Attack in host’s computer. Through many
security measures have been taken in order to stop DDOS Attack to be protect our
data, the attackers have developed new techniques and attack methodology. Hence it
is very important that instead of reacting to new attacks, it is necessary to build a
complete DDoS solution that will defend all types of DDoS attacks. So, the
researchers must understand the cyber space and methods utilized to block the DDoS
attacks. The proposed system provides a unique method to detect DDoS attack using
Splunk. We propose two methods for prevention of DDoS attack. One is using
Randomly generated Captchas and other one is using Linux bash script to prevent
DDoS attack by automatically blocking IP of the client, who is sending multiple
request at a time.
IRJET- Software Defined Network: DDOS Attack DetectionIRJET Journal
This document discusses software defined networks (SDNs) and detecting distributed denial-of-service (DDoS) attacks in SDNs. It provides background on SDN architecture and how DDoS attacks work. The paper aims to address risks of DDoS attacks in SDNs and focuses on detection. It describes existing DDoS attack techniques and solutions. The document proposes using algorithms like TCM-KNN and DPTCM-KNN for detection of attacks in network traffic flows, and compares the two algorithms using parameters like packet length and response time.
A Study on Data Mining Based Intrusion Detection SystemAM Publications
In recent years security has remained unsecured for computers as well as data network systems. Intrusion detecting
system used to safeguard the data confidentiality, integrity and system availability from various types of attacks. Data mining
techniques that can be applied to intrusion detection system to detect normal and abnormal behavior patterns. This paper studies
nature of network attacks and the current trends of data mining based intrusion detection techniques
Survey of Clustering Based Detection using IDS Technique IRJET Journal
This document discusses intrusion detection systems (IDS) and different techniques used for IDS, including clustering-based detection. It first provides background on IDS, describing their purpose of detecting intruders and protecting systems. It then outlines various IDS types, including mobile agent-based, cluster-based, cryptography-based, and others. The document also summarizes related work from other papers applying data mining techniques like clustering to improve IDS detection rates and reduce false alarms. Finally, it discusses problems with current and traditional IDS, such as threshold detection leading to false positives, and false negatives where attacks are missed.
This document proposes a machine learning approach using the Naive Bayes algorithm to detect distributed denial of service (DDoS) attacks through network intrusion detection. It first discusses the issues with existing intrusion detection systems, including long training times and low accuracy. It then summarizes research on applying various machine learning techniques like neural networks, decision trees, and Naive Bayes to intrusion detection. The proposed system would build a classifier using Naive Bayes, which provides faster training than other methods, to distinguish normal and attack traffic. This approach aims to improve upon the training time and detection accuracy of existing intrusion detection systems.
COMBINING NAIVE BAYES AND DECISION TREE FOR ADAPTIVE INTRUSION DETECTIONIJNSA Journal
In this paper, a new learning algorithm for adaptive network intrusion detection using naive Bayesian classifier and decision tree is presented, which performs balance detections and keeps false positives at acceptable level for different types of network attacks, and eliminates redundant attributes as well as contradictory examples from training data that make the detection model complex. The proposed algorithm also addresses some difficulties of data mining such as handling continuous attribute, dealing with missing attribute values, and reducing noise in training data. Due to the large volumes of security audit data as well as the complex and dynamic properties of intrusion behaviours, several data miningbased intrusion detection techniques have been applied to network-based traffic data and host-based data in the last decades. However, there remain various issues needed to be examined towards current intrusion detection systems (IDS). We tested the performance of our proposed algorithm with existing learning algorithms by employing on the KDD99 benchmark intrusion detection dataset. The experimental results prove that the proposed algorithm achieved high detection rates (DR) and significant reduce false positives (FP) for different types of network intrusions using limited computational resources.
Supervisory control and data acquisition (SCADA) are applications that collect data from a system in order to automate the monitoring and controlling of its activities. Several industrial fields such as, electric utilities, water supplies and buildings' facilities have already adopted SCADA systems to increase the efficiency and reduce cost. However, the IT community is concerned about the level of security that any applied SCADA system provides. This paper concentrates on the major security threats encountered in SCADA systems. In addition, it discusses a new proposed methodology in order to increase the system security with minimal impact on efficiency. The proposed scheme provides several security services which are mutual authentication, confidentiality, data integrity and accountability.
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to
rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus
or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection
System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data
created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for
anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack
signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with
the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System
called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in
detecting abnormal content in the traffic data during information passing from one node to another and
also detects known attack signature and unknown attack. This approach is tested by running the artificial
network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Software engineering based self-checking process for cyber security system in...IJECEIAES
Newly, the cyber security of vehicle ad hoc network (VANET) includes two practicable: vehicle to vehicle (V2V) and Vehicle to Infrastructure (V2I) that have been considered due to importance. It has become possible to keep pace with the development in the world. The people safety is a priority in the development of technology in general and particular in of VANET for police vehicles. In this paper, we propose a software engineering based self-checking process to ensure the high redundancy of the generated keys. These keys are used in underlying cyber security system for VANET. The proposed self-checking process emploies a set of NIST tests including frequency, block and runs as a threshold for accepting the generated keys. The introduced cyber security system includes three levels: Firstly, the registration phase that asks vehicles to register in the system, in which the network excludes the unregistered ones. In this phase, the proposed software engineeringbased self-checking process is adopted. Secondly, the authentication phase that checks of the vehicles after the registration phase. Thirdly, the proposed system that is able to detect the DOS attack. The obtained results show the efficient performance of the proposed system in managing the security of the VANET network. The self-checking process increased the randomness of the generated keys, in which the security factor is increased.
