A secure routing process to simultaneously defend against false report and wo...ieijjournal
Most research related to secure routing in sensor networks has focused on how to detect and defend against a single attack. However, it is not feasible to predict which attack will occur in sensor networks. It is possible for multiple attacks to occur simultaneously, degrading the performance of the existing security schemes. For example, an attacker may try simultaneous false report and wormhole attacks to effectively damage a sensor network. Hence, a multiple simultaneous attack environment is much more complex than a single attack environment. Thus, a new security scheme that can detect multiple simultaneous attacks with a high probability and low energy consumption is needed. In this paper, we propose a secure routing scheme to defend against wormhole and false report attacks in sensor networks. The proposed method achieves a higher attack detection ratio and consumes less energy in a multi-attack scenario compared to existing schemes. It can also be extended to other types of attacks and security schemes to detect and defend against possible combinations of multiple attacks.
Limiting Self-Propagating Malware Based on Connection Failure Behavior csandit
Self-propagating malware (e.g., an Internet worm) exploits security loopholes in software to
infect servers and then use them to scan the Internet for more vulnerable servers. While the
mechanisms of worm infection and their propagation models are well understood, defense
against worms remains an open problem. One branch of defense research investigates the
behavioral difference between worm-infected hosts and normal hosts to set them apart. One
particular observation is that a worm-infected host, which scans the Internet with randomly
selected addresses, has a much higher connection-failure rate than a normal host. Rate-limit
algorithms have been proposed to control the spread of worms by traffic shaping based on
connection failure rate. However, these rate-limit algorithms can work properly only if it is
possible to measure failure rates of individual hosts efficiently and accurately. This paper points
out a serious problem in the prior method and proposes a new solution based on a highly
efficient double-bitmap data structure, which places only a small memory footprint on the
routers, while providing good measurement of connection failure rates whose accuracy can be
tuned by system parameters.
OpenFlow Security Threat Detection and Defense ServicesEswar Publications
The emergence of OpenFlow-capable switches de- couples control plane from the data flow plane so that they support programmable network and allow network administrators to have programmable central control of network traffic via a controller. The controller and its communication with switches and users become a malicious attack target. This paper explores major possible security threats and attacks on the controller of SDN and proposes a new approach to automatically and dynamically detect and monitor malicious behaviors on flow message passing and defend such attacks to ensure the security of SDN. We have built a FlowEye prototype at service level on Mininet API, and simulation tests are done on two feasible attacks on OpenFlow Beacon platform. The paper provides the feasibility study of such attacks and defense protection strategies in SDN security research..
Malware Risk Analysis on the Campus Network with Bayesian Belief NetworkIJNSA Journal
A security network management system is for providing clear guidelines on risk evaluation and assessment for enterprise networks. The threat and risk assessment is conducted to safeguard enterprise network services to maintain system confidentiality, integrity, and availability through effective control strategies. In this paper, based on our previous work in analyzing integrated information security management and malware propagation on the campus network through mathematical modelling, we proposed Bayesian Belief Network with inference level indicator to enable the decision maker to understand and provide appropriate mitigation decisions on the risks posed. We experimentally placed monitoring sensors on the campus network that gives the threat alert priority levels and magnitude on the vulnerable information assets. These methods will give a direction on the belief inferred due to malware prevalence on the information security assets for better understanding.
A secure routing process to simultaneously defend against false report and wo...ieijjournal
Most research related to secure routing in sensor networks has focused on how to detect and defend against a single attack. However, it is not feasible to predict which attack will occur in sensor networks. It is possible for multiple attacks to occur simultaneously, degrading the performance of the existing security schemes. For example, an attacker may try simultaneous false report and wormhole attacks to effectively damage a sensor network. Hence, a multiple simultaneous attack environment is much more complex than a single attack environment. Thus, a new security scheme that can detect multiple simultaneous attacks with a high probability and low energy consumption is needed. In this paper, we propose a secure routing scheme to defend against wormhole and false report attacks in sensor networks. The proposed method achieves a higher attack detection ratio and consumes less energy in a multi-attack scenario compared to existing schemes. It can also be extended to other types of attacks and security schemes to detect and defend against possible combinations of multiple attacks.
Limiting Self-Propagating Malware Based on Connection Failure Behavior csandit
Self-propagating malware (e.g., an Internet worm) exploits security loopholes in software to
infect servers and then use them to scan the Internet for more vulnerable servers. While the
mechanisms of worm infection and their propagation models are well understood, defense
against worms remains an open problem. One branch of defense research investigates the
behavioral difference between worm-infected hosts and normal hosts to set them apart. One
particular observation is that a worm-infected host, which scans the Internet with randomly
selected addresses, has a much higher connection-failure rate than a normal host. Rate-limit
algorithms have been proposed to control the spread of worms by traffic shaping based on
connection failure rate. However, these rate-limit algorithms can work properly only if it is
possible to measure failure rates of individual hosts efficiently and accurately. This paper points
out a serious problem in the prior method and proposes a new solution based on a highly
efficient double-bitmap data structure, which places only a small memory footprint on the
routers, while providing good measurement of connection failure rates whose accuracy can be
tuned by system parameters.