IRJET- Multimedia Content Security with Random Key Generation Approach in...IRJET Journal
This document proposes a double stage encryption algorithm to securely store multimedia content like images, audio, and video in the cloud. In the first stage, multimedia content is encrypted into ciphertext using AES symmetric encryption. The ciphertext is then encrypted again in the cloud using a randomly generated symmetric key for added security. This makes it difficult for attackers to extract the encryption key and recover the original multimedia content even if they obtain the ciphertext. The algorithm aims to provide security against side channel attacks in cloud computing through its use of random key generation and double encryption. It is described as having low complexity and wide applicability for safeguarding multimedia content in the cloud.
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations.
However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent
weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS
attack in IoT networks by classifying incoming network packets on the transport layer as either
“Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep
learning algorithms and two clustering algorithms were independently trained for mitigating DDoS
attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and
UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during
the experimentation phase. The accuracy score and normalized-mutual-information score are used to
quantify the classification performance of the four algorithms. Our results show that the autoencoder
performed overall best with the highest accuracy across all the datasets.
DDoS Attack Detection on Internet o Things using Unsupervised Algorithmsijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations. However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS attack in IoT networks by classifying incoming network packets on the transport layer as either “Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep learning algorithms and two clustering algorithms were independently trained for mitigating DDoS attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during the experimentation phase. The accuracy score and normalized-mutual-information score are used to quantify the classification performance of the four algorithms. Our results show that the autoencoder performed overall best with the highest accuracy across all the datasets.
Collecting and analyzing network-based evidenceCSITiaesprime
Since nearly the beginning of the Internet, malware has been a significant deterrent to productivity for end users, both personal and business related. Due to the pervasiveness of digital technologies in all aspects of human lives, it is increasingly unlikely that a digital device is involved as goal, medium or simply ‘witness’ of a criminal event. Forensic investigations include collection, recovery, analysis, and presentation of information stored on network devices and related to network crimes. These activities often involve wide range of analysis tools and application of different methods. This work presents methods that helps digital investigators to correlate and present information acquired from forensic data, with the aim to get a more valuable reconstructions of events or action to reach case conclusions. Main aim of network forensic is to gather evidence. Additionally, the evidence obtained during the investigation must be produced through a rigorous investigation procedure in a legal context.
Topic Since information extracted from router or switch interfaces.docxjuliennehar
Topic Since information extracted from router or switch interfaces to not provide specific evidence of a particular crime in most cases, what use is the information collected from these devices.
Read and respond to atleast two other students Discussions. (5-6 lines would be more sufficient)
#1.Posted by Srikanth
Routers and switches give the availability, both inside the demilitarized Zone (DMZ) environment and to different tareas of the system to which the DMZ is connected. This makes Routers and switches prime targets for hackers to exploit and gather data about the system or just use as springboards on other devices. This section presents data on the best way to information and arrange some significant router and switch security includes that enable run safely and ensure the devices that they associate. Routers direct traffic all through the undertaking system and are normally the first line of barrier when the system is associating with the Internet. Hackers try to infiltrate routers to gather data or use them as launching pads for further attacks. This is the reason it is critical to secure switches' management interfaces and services to make them trouble for an interloper to hack. Similarly as with routers, switches have an expanding job in system security. The switch gives numerous highlights, including port security. VLANs and PVLANs give the tools to keep the devices on the DMZ secure. It is additionally imperative to secure the switch's management interfaces and services with the goal that hackers can't break into the switch to change VLAN designs, change port settings, or utilize the switch to connect with different parts of the network.
Network forensics is capture, recording and analysis of network packets in order to determine the source of network security attacks. The major goal of network forensics is to collect evidence. It tries to analyze network traffic data, which is collected from different sites and different network equipment, such as firewalls and IDS. In addition, it monitors on the network to detect attacks and analyze the nature of attackers. Network forensics is also the process of detecting intrusion patterns, focusing on attacker activity.
Computer documents, emails, text and instant messages, transactions, images and Internet histories are examples of information that can be gathered from electronic devices and used very effectively as evidence. For example, mobile devices use online-based based backup systems, also known as the “cloud”, that provide forensic investigators with access to text messages and pictures taken from a particular phone. These systems keep an average of 1,000–1,500 or more of the last text messages sent to and received from that phone.In addition, many mobile devices store information about the locations where the device traveled and when it was there. To gain this knowledge, investigators can access an average of the last 200 cell locations accessed by a mobile device. Satellite navig ...
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
Due to extensive growth of the Internet and increasing availability of tools and methods for intruding and attacking
networks, intrusion detection has become a critical component of network security parameters. TCP/IP protocol suite is the defacto
standard for communication on the Internet. The underlying vulnerabilities in the protocols is the root cause of intrusions. Therefor
Intrusion detection system becomes an important element in network security that controls real time data and leads to huge
dimensional problem. Processing large number of packets and data in real time is very difficult and costly. Therefor data preprocessing
is necessary to remove redundant and unwanted information from packets and clean network data. Here, we are focusing on
two important aspects of intrusion detection; one is accuracy and other is performance. The layered approach of TCP/IP model can be
applied to packet pre-processing to achieve early and faster intrusion detection. Motivation for the paper comes from the large impact
data preprocessing has on the accuracy and capability of anomaly-based NIPS. In this paper it is demonstrated that high attack
detection accuracy can be achieved by using layered approach for data preprocessing in Internet. To reduce false positive rate and to
increase efficiency of detection, the paper proposed framework for preprocessing in intrusion prevention system. We experimented
with real time network traffic as well as he KDDcup99 dataset for our research.
Network forensics comes under the domain of digital forensics and deals with evidences left behind on the networkiafter a cyber-attack. It is indication of the weakness that led to the crime and the possible cause. Network focused research comes up with many challenges which involves the collection, storage, content, privacy, confiscation and the admissibility. It is important and critical for any network forensic researcher or the investigator to consider adopting efficient forensic network investigation framework or the methodologies in order to improve investigation process. The main aim of this research contribution was to do a comprehensive analysis of concepts of networks forensics through extensive investigation and by analyzing various methodologies and associated tools which should be used in the network forensic investigations. Detailed and in depth analysis of concepts of network forensic investigation on a designed/conceived network architecture was carried out which was then followed by analyzing various methodologies and tools employed. An innovative framework for the investigation was designed which can be used by any forensic expert. The acquired data was analyzed by using information, strategizing and collecting evidence and by analyzing and reporting of the methodologies on the conceptualized network. Consequently, it led to the researcher to adopt and utilize a powerful and efficient forensic network methodology that will ultimately help in improving the investigation process and providing required tools/techniques along with the requisite guidelines that will determine the approach, methods, and strategies which are to be used for networkiforensiciprocess to be followed and be executed with the use of relevant tools that will tend to help in the simplification and improvement of the forensics investigation process.
Trust Metric-Based Anomaly Detection Via Deep Deterministic Policy Gradient R...IJCNCJournal
Addressing real-time network security issues is paramount due to the rapidly expanding IoT jargon. The erratic rise in usage of inadequately secured IoT- based sensory devices like wearables of mobile users, autonomous vehicles, smartphones and appliances by a larger user community is fuelling the need for a trustable, super-performant security framework. An efficient anomaly detection system would aim to address the anomaly detection problem by devising a competent attack detection model. This paper delves into the Deep Deterministic Policy Gradient (DDPG) approach, a promising Reinforcement Learning platform to combat noisy sensor samples which are instigated by alarming network attacks. The authors propose an enhanced DDPG approach based on trust metrics and belief networks, referred to as Deep Deterministic Policy Gradient Belief Network (DDPG-BN). This deep-learning-based approach is projected as an algorithm to provide “Deep-Defense” to the plethora of network attacks. Confidence interval is chosen as the trust metric to decide on the termination of sensor sample collection. Once an enlisted attack is detected, the collection of samples from the particular sensor will automatically cease. The evaluations and results of the experiments highlight a better detection accuracy of 98.37% compared to its counterpart conventional DDPG implementation of 97.46%. The paper also covers the work based on a contemporary Deep Reinforcement Learning (DRL) algorithm, the Actor Critic (AC). The proposed deep learning binary classification model is validated using the NSL-KDD dataset and the performance is compared to a few deep learning implementations as well.
Trust Metric-Based Anomaly Detection via Deep Deterministic Policy Gradient R...IJCNCJournal
Addressing real-time network security issues is paramount due to the rapidly expanding IoT jargon. The erratic rise in usage of inadequately secured IoT- based sensory devices like wearables of mobile users, autonomous vehicles, smartphones and appliances by a larger user community is fuelling the need for a trustable, super-performant security framework. An efficient anomaly detection system would aim to address the anomaly detection problem by devising a competent attack detection model. This paper delves into the Deep Deterministic Policy Gradient (DDPG) approach, a promising Reinforcement Learning platform to combat noisy sensor samples which are instigated by alarming network attacks. The authors propose an enhanced DDPG approach based on trust metrics and belief networks, referred to as Deep Deterministic Policy Gradient Belief Network (DDPG-BN). This deep-learning-based approach is projected as an algorithm to provide “Deep-Defense” to the plethora of network attacks. Confidence interval is chosen as the trust metric to decide on the termination of sensor sample collection. Once an enlisted attack is detected, the collection of samples from the particular sensor will automatically cease. The evaluations and results of the experiments highlight a better detection accuracy of 98.37% compared to its counterpart conventional DDPG implementation of 97.46%. The paper also covers the work based on a contemporary Deep Reinforcement Learning (DRL) algorithm, the Actor Critic (AC). The proposed deep learning binary classification model is validated using the NSL-KDD dataset and the performance is compared to a few deep learning implementations as well.
Security Onion is a Network Security Manager (NSM) platform that provides multiple
Intrusion Detection Systems (IDS) including Host IDS (HIDS) and Network IDS (NIDS).
Many types of data can be acquired using Security Onion for analysis. This includes data
related to: Host, Network, Session, Asset, Alert and Protocols. Security Onion can be
implemented as a standalone deployment with server and sensor included or with a master
server and multiple sensors allowing for the system to be scaled as required. Many interfaces
and tools are available for management of the system and analysis of data such as Sguil,
Snorby, Squert and Enterprise Log Search and Archive (ELSA). These interfaces can be used
for analysis of alerts and captured events and then can be further exported for analysis in
Network Forensic Analysis Tools (NFAT) such as NetworkMiner, CapME or Xplico. The
Security Onion platform also provides various methods of management such as Secure SHell
(SSH) for management of server and sensors and Web client remote access. All of this with
the ability to replay and analyses example malicious traffic makes the Security Onion a suitable
low-cost alternative for Network Security Management. In this paper, we have a feature and
functionality review for the Security Onion in terms of: types of data, configuration, interface,
tools and system management.