OpenFlow Security Threat Detection and Defense ServicesEswar Publications
The emergence of OpenFlow-capable switches de- couples control plane from the data flow plane so that they support programmable network and allow network administrators to have programmable central control of network traffic via a controller. The controller and its communication with switches and users become a malicious attack target. This paper explores major possible security threats and attacks on the controller of SDN and proposes a new approach to automatically and dynamically detect and monitor malicious behaviors on flow message passing and defend such attacks to ensure the security of SDN. We have built a FlowEye prototype at service level on Mininet API, and simulation tests are done on two feasible attacks on OpenFlow Beacon platform. The paper provides the feasibility study of such attacks and defense protection strategies in SDN security research..
Malware Risk Analysis on the Campus Network with Bayesian Belief NetworkIJNSA Journal
A security network management system is for providing clear guidelines on risk evaluation and assessment for enterprise networks. The threat and risk assessment is conducted to safeguard enterprise network services to maintain system confidentiality, integrity, and availability through effective control strategies. In this paper, based on our previous work in analyzing integrated information security management and malware propagation on the campus network through mathematical modelling, we proposed Bayesian Belief Network with inference level indicator to enable the decision maker to understand and provide appropriate mitigation decisions on the risks posed. We experimentally placed monitoring sensors on the campus network that gives the threat alert priority levels and magnitude on the vulnerable information assets. These methods will give a direction on the belief inferred due to malware prevalence on the information security assets for better understanding.
Self-propagating malware (e.g., an Internet worm) exploits security loopholes in software to infect servers and then use them to scan the Internet for more vulnerable servers. While the mechanisms of worm infection and their propagation models are well understood, defense against worms remains an open problem. One branch of defense research investigates the behavioral difference between worm-infected hosts and normal hosts to set them apart. One particular observation is that a worm-infected host, which scans the Internet with randomly selected addresses, has a much higher connection-failure rate than a normal host. Rate-limit algorithms have been proposed to control the spread of worms by traffic shaping based on connection failure rate. However, these rate-limit algorithms can work properly only if it is possible to measure failure rates of individual hosts efficiently and accurately. This paper points out a serious problem in the prior method. To address this problem, we first propose a solution based on a highly efficient double-bitmap data structure, which places only a small memory footprint on the routers, while providing good measurement of connection failure rates whose accuracy can be tuned by system parameters. Furthermore, we propose another solution based on shared register array data structure, achieving better memory efficiency and much larger estimation range than our double-bitmap solution.
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysisijceronline
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
X-ware: a proof of concept malware utilizing artificial intelligenceIJECEIAES
Recent years have witnessed a dramatic growth in utilizing computational intelligence techniques for various domains. Coherently, malicious actors are expected to utilize these techniques against current security solutions. Despite the importance of these new potential threats, there remains a paucity of evidence on leveraging these research literature techniques. This article investigates the possibility of combining artificial neural networks and swarm intelligence to generate a new type of malware. We successfully created a proof of concept malware named X-ware, which we tested against the Windows-based systems. Developing this proof of concept may allow us to identify this potential threat’s characteristics for developing mitigation methods in the future. Furthermore, a method for recording the virus’s behavior and propagation throughout a file system is presented. The proposed virus prototype acts as a swarm system with a neural network-integrated for operations. The virus’s behavioral data is recorded and shown under a complex network format to describe the behavior and communication of the swarm. This paper has demonstrated that malware strengthened with computational intelligence is a credible threat. We envisage that our study can be utilized to assist current and future security researchers to help in implementing more effective countermeasures.
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKSIJSRD
The advent of mobile smart phones has led to a surge in numerous applications with a lot of network traffic. This in turn leads to signal storm attacks from malicious users, who disrupt the system by creating signaling storms. Malware attacks are quickly becoming a major security concern due to the advent of smart mobile devices and the increasing capacity and use of mobile networks for Internet access. The increasing number of host mobile malware adds to the problem. The infected devices cause a cascading effect creating signaling and network disruptions both deliberately and also due to malicious attacks. A signaling storm is one where the users are denied service by making huge attacks on the resources of the system either directly or indirectly taking control of other nodes in the network and sending huge amounts of request signals. This causes flooding, identity problems, injection attacks etc. The purpose is to detect such signaling storms in the first place. Next using the proposed hybrid Radio Resource protocol such attacks should be blocked and the malicious node should be removed from the network. The revocation will show sufficient congestion relief in the network traffic.