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.IRJET Journal
This document discusses machine learning and deep learning models for detecting IoT botnet attacks. It begins with an abstract that outlines the challenges of securing the growing number of IoT devices and describes how machine learning and deep learning techniques like LSTM RNN can be used to develop effective detection systems. The introduction provides background on botnets, distributed denial of service attacks, and the need for detection systems. The literature review then summarizes several previous works that used techniques such as Bayesian classifiers, random neural networks, decision trees, and other machine learning algorithms for attack detection. The methodology section outlines the general approach of anomaly-based intrusion detection systems and different learning methods. The experimental setup describes collecting and preprocessing data, feature extraction, model training and evaluation
Forensic the word which indicate the detective work, which searches for and attempting to discover information. Mainly search is carried out for collecting evidence for investigation which is useful in criminal, civil or corporate investigations. Investigation is applicable in presence of some legal rules.
As criminals are getting smarter to perform crime that is, using data hiding techniques such as encryption and steganography, so forensic department has become alert has introduced a new concept called as Digital Forensic, which handles sensitive data which is responsible and confidential.
Detecting network attacks model based on a convolutional neural network IJECEIAES
Due to the increasing use of networks at present, Internet systems have raised many security problems, and statistics indicate that the rate of attacks or intrusions has increased excessively annually, and in the event of any malicious attack on network vulnerabilities or information systems, it may lead to serious disasters, violating policies on network security, i.e., “confidentiality, integrity, and availability” (CIA). Therefore, many detection systems, such as the intrusion detection system, appeared. In this paper, we built a system that detects network attacks using the latest machine learning algorithms and a convolutional neural network based on a dataset of the CSE-CIC-IDS2018. It is a recent dataset that contains a set of common and recent attacks. The detection rate is 99.7%, distinguishing between aggressive attacks and natural assertiveness.
This document proposes a methodology for forensic investigation of criminal activity on multitenant cloud web hosting platforms. It presents challenges of investigating crimes in such an environment due to lack of access to physical servers and scattered data across multiple virtual machines and data centers. The proposed architecture uses a MAC Address Derivation Algorithm (MADA) to trace the physical network location of criminals by identifying their IP and MAC addresses from DHCP and firewall logs. When illegal access is detected, the process generates an investigation report by applying MADA to obtain location details based on the user ID of the unauthorized access. This helps law enforcement agencies further investigate cybercrimes on multitenant cloud systems.
Overview of SMB, NetBIOS and other network attacksDavid Sweigert
This document is a master's thesis submitted to Blekinge Institute of Technology that analyzes network security threats and vulnerabilities. It proposes developing and implementing a network security monitoring solution.
The thesis was written by Nadeem Ahmad and M. Kashif Habib in 2010. It acknowledges their university supervisor Karel De Vogeleer and examiner Professor Adrian Popescu. The abstract indicates it will address questions about network security implementations and management, and give an idea of the current state of network security.
The thesis contains several chapters that will analyze networks and protocols, security threats and vulnerabilities, security attacks, security countermeasures techniques and tools, security solutions, and present results from simulations testing the proposed security monitoring solution
This document summarizes the key aspects of computer network security. It discusses the importance of network security due to increased interconnectivity and risk of intellectual property theft. It describes common internet attack methods like viruses, Trojans, eavesdropping and denial of service attacks. It also discusses network security technologies used to defend against attacks, such as firewalls, encryption, intrusion detection systems. The document outlines security considerations for network design like access control, authentication, integrity and non-repudiation. It examines vulnerabilities in the internet architecture and security issues in different versions of the internet protocol. Finally, it discusses future directions for network security.
A honeynet framework to promote enterprise network securityIAEME Publication
This document describes a honeynet framework to promote enterprise network security. The framework consists of two high-interaction honeypot servers connected by a switch to a monitoring station. The honeypots provide real operating systems and services to attract attackers. When an attacker attempts to access a honeypot, its data is captured by a packet sniffer and stored in a database. This data is then sent securely to the monitoring station using web services. The monitoring station analyzes the data, generates an alert report, and provides a GUI to monitor extracted information. The goal is to identify attack traffic and profile attackers to improve network defense.
Peripheral Review and Analysis of Internet Network SecurityIJRES Journal
This paper is on the exploration of Internet Network security. With the advent of the internet, security became a major concern for computer users, organizations and the Military. The internet structure itself allow for many security threats to occur. Knowing the attack methods, the architecture of the internet when modified can reduce the possible attacks that can be sent across the network. The internet can be secured by the means of VPN, IPSec, Anti‐Malware Software and scanners, Secure Socket Layer, intrusion‐detection, security management, firewalls and cryptography mechanisms. The essence of this research is to forecast the future of internet network security.
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
The document discusses web application security and vulnerabilities. It provides an abstract for a thesis titled "Preventing Cyber Attack And Other Vulnerabilities". The abstract discusses how weak security can allow attackers to compromise websites easily, and how current web security technologies are complex. The thesis will provide a tool to scan for SQL injection and cross-site scripting attacks on web applications. It will support major database servers like MySQL. The document also defines attacks, vulnerabilities, and examples like denial of service, spoofing, SQL injection etc. It emphasizes the need for secure coding practices to prevent exploits.
Supervisory control and data acquisition (SCADA) are applications that collect data from a system in order to automate the monitoring and controlling of its activities. Several industrial fields such as, electric utilities, water supplies and buildings’ facilities have already adopted SCADA systems to increase the efficiency and reduce cost. However, the IT community is concerned about the level of security that any applied SCADA system provides. This paper concentrates on the major security threats encountered in SCADA systems. In addition, it discusses a new proposed methodology in order to increase the system security with minimal impact on efficiency. The proposed scheme provides several security services which are mutual authentication, confidentiality, data integrity and accountability.
Similar to A secure network forensics system for cyber incidents analysis (20)
Introduction- e - waste – definition - sources of e-waste– hazardous substances in e-waste - effects of e-waste on environment and human health- need for e-waste management– e-waste handling rules - waste minimization techniques for managing e-waste – recycling of e-waste - disposal treatment methods of e- waste – mechanism of extraction of precious metal from leaching solution-global Scenario of E-waste – E-waste in India- case studies.
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
artificial intelligence and data science contents.pptxGauravCar
What is artificial intelligence? Artificial intelligence is the ability of a computer or computer-controlled robot to perform tasks that are commonly associated with the intellectual processes characteristic of humans, such as the ability to reason.
› ...
Artificial intelligence (AI) | Definitio
Null Bangalore | Pentesters Approach to AWS IAMDivyanshu
#Abstract:
- Learn more about the real-world methods for auditing AWS IAM (Identity and Access Management) as a pentester. So let us proceed with a brief discussion of IAM as well as some typical misconfigurations and their potential exploits in order to reinforce the understanding of IAM security best practices.
- Gain actionable insights into AWS IAM policies and roles, using hands on approach.
#Prerequisites:
- Basic understanding of AWS services and architecture
- Familiarity with cloud security concepts
- Experience using the AWS Management Console or AWS CLI.
- For hands on lab create account on [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
# Scenario Covered:
- Basics of IAM in AWS
- Implementing IAM Policies with Least Privilege to Manage S3 Bucket
- Objective: Create an S3 bucket with least privilege IAM policy and validate access.
- Steps:
- Create S3 bucket.
- Attach least privilege policy to IAM user.
- Validate access.
- Exploiting IAM PassRole Misconfiguration
-Allows a user to pass a specific IAM role to an AWS service (ec2), typically used for service access delegation. Then exploit PassRole Misconfiguration granting unauthorized access to sensitive resources.
- Objective: Demonstrate how a PassRole misconfiguration can grant unauthorized access.
- Steps:
- Allow user to pass IAM role to EC2.
- Exploit misconfiguration for unauthorized access.
- Access sensitive resources.
- Exploiting IAM AssumeRole Misconfiguration with Overly Permissive Role
- An overly permissive IAM role configuration can lead to privilege escalation by creating a role with administrative privileges and allow a user to assume this role.
- Objective: Show how overly permissive IAM roles can lead to privilege escalation.
- Steps:
- Create role with administrative privileges.
- Allow user to assume the role.
- Perform administrative actions.
- Differentiation between PassRole vs AssumeRole
Try at [killercoda.com](https://killercoda.com/cloudsecurity-scenario/)
A secure network forensics system for cyber incidents analysis
1. A Secure Network Forensics System for
Cyber Incidents Analysis
A NON-CREDIT COURSE REPORT ON
CYBER FORENSICS AND INFORMATION SECURITY
SUBMITTED TO
SAVITRIBAI PHULE PUNE UNIVERSITY, PUNE
FOR THE PARTIAL FULFILLMENT OF AWARD OF DEGREE
Of
MASTER OF ENGINEERING
In
(Computer Engineering)
By
Swapnil S. Jagtap
Semester-IV Roll No: ******
UNDER THE GUIDANCE OF
Guide Name
(Department of Computer Engineering)
VPKBIET, Baramati.
DEPARTMENT OF COMPUTER
ENGINEERING
Vidya Pratishthan’s Kamalnayan Bajaj Institute of
Engineering & Technology,
Vidyanagari Bhigawan Road
Baramati, Dist. Pune - 413133
2016-2017
2. CERTIFICATE
This is to certify that Mr. Swapnil S. Jagtap has successfully submitted
his report to Department of Computer Engineering, VPKBIET, Baramati,
on
A Secure Network Forensics System for
Cyber Incidents Analysis
During the academic year 2016-2017 in the partial fulfillment towards
completion of Second Year of
Master of Engineering in Computer Engineering, of
Savitribai Phule Pune University, Pune(Maharashtra)
Swapnil S. Jagtap Guide Name
Student Guide
Dept. of Comp. Engg. Dept. of Comp. Engg.
Date :
Place: VPKBIET, Baramati.
4. Chapter 1
Introduction
1.1 What is Network Forensics System
Network forensics is the capture, recording, and analysis of network events
in order to discover the source of security attacks or other problem incidents.
(The term, attributed to firewall expert Marcus Ranum, is borrowed from the
legal and criminology fields where forensics pertains to the investigation of
crimes.) According to Simson Garfinkel, author of several books on security,
network forensics systems can be one of two kinds [9].
1.2 Types of Network Forensics System
1.2.1 TCP/IP
On the network layer the Internet Protocol (IP) is responsible for direct-
ing the packets generated by TCP through the network (e.g., the Internet)
by adding source and destination information which can be interpreted by
routers all over the network. Cellular digital packet networks, like GPRS,
use similar protocols like IP, so the methods described for IP work with them
as well [2].
1.2.2 Ethernet
Applying forensic methods on the Ethernet layer is done by eavesdropping
bit streams with tools called monitoring tools or sniffers. The most common
tool on this layer is Wireshark (formerly known as Ethereal) and TCP dump,
where TCP dump works mostly on Unix operating systems [4]. These tools
collect all data on this layer and allows the user to filter for different events.