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENTIJNSA Journal
With the growing deployment of host-based and network-based intrusion detection systems in increasingly
large and complex communication networks, managing low-level alerts from these systems becomes
critically important. Probes of multiple distributed firewalls (FWs), intrusion detection systems (IDSs) or
intrusion prevention systems (IPSs) are collected throughout a monitored network such that large series of
alerts (alert streams) need to be fused. An alert indicates an abnormal behavior, which could potentially be
a sign for an ongoing cyber attack. Unfortunately, in a real data communication network, administrators
cannot manage the large number of alerts occurring per second, in particular since most alerts are false
positives. Hence, an emerging track of security research has focused on alert correlation to better identify
true positive and false positive. To achieve this goal we introduce Mission Oriented Network Analysis
(MONA). This method builds on data correlation to derive network dependencies and manage security
events by linking incoming alerts to network dependencies.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENTIJNSA Journal
With the growing deployment of host-based and network-based intrusion detection systems in increasingly large and complex communication networks, managing low-level alerts from these systems becomes critically important. Probes of multiple distributed firewalls (FWs), intrusion detection systems (IDSs) or intrusion prevention systems (IPSs) are collected throughout a monitored network such that large series of alerts (alert streams) need to be fused. An alert indicates an abnormal behavior, which could potentially be a sign for an ongoing cyber attack. Unfortunately, in a real data communication network, administrators cannot manage the large number of alerts occurring per second, in particular since most alerts are false positives. Hence, an emerging track of security research has focused on alert correlation to better identify true positive and false positive. To achieve this goal we introduce Mission Oriented Network Analysis (MONA). This method builds on data correlation to derive network dependencies and manage security events by linking incoming alerts to network dependencies.
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
This paper deals with the inevitable consequence of the convenience and efficiency we benefit from the open, networked control system operation of safety-critical applications: vulnerability to such system from cyber-attacks. Even with numerous metrics and methods for intrusion detection and mitigation strategy, a complete detection and deterrence of internal code flaws and outside cyber-attacks has not been found and would not be found anytime soon. Considering the ever incompleteness of detection and prevention and the impact and consequence of mal-functions of the safety-critical operations caused by cyber incidents, this paper proposes a new computer control system architecture which assures resiliency even under compromised situations. The proposed architecture is centered on diversification of hardware systems and unidirectional communication from the proposed system in alerting suspicious activities to upper layers. This paper details the architectural structure of the proposed cyber defensive computer control system architecture for power substation applications and its validation in lab experimentation and on a cybersecurity testbed.
FLOODING ATTACKS DETECTION OF MOBILE AGENTS IN IP NETWORKScsandit
This paper deals with detection of flooding attacks which are the most common type of Denial of Service (DoS) attacks in a Mobile Agent World. We propose a new framework for the detection of flooding attacks by integrating Divergence measures over Sketch data structure. The performance of the proposed framework is investigated in terms of detection probability and false alarm ratio. We focus on tuning the parameter of Divergence Measures to optimize the performance. We conduct performance analysis over publicly available real IP traces, in Mobile Agent Network, integrated with flooding attacks. Our analysis results prove that our proposed algorithm outperforms the existing solutions.
Online Intrusion Alert Aggregation with Generative Data Stream ModelingIJMER
Online intrusion alert aggregation with generative data stream modeling is a approach which uses generative modeling. It also use a method called as probabilistic methods. It can be assume that instances of an attack is similar as a process may be a random process which is producing alerts. This paper aims at collecting and modeling these attacks on some similar parameters, so that attack from beginning to completion can be identified. This collected and modeled alerts is given to security
personnel to estimate conclusion and take relative action. With some data sets, we show that it is easy to
deduct number of alerts and count of missing meta alerts is also extremely low. Also we demonstrate that generation of meta alerts having delay of only few seconds even after
first alert is produced already.
Self-propagating malware (e.g., an Internet worm) exploits security loopholes in software to infect servers and then use them to scan the Internet for more vulnerable servers. While the mechanisms of worm infection and their propagation models are well understood, defense against worms remains an open problem. One branch of defense research investigates the behavioral difference between worm-infected hosts and normal hosts to set them apart. One particular observation is that a worm-infected host, which scans the Internet with randomly selected addresses, has a much higher connection-failure rate than a normal host. Rate-limit algorithms have been proposed to control the spread of worms by traffic shaping based on connection failure rate. However, these rate-limit algorithms can work properly only if it is possible to measure failure rates of individual hosts efficiently and accurately. This paper points out a serious problem in the prior method. To address this problem, we first propose a solution based on a highly efficient double-bitmap data structure, which places only a small memory footprint on the routers, while providing good measurement of connection failure rates whose accuracy can be tuned by system parameters. Furthermore, we propose another solution based on shared register array data structure, achieving better memory efficiency and much larger estimation range than our double-bitmap solution.