3
5. An advantage of collecting this data is that it is directly connected to a host.
If, for example the IP address or the MAC address of a host at a certain time
is known, all data sent to or from this IP or MAC address can be filtered [8].
With these tools, website pages, email attachments, and other network traffic
can be reconstructed only if they are transmitted or received unencrypted.
1.2.3 Wireless Forensics
Wireless forensics is a sub-discipline of network forensics. The main goal of
wireless forensics is to provide the methodology and tools required to collect
and analyze (wireless) network traffic that can be presented as valid digital
evidence in a court of law. The evidence collected can correspond to plain
data or, with the broad usage of Voice-over-IP (VoIP) technologies, especially
over wireless, can include voice conversations. Analysis of wireless network
traffic is similar to that on wired networks, however there may be the added
consideration of wireless security measures.
1.2.4 The Internet
The internet can be a rich source of digital evidence including web browsing,
email, newsgroup, synchronous chat and peer-to-peer traffic. For example,
web server logs can be used to show when (or if) a suspect accessed informa-
tion related to criminal activity [3].
4
6. Chapter 2
Cyber Incidents Analysis
There are many types of information (or IT) security incident that could be
classified as a cyber security incident, ranging from serious cyber security
attacks on critical national infrastructure and major organized cybercrime,
through hacktivism and basic malware attacks, to internal misuse of systems
and software malfunction. However, project research has revealed that there
is no one common definition of a cyber security incident.
There is no authoritative taxonomy to help organizations decide what is
(or isnt) a cyber security incident, breach, or attack. Often cyber security in-
cidents are associated with malicious attacks or Advanced Persistent Threats
(APTs), but there appears to be no clear agreement. Many different organi-
zations have different understandings of what the term means, consequently
adopting inconsistent or inappropriate cyber security incident response ap-
proaches. The original government definition of cyber security incidents as
being state-sponsored attacks on critical national infrastructure or defense
capabilities is still valid [1].
However, industry fuelled by the media has adopted the term wholesale
and the term cyber security incident is often used to describe traditional
information (or IT) security incidents. This perception is important, but has
not been fully explored and the term cyber is both engaging and here to stay.
The two most common (and somewhat polarized) sets of understandings
as shown in Figure below - are either that cyber security incidents are no
different from traditional information (or IT) security incidents or that they
are solely cyber security attacks.
5
7. Figure 2.1: Conceptual goals of Cyber Black Box
2.1 Comparing different types of cyber secu-
rity incident
The main difference between different types of cyber security incident appears
to lie in the source of the incident (e.g. a minor criminal compared to a major
organized crime syndicate), rather than the type of incident (e.g. hacking,
malware or social engineering) [4]. Therefore, it may be useful to define
cyber security incidents based on the type of attacker, their capability and
intent. At one end of the spectrum come basic cyber security incidents, such
as minor crime, localized disruption and theft. At the other end, we can see
major organized crime, widespread disruption, critical damage to national
infrastructure and even warfare.
2.2 Design of Cyber Black Box
Cyber Black Box is designed to operate as a network forensics system [5,
6] which collects network traffic to use it as evidence and generates useful
information and analyzes the collected data [5]. It extracts various infor-
mation from the collected network packets for attack analysis and supports
users can search specific information what they want to find. Additionally,
6
8. it generates attack scenarios based on the extracted information. In order
to collect the network traffic as an evidence Cyber Black Box guarantees
integrity and confidentiality. The conceptual goals of Cyber Black Box are
shown in Figure.
Figure 2.2: Relationships between subsystems of Cyber Black Box system
2.3 Construction of Cyber Black Box
There are two subsystems in Cyber Black Box, and they are Cyber Black
Box Sensor (CBS) and Cyber Black Box Manager (CBM) subsystems. The
relationship between CBS and CBM is shown in Figure.
The main objective of CBS is to collect network data and extract related
information. All the collected network traffic, flow information, reconstructed
files and related metadata are generated and stored in CBS in real-time.
CBM is designed to provide various interfaces to users for information search
and attack scenario generation. CBM can collect data from CBS and analyze
it. Also, CBM can cooperate with external systems to collect more informa-
tion. Also, CBM can manage multiple CBS simultaneously. When a user
wants to analyze some network traffic and related information then the user
can connect to a CBM and gather the information from dedicated CBSs and
7
9. proceeds the analysis.
Main functionalities of Cyber Black Box which is shown in Figure 3 could
be listed as follows; x Network traffic storing and flow information generation.
x Network transmitted file reconstruction and related metadata generation.
x Integrity preserving of collected data and data management. x Cyber inci-
dents analysis based on the collected network traffic and related information
x Incident information sharing.
Figure 2.3: Architecture of the cyber black box for network intrusion forensics
8
10. Chapter 3
Cyber Black Box Interface
Block
In the related works, since analysis is mainly used as an action against a
cyber intrusion event, there are limitations in quick cause analysis and post-
action. They cannot give a complete picture for the forensics analysis when
the attacks are end. In addition, since there is no log information necessary
for analyzing an attack cause after the cyber incident occurs, it is difficult to
analyze the cause of an attack. In the network security field, a cyber intrusion
event denotes a case of attacking an information communication network and
a system associated with the information communication network in a way
such as hacking, a computer virus, a logic bomb, a mail bomb, and so on.
3.1 Traffic & Flow Information Gathering
It gathers the network traffic and flow data (e.g., Net flow), and send to the
forensics server. Network traffic capture may become the bottleneck of the
system when the traffic is huge, but the waiving of some traffic may result in
the losing of trace or evidence. The solution of the trade-off depends on the
burden of real time traffic. Developed a network interface card dealing with
10Gbps traffic without loss of traffic data. It may encode the entire packet
data, the flow data, and the PE file which are stored in the buffer as a file
having the PCAP format. It may also store the entire packet data, the flow
data, and the PE file, which are encoded by the encoding unit in units of a
file, as the preservation data.
9
11. 3.2 Transmitted File Reconstruction
Header analysis technology detects malwares based on the information of PE
header. There is lots of information in PE header for executing a file. When
a network packet is arrived, it is confirmed whether the packet includes a PE
file or not. If it is, then the packet is collected to reconstruct the PE file from
the packet payload. For reconstructing the correct file, the TCP reassemble
functionality has been implemented as well. Once a PE file is constructed,
the file is examined by header analysis technology.
3.3 Virtual Volume based Storage Manage-
ment
Virtual volume management is performed solely for the storage device. Stor-
ing the collected data provides several APIs to execute the traffic information
gathering module. The proposed system performs a function to provide the
integrity of the data when stored in the virtual volume storage to preserve the
collected data for the evidence of attacks. Moreover, the storage management
supports a write once read many (WROM) function.
Figure 3.1: Components of cyber blackbox and the data flows between them
10
12. Chapter 4
Network forensics tools and
services for incident response
Network forensics tools are investigative aids that can be useful immediately
after an incident, as network operations center (NOC) operators try to re-
spond to IDS alerts and contain damage. They can also be helpful long after
incidents for example, to determine whether a newly patched vulnerabil-
ity has already been compromised. Finally, network forensics can be used
to deliver evidence for human resources action or legal prosecution by recon-
structing activity to determine which systems were impacted, what regulated
data was lost or whether acceptable use policies were violated.
4.1 Reselling network forensic appliances
One way for security solution providers to capitalize on this network forensics
technology is by selling, installing, integrating and validating proper opera-
tion of network forensics appliances.
Network forensics requires capturing and storing very large traffic volumes
at line rate. This can be done by deploying dedicated ”recorders” at high-
visibility intersection(s) within the network to be monitored, using span ports
or taps.
4.2 Cyber forensics in today’s world
Cyber forensics has been in the popular mainstream for some time, and
has matured into an information-technology capability that is very common
among modern information security programs. The goal of cyber forensics
11
13. is to support the elements of troubleshooting, monitoring, recovery, and the
protection of sensitive data. Moreover, in the event of a crime being com-
mitted, cyber forensics is also the approach to collecting, analyzing, and
archiving data as evidence in a court of law.
Although scalable to many information technology domains, especially
modern corporate architectures, cyber forensics can be challenging when be-
ing applied to non-traditional environments, which are not comprised of cur-
rent information technologies or are designed with technologies that do not
provide adequate data storage or audit capabilities. In addition, further
complexity is introduced if the environments are designed using proprietary
solutions and protocols, thus limiting the ease of which modern forensic meth-
ods can be utilized. The legacy nature and somewhat diverse or disparate
component aspects of control systems environments can often prohibit the
smooth translation of modern forensics analysis into the control systems do-
main.
Compounded by a wide variety of proprietary technologies and protocols,
as well as critical system technologies with no capability to store significant
amounts of event information, the task of creating a ubiquitous and unified
strategy for technical cyber forensics on a control systems device or comput-
ing resource is far from trivial. To date, no direction regarding cyber forensics
as it relates to control systems has been produced other than what might be
privately available from commercial vendors. Current materials have been
designed to support event recreation (event-based), and although important,
these requirements do not always satisfy the needs associated with incident
response or forensics that are driven by cyber incidents.
4.3 Cyber Forensics Security Applications
While the intent of this article is to provide generalized advice to help
strengthen cyber security, it is useful to consider particular applications
where cyber security is needed. We now describe four of the most prescient
threats to cyber security: online identity theft, industrial cyber espionage,
critical infrastructure protection, and botnets.
4.3.1 Online Identity Theft
One key way in which malicious parties capitalize on Internet insecurity is
by committing online identity theft. Banks have made a strong push for
12
14. customers to adopt online services due to the massive cost savings compared
to performing transactions at physical branches. Yet the means of authen-
tication have not kept up. Banks have primarily relied on passwords to
identify customers, which miscreants can obtain by simple guessing or by
installing keystroke loggers that record the password as it is entered on a
computer. Another way to steal passwords takes advantage of the difficulties
in authenticating a bank to a consumer. Using a phishing attack, miscreants
masquerade as the customers bank and ask for credentials. Phishing sites
are typically advertised via spam email purporting to come from the bank.
Keystroke loggers can be installed using a more general rusefor instance,
fraudsters sent targeted emails to the payroll departments of businesses and
school districts with fake invoices attached that triggered installation of the
malicious software.1Once the banking credentials have been obtained, mis-
creants need a way to convert the stolen credentials to cash.
4.3.2 Industrial Cyber Espionage
The rise of the information economy has meant that the valuable property
of firms is increasingly Stored in digital form on corporate networks. This
has made it easier for competitors to remotely gain unauthorized access to
proprietary information. Such industrial espionage can be difficult to detect,
since simply reading the information does not affect its continued use by the
victim. Nonetheless, a few detailed cases of espionage have been uncovered.