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysisijceronline
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
X-ware: a proof of concept malware utilizing artificial intelligenceIJECEIAES
Recent years have witnessed a dramatic growth in utilizing computational intelligence techniques for various domains. Coherently, malicious actors are expected to utilize these techniques against current security solutions. Despite the importance of these new potential threats, there remains a paucity of evidence on leveraging these research literature techniques. This article investigates the possibility of combining artificial neural networks and swarm intelligence to generate a new type of malware. We successfully created a proof of concept malware named X-ware, which we tested against the Windows-based systems. Developing this proof of concept may allow us to identify this potential threat’s characteristics for developing mitigation methods in the future. Furthermore, a method for recording the virus’s behavior and propagation throughout a file system is presented. The proposed virus prototype acts as a swarm system with a neural network-integrated for operations. The virus’s behavioral data is recorded and shown under a complex network format to describe the behavior and communication of the swarm. This paper has demonstrated that malware strengthened with computational intelligence is a credible threat. We envisage that our study can be utilized to assist current and future security researchers to help in implementing more effective countermeasures.
PROTOCOL ANALYSIS TO PREVENT STORM ATTACKS IN 3G MOBILE NETWORKSIJSRD
The advent of mobile smart phones has led to a surge in numerous applications with a lot of network traffic. This in turn leads to signal storm attacks from malicious users, who disrupt the system by creating signaling storms. Malware attacks are quickly becoming a major security concern due to the advent of smart mobile devices and the increasing capacity and use of mobile networks for Internet access. The increasing number of host mobile malware adds to the problem. The infected devices cause a cascading effect creating signaling and network disruptions both deliberately and also due to malicious attacks. A signaling storm is one where the users are denied service by making huge attacks on the resources of the system either directly or indirectly taking control of other nodes in the network and sending huge amounts of request signals. This causes flooding, identity problems, injection attacks etc. The purpose is to detect such signaling storms in the first place. Next using the proposed hybrid Radio Resource protocol such attacks should be blocked and the malicious node should be removed from the network. The revocation will show sufficient congestion relief in the network traffic.
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENTIJNSA Journal
With the growing deployment of host-based and network-based intrusion detection systems in increasingly
large and complex communication networks, managing low-level alerts from these systems becomes
critically important. Probes of multiple distributed firewalls (FWs), intrusion detection systems (IDSs) or
intrusion prevention systems (IPSs) are collected throughout a monitored network such that large series of
alerts (alert streams) need to be fused. An alert indicates an abnormal behavior, which could potentially be
a sign for an ongoing cyber attack. Unfortunately, in a real data communication network, administrators
cannot manage the large number of alerts occurring per second, in particular since most alerts are false
positives. Hence, an emerging track of security research has focused on alert correlation to better identify
true positive and false positive. To achieve this goal we introduce Mission Oriented Network Analysis
(MONA). This method builds on data correlation to derive network dependencies and manage security
events by linking incoming alerts to network dependencies.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENTIJNSA Journal
With the growing deployment of host-based and network-based intrusion detection systems in increasingly large and complex communication networks, managing low-level alerts from these systems becomes critically important. Probes of multiple distributed firewalls (FWs), intrusion detection systems (IDSs) or intrusion prevention systems (IPSs) are collected throughout a monitored network such that large series of alerts (alert streams) need to be fused. An alert indicates an abnormal behavior, which could potentially be a sign for an ongoing cyber attack. Unfortunately, in a real data communication network, administrators cannot manage the large number of alerts occurring per second, in particular since most alerts are false positives. Hence, an emerging track of security research has focused on alert correlation to better identify true positive and false positive. To achieve this goal we introduce Mission Oriented Network Analysis (MONA). This method builds on data correlation to derive network dependencies and manage security events by linking incoming alerts to network dependencies.
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
This paper deals with the inevitable consequence of the convenience and efficiency we benefit from the open, networked control system operation of safety-critical applications: vulnerability to such system from cyber-attacks. Even with numerous metrics and methods for intrusion detection and mitigation strategy, a complete detection and deterrence of internal code flaws and outside cyber-attacks has not been found and would not be found anytime soon. Considering the ever incompleteness of detection and prevention and the impact and consequence of mal-functions of the safety-critical operations caused by cyber incidents, this paper proposes a new computer control system architecture which assures resiliency even under compromised situations. The proposed architecture is centered on diversification of hardware systems and unidirectional communication from the proposed system in alerting suspicious activities to upper layers. This paper details the architectural structure of the proposed cyber defensive computer control system architecture for power substation applications and its validation in lab experimentation and on a cybersecurity testbed.