In 2005, 21 executives at several large Israeli companies were arrested for hir-
ing private investigators to install spyware that stole corporate secrets from
competitors. In 2009, the hotel operator Starwood sued Hilton, claiming that
a Hilton manager electronically copied 100,000 Starwood documents, includ-
ing market research studies and a design for a new hotel brand. Researchers
at the Universities of Toronto and Cambridge uncovered a sophisticated spy
ring targeting the Tibetan government in exile (Information War Monitor
2009, Nagaraja and Anderson 2009).
4.3.3 Critical Infrastructure Protection
It is widely known that the process control systems that control critical infras-
tructures such as chemical refineries and the power grid are insecure. Why?
Protocols for communicating between devices do not include any authenti-
cation, which means that anyone that can communicate on these networks
is treated as legitimate. Consequently, these systems can be disrupted by
receiving a series of crafted messages. The potential for harm was demon-
strated by researchers at Idaho National Laboratory who remotely destroyed
13
15. a large diesel power generator by simply issuing SCADA commands. In order
to carry out an attack, the adversary needs to know quite a bit of specialist
knowledge about the obscure protocols used to send the messages, as well as
which combination of messages to select. She also needs access to the system.
This latter requirement is becoming easier for an attacker to meet due to the
trend over the past decade to indirectly connect these control systems to the
Internet. The main motivation for doing so is to ease remote administration.
14
16. Chapter 5
Cyber Forensics & Information
Security
As new technological innovations continue to proliferate in our society, so do
the opportunities for technology exploitation. Once a mere nuisance, hackers
now threaten private citizens, businesses, and government agencies.
Government and law enforcement agencies need skilled professionals who
can join the fight against cyber crime, cyber terrorism, identity theft, and
the exploitation of minors. Companies and other private sector organizations
need skilled professionals with both business acumen and technology skills
for recognizing and mitigating vulnerabilities.
Information is like the lifeblood for organizations of all sizes, types and
industry sectors. It needs to be managed and protected, and when there
is a breach or crime committed involving leaked or stolen information, the
perpetrators must be identified and prosecuted.
Cyber forensics, also called computer forensics or digital forensics, is the
process of extracting information and data from computers to serve as digital
evidence - for civil purposes or, in many cases, to prove and legally prosecute
cyber crime. With technology changing and evolving on a daily basis, cyber
forensic professionals must continually keep pace and educate themselves on
the new techniques to collect this data. They are tasked with being an expert
in forensic techniques and procedures, standards of practice, and legal and
ethical principles that will assure the accuracy, completeness and reliability
of the digital evidence.
15
17. 5.1 CCFP - Certified Cyber Forensics Pro-
fessional Certification
CCFP certification is a comprehensive, professional-level credential that vali-
dates experienced practitioners expertise in the field of cyber forensics, which
encompasses digital and computer forensics. It is the first certification avail-
able within the forensics discipline that reflects internationally accepted prac-
tices while accommodating the specific knowledge required by forensics pro-
fessionals at a national level.
16
18. Chapter 6
Conclusion
Cyber Black Box is constructed with two subsystems, CBS (Cyber Black Box
Sensor), CBM (Cyber Black Box Manager) and the roles for each subsystem
is to collect traffic and data by CBS and analyze collected data and informa-
tion by CBM. Since the intrusion cannot be avoided fully, the deployment
of intrusion forensics system is needed. As described above, in a related re-
search against a cyber-attack, since several months or more are expended
in only analyzing a cause of an intrusion event and there is no information
necessary for analyzing an attack cause, it is unable to know the cause of
attack even after the intrusion event occurs.
17
19. Chapter 7
References
1. Yangseo Choi and Joo-Young Lee, “Introduction to a Network Forensics
System for Cyber Incidents Analysis,”ICACT2016, Jan 2016.
2. M. Tanviruzzaman, S.I. Ahamed, C.S. Hasan, and C. Obrien, “ePet:
When Cellular Phone Learns to Recognize Its Owner,”Communications
of ACM, pp. 13-17, Nov. 2009.
3. Y. Ijiri, M. Sakuragi, and S. Lao, “Security Management for Mobile De-
vices by Face Recognition,”Electronics & Communication Engineering
Journal, pp. 49-55, May 2006.
4. H. A. Shabeer and P. Suganthi, “Mobile Phones Security Using Biomet-
rics,”Electronics & Communication Engineering Journal, pp. 270-272,
Dec. 2007.
5. A. K. Jain, A. Ross, S. Prabhakar, “An Introduction to biometric recog-
nition,”IEEE Transactions on Circuits and Systems for Video Technol-
ogy, 14(1):4-20, 2004.
6. G. Parziale, “Touchless fingerprinting technology,”Advances in biomet-
rics, 25-48, 2008.
7. Y. Adini, Y. Moses, S. Ullman, “Face recognition: the problem of
compensating for changes in illumination direction,”IEEE Transactions
on Pattern Analysis and Machine Intelligence, 19(7):721-732, 1997.
18
20. 8. National Science and Technology Council: Introduction to biometrics.
2007. http://www.biometrics.gov/documents/biofoundationdocs.pdf
9. A.K. Jain, A. Ross, S. Prabhakar, “Biometrics: a tool for informa-
tion security,”IEEE Transactions on Information Forensics and Secu-
rity, 1(2):125-143, 2006.
10. J.P. Campbell, “Speaker recognition: a tutorial,”Proceedings of the
IEEE, 85(9):1437-1462, 1997.
19