FLOODING ATTACKS DETECTION OF MOBILE AGENTS IN IP NETWORKScsandit
This paper deals with detection of flooding attacks which are the most common type of Denial of Service (DoS) attacks in a Mobile Agent World. We propose a new framework for the detection of flooding attacks by integrating Divergence measures over Sketch data structure. The performance of the proposed framework is investigated in terms of detection probability and false alarm ratio. We focus on tuning the parameter of Divergence Measures to optimize the performance. We conduct performance analysis over publicly available real IP traces, in Mobile Agent Network, integrated with flooding attacks. Our analysis results prove that our proposed algorithm outperforms the existing solutions.
Online Intrusion Alert Aggregation with Generative Data Stream ModelingIJMER
Online intrusion alert aggregation with generative data stream modeling is a approach which uses generative modeling. It also use a method called as probabilistic methods. It can be assume that instances of an attack is similar as a process may be a random process which is producing alerts. This paper aims at collecting and modeling these attacks on some similar parameters, so that attack from beginning to completion can be identified. This collected and modeled alerts is given to security
personnel to estimate conclusion and take relative action. With some data sets, we show that it is easy to
deduct number of alerts and count of missing meta alerts is also extremely low. Also we demonstrate that generation of meta alerts having delay of only few seconds even after
first alert is produced already.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
Safalta Digital marketing institute in Noida, provide complete applications that encompass a huge range of virtual advertising and marketing additives, which includes search engine optimization, virtual communication advertising, pay-per-click on marketing, content material advertising, internet analytics, and greater. These university courses are designed for students who possess a comprehensive understanding of virtual marketing strategies and attributes.Safalta Digital Marketing Institute in Noida is a first choice for young individuals or students who are looking to start their careers in the field of digital advertising. The institute gives specialized courses designed and certification.
for beginners, providing thorough training in areas such as SEO, digital communication marketing, and PPC training in Noida. After finishing the program, students receive the certifications recognised by top different universitie, setting a strong foundation for a successful career in digital marketing.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Normal Labour/ Stages of Labour/ Mechanism of LabourWasim Ak
Normal labor is also termed spontaneous labor, defined as the natural physiological process through which the fetus, placenta, and membranes are expelled from the uterus through the birth canal at term (37 to 42 weeks
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
A Study On Countermeasures Against Computer Virus Propagation Using An Agent-Based Approach
1. A Study on Countermeasures against Computer
Virus Propagation Using an Agent-based Approach
Masayuki Ishinishi^, Hideki Tanuma^, and Hiroshi Deguchi^
^ C4 Systems Division, Air Staff Office, Japan Defense Agency, 5-1
Ichigaya-Honmura, Shinjuku, Tokyo 162-8804, Japan, ishinishi@fw.ipsj.or.jp
^ Interdisciphnary Graduate School of Science and Engineering, Tokyo Institute of
Technology, 4259 Nagatsuta, Midori, Yokohama 226-8502, Japan,
tanuma@cs.dis.titech.ac.jp, deguchi@dis.titech.ac.jp
Summary. An increase of computer viruses in recent years caused big damage on the
Internet or intranet in public offices and enterprises. The damage influences at the
life of the people and becomes serious problems. This paper aims to study anti-virus
policies to limit damage of network system from aspects of network operation. The
authors propose a diffusion model of computer viruses using agent-based approach
and clarify diffusion phenomena by simulations. They also consider countermeasures
against computer virus propagation by means of aforesaid method.
Key words, computer virus propagation, agent-based approach, SOARS
1 Introduction
The recent prevalence of computer viruses that infect by merely connection into
the Internet has given companies and government and other public offices major
damages (IPA 2005). Though some information systems have been prevented from
computer virus infection by means of closed network isolated from the Internet,
the epidemic occurred since an infected laptop computer was brought into such
closed network. The outbreak triggered the realization of the importance of security
measures.
There are many studies focused on the similarities between contagious dis-
eases and computer viruses, the spreading of computer viruses is mainly analyzed
based on the propagation model of contagious diseases (Sengoku 1996)(Okamoto
2001)(Hayashi 2004). However, There are few studies considered users, system man-
agers, and the effect of personnel's operation and individual persons' behaviors on
protection from spreading.
Thus, this research aims to examine the protective measures that minimize the
damage in case of spreading computer virus infection within the Intranet of organiza-
tions mainly in operational aspects. This study reports the results from the analysis
of a spreading phenomenon of a computer virus through the simulation by using
the agent-based approach. The agent-based approach is suitable for description of
issues in an analysis of effects on the whole system. The authors employ SOARS
(Spot Oriented Agent Role Simulator), which uses the features of interactions as the
2. 90 Networks
simulation environment for the analysis of the spreading phenomenon of computer
viruses (Deguchi 2004).
2 Simulation Process based on SOARS
SOARS equips the declarative script language, which describes the action role
of agents, and the procedural action sequence control, which is based on the concept
called "stage" that possesses causal sequences. In SOARS, the location in which
agents move and interact is called "spot," which consists of the objects indicating
the state as shown in Fig.l. The dynamic control con guration of SOARS consists
of "step," which shows the unit of spreading time on simulations and "stage," which
indicates the causal sequences within a step. The time is indicated in discrete time.
There are nine stages in our model. " Set-up Stage" means set-up of agents and
spots. "Moving Stage" means the movement of agents between spots. "Internet In-
fection Stage" means the computer viral infection on the Internet. "LAN Infection
Stage" means the computer viral infection in LAN. "WAN Infection Stage" means
the computer viral infection in WAN. "Symptom Stage" means the destruction of
data by the infected computer by the computer virus. "Detecting and Notifying
Stage" means the detection of the computer viral infection and noti cation to other
users and managers. "Disconnected Stage" means the disconnection from the net-
work. " Countermeasure Stage" means the adopting of security patches.
Fig. 1. Simulation Processes Based on ^.^ ^ Hypothetical Network.
SOARS.
3 Simulation Model
3.1 Modeling of Network
This research deals with the Intranet and Internet. The Intranet which consists of
LAN and WAN refers to the closed environment without the Internet connection as
summarized in Fig.2. The network is considered as spot, and computers are regarded
as agents. The connection of computers to the network is indicated by the existence
of agents in a spot. If the agent exists in the Disconnected Spot, the computer is
disconnected and in stand-alone. Also, if it exists in the LAN Spot, the computer is
connected to LAN. If the agent exists in the WAN Spot, the computer is connected
3. A Study on Countermeasures against Computer Virus Propagation Using an Agent-Based Approach 91
Fig. 3. Modeling of Network. Fig. 4. Computer Virus Infection State.
to WAN. If the agent exists in the Internet Spot, the computer is connected to the
Internet.
Using the spot structure of SOARS, the network structure in Fig.2 can be illus-
trated as that in Fig.3. For example, when user (a) connects a desktop computer
to the network using WAN, exchanges data, and disconnects the network, an agent
performs the following operations within the same step in the simulation: (1) it con-
nects with the network by moving from the Disconnected Spot to the LAN Spot
and exchanges data with the computers in the LAN, (2) by moving from the LAN
Spot to the WAN Spot, it exchanges data with the computers in the WAN network,
(3) it disconnects itself from the network by moving from the WAN Spot to the
Disconnected Spot.
3.2 State of Computer
The state of computer is categorized into three: state of viral infection, state of
data, and state of OS. The details are summarized in Fig.4.
In the state of computer viral infection, we employ SIR model as well as previous
studies.
In terms of the state of data, there are two states: "Normal" and "Crashed."
In the Symptom stage, when a computer changes from the "Susceptible" to "In-
fected" and the computer virus develops with probability Pi the state changes from
"Normal" to "Crashed."
The state of OS is divided into "Normal" and "BreakDown." In the Counter-
measure Stage, when a computer is in "Susceptible" or "Infected" state, by adopting
security patches, a breakdown of the system due to the adverse effect of the security
patches takes place with probability P2, and the state of OS changes from "Normal"
to "BreakDown."
3.3 State of Computer Viruses
The computer virus with which our research deals is a computer worm, and it
is infected when an infected computer by the virus connects to the network with
which another computer that possesses vulnerability to the computer virus is con-
nected. On the LAN, WAN, and Internet, a computer virus spreads from "Infected"
4. 92 Networks
computer to a "Susceptible" one in the Infection stages. A virus is infected to one of
the "Susceptible" computers connected with the same Spot as summarized in Fig.5.
When the infecting behavior of a computer virus is illustrated with the spot ori-
entation model, the computer virus is considered as a change in an internal attribute
of an agent, namely the computer.
Fig. 5. Modeling of Computer Virus Infection.
4 Simulation
The simulation in this study is to analyze how a computer virus spreads over
when an infected terminal is connected to a closed Intranet and what effects coun-
termeasures by disconnecting the network and adopting security patches have on
the protection of the information system.
The authors consider a network in which LAN with 100 nodes is connected to
WAN as shown in Fig.2. Within the LAN nodes, there are 100 computers, and in
the initial condition, it is assumed that one terminal in the whole network is infected
by a computer virus.
When symptoms emerge, the probability of detection of the computer virus by
the terminal user is designated as 100 % because the symptoms appear on the
computer screen and they can apparently be found. Furthermore, the probability
of the detection at the time of infection is set as 50 %, given the user's condition
in installation of antivirus software and the user's reaction to the message from the
antivirus software. Also the probability that the terminal user noti es another when
having a computer with an infected or a symptom and that another user takes a
countermeasure when receiving the alert is set 50 %. Pi is set 1% and P2 is set 0.5%.
Furthermore, the scenario for the countermeasures against the spreading of a
computer virus should be considered. The scenario is divided into the following
four: (1) how to detect the computer virus, (2) how a user alerts another when
the terminal is infected or has a symptom, (3) how to disconnect the network to
minimize the damage, and (4) which computers to adopt the extermination/security
patches of the computer virus. The details are shown in Tablel.
The conditions of simulation are prepared for forty major combinations of the
scenarios.
5. A Study on Countermeasures against Computer Virus Propagation Using an Agent-Based Approach 93
Table 1. Simulation Scenario
Category
Detection
Alerting
Disconnection
Target of Ex-
termination
Option
Only Terminal with
Symptoms
Infected Terminal
Neighborhood Alert
Alert m LAN Nodes
Alert to All
Terminal
Discon-
nection
Terminal
with
Symptoms
Infected
Terminal
All Com-
puters
Nodes Disconnection
Terminal with Symp-
toms
Infected Terminal
All Computers
Note
Detect only the terminal with symptoms.
Detect the terminal infected by a computer
virus.
Select and alert one user in the same LAN
nodes randomly.
Alert all users in the same LAN nodes.
Alert all users connected to the WAN.
Only terminal with symptoms is discon-
nected and becomes in the stand-alone.
Terminal infected by a computer virus is
disconnected and becomes in the stand-
alone.
All computers in the LAN nodes are dis-
connected and become in the stand-alone.
The connection point from LAN nodes to
WAN is disconnected.
Exterminate the computer virus and apply
security patches to only the terminal with
symptoms.
Exterminate the computer virus and apply
security patches to the computers infected
by a computer virus.
Apply security patches to all computers.
5 Simulation Results
The conditions of simulation can be classi ed into six groups as a result of simu-
lation. The rst group includes following cases: (a) to do nothing, (b) disconnection
of the terminal after the detection of infected or attacked terminal, (c) disconnec-
tion of the neighbor terminal after the detection of infected or attacked terminal.
The second group includes following cases: (a) extermination of the terminal after
the detection of infected or attacked terminal, (b) extermination of the neighbor
terminal after the detection of attacked terminals. The third group only consists of
extermination of the terminal after the detection of infected or attacked terminal.
The fourth group also consists of extermination of all the terminals in the LAN after
the detection of infected or attacked terminals. The fth group includes following
cases: (a) disconnection of all the terminals include infected or attacked terminal in
the same LAN after the detection of infected or attacked terminal, (b) disconnection
of all the LAN nodes after the detection of infected or attacked terminal, The six
group only consists of extermination of all the terminals in WAN after the detection
of infected terminals.
6. 94 Networks
Groupli~^^-< *^™"P 2 Group 5
Group 6 ^^v^ /
201 251 301 351 401 451
Step
1 51 101 151 201 251 301 351 401 451 501
Step
Fig. 6. The Number of Infected Comput- Fig. 7. The Number of Available Com-
ers, puters.
Fig.6 shows the change in the number of infected computers, and Fig.7 shows
the change in the number of available computers; the horizontal axis represents time
(step), and the vertical represents the number of the computers.
In the rst group, the number of infected computers increases, and the number of
available computers decreases because the virus spreads and develops its symptoms
before disconnection of terminals.
In the second group, although the number of infected computers decreases with
time after an increase at the beginning, the number of available computers decreases
as well as the rst group.
As a cause for this effect, it can be pointed out that the countermeasures cannot
be in time for the solution because the adoption of the extermination and security
patches keeps falhng behind the spreading out (infection) of the computer virus, and
at the time of the extermination of the virus, the expansive infection among other
computers has already begun.
In the third group, however, the countermeasures are taken before the spreading
of infection of the virus, and the extermination and security patches are performed
before the virus develops its symptoms; the promptness can maintain the number
of the available computers.
In the fourth group, the number of the available computers maintains since the
countermeasures are taken before the infection and development of the symptoms
of the computer virus and the infection does not spread out. This group is identi ed
in case of that the user of the terminal with infection or symptoms alerts all other
users in the LAN network, and this group shows even more immediate counter-
measures than these in the third group whose case is that the user noti es merely
neighborhood.
In fth group, the user of the terminal with infection or symptoms noti es or
alerts all other users in the LAN or Computer Security Incident Response Team
(CSIRT), and the LAN nodes are separated from the WAN.
In these cases, although the extermination and security patches are not per-
formed, by disconnecting the LAN nodes, the further spreading outside the LAN
with the symptoms can be stopped, and in this way, the spreading of the infection
can be minimized without the extermination measure.
The sixth group includes the cases in which the user of the terminal with infection
or symptoms noti es the CSIRT, and through the alert from the CSIRT, all terminal
users take countermeasures such as adopting the extermination and security patches.
In these cases, whether or not the LAN nodes are separated from the WAN,
all users can promptly take the countermeasures immediately after the detection of
7. A Study on Countermeasures against Computer Virus Propagation Using an Agent-Based Approach 95
infection or symptoms, so early extermination measures are possible, and the spread
and development of the symptoms of the computer virus cease with rare cases of
emergence.
6 Discussion
6.1 How to Detect Infection and Send Virus Alert
In the simulation, the probability of countermeasure-taking of the users when
they detect or receive the virus alert is set as 50%. This probability can be considered
the extent to which the users receive the security education. From the result of the
simulation, making sure to notify the managers, CSIRT etc. so that they can take the
countermeasures at the organizational level is more effective to prevent the spreading
of the computer virus than individual users' countermeasures.
6.2 The Effective Extermination Method for Computer Virus
The result of the simulation shows that it is difficult to protect the system merely
by detecting the terminal with symptoms. Especially, the small-scale countermea-
sures such as alerting only the neighborhood are ineffective in exterminating the
computer virus.
Moreover, as for the target of the terminal disconnection, disconnecting only the
computers with infection or symptoms causes the further expansion of the computer
virus because it begins spreading before being detected. Thus, a large-scale measure
such as disconnecting the LAN nodes before the virus spreads into other LAN is
needed.
Chen et al. note that the area in which the users take countermeasures needs
to expand more quickly than the computer virus spreads in order to prevent the
spreading of the computer virus (Chen 2004). More speci cally, users, when they
detect a viral infection, should never take countermeasures by themselves, but in-
stead they must notify the CSIRT so that all users can share the information and
take the countermeasures at the organizational level. Needless to say, the CSIRT
must direct the users to disconnect their computers immediately from the network
and exterminate the computer virus when they are noti ed.
6.3 The Countermeasures for Unknown Computer Virus
As described above, a small-scale countermeasure such as alerting the neighbor-
hood within the LAN is insufficient for the prevention from the spreading of the
computer virus, and in doing so, the virus is highly likely to spread to the whole
area.
Therefore, the authors propose countermeasures for an unknown virus as follows.
First, when a user noti es the CSIRT immediately after detecting the infection or
symptoms, the CSIRT receiving the alert directs the manager of the LAN to dis-
connect the connection point between the LAN and WAN to prevent the virus from
spreading further. Then the manager disconnects the nodes close to the computers.
When recovering the network, to con rm the infection state of the computers,
to disconnect the infected computers, and to reconnect only the networks without
infection are the necessary procedures.
8. 96 Networks
7 Conclusion
This research suggests the propagation model based on the agent-based approach
to investigate the operational countermeasures for computer worms. It also exam-
ines, by using simulation, the effects of different countermeasures in disconnecting
infected computers and user's alerting on the minimization of the damage.
The analysis of the simulation suggests effective countermeasures. These include:
(1) a computer virus spreads throughout when a user detects the viral infection and
takes a temporary countermeasure, (2) in order to take a countermeasure more
quickly than the expansion of the virus, when the virus is detected, the global virus
alert is needed, (3) immediately after the detection, the LAN nodes close to the
WAN need to be disconnected rather than those close to computers.
Furthermore, the results show that it is necessary to ensure that the users no-
tify the manager, CSIRT and alike so that they can take countermeasures at the
organizational level before the users take countermeasures for their own computers.
It is also found that the global expansion of an unknown virus can be prevented
by appropriate disconnecting operation of the network, even if there is no revision
program for the unknown virus. Since the discussion of this research is limited
to the simple network structure and computer worm, further research is needed to
investigate the methods of predicting the expansion of computer viruses and effective
countermeasures with the actual network structure taken into consideration.
References
Information Technology Promotion Agency, Japan (2005) Computer Virus Incident
Reports, http://www.ipa.go.jp/security/english/virus/press/200504/virus200504-
e.html
Sengoku,Y., Okamoto,E., Mambo,M., Uematsu,T. (1996) Analysys of Infection
and Distinction of Computer Viruses in Computer Networks, 1996 International
Symposium on Information Theory and Its Applications Vol.2, pp.163 166
Sengoku, Y., Okamoto, E., Mambo, M., Uematsu, T. (1996) Analysys of Infection
and Distinction of Computer Viruses in Computer Networks, 1996 International
Symposium on Information Theory and Its Applications, Vol.2, pp. 163-166
Okamoto, T., Ishida, Y. (2001) The analysis of diffusion model of computer
viruses via email. Transaction of the Institute of Electronics, Information and
Communication Engineers, D-1, Vol. J84-D-I, No. 5, pp. 474-482 (in Japanese)
Hayashi, Y. (2004) Epidemic SIR dynamics on scale-free networks, Proc. of
International Symposium on Dynamical Systems Theory and Its Applications
to Biology and Environmental Sciences, pp. 79.
Deguchi, H., Tanuma, H., Shimizu, T. (2004) SOARS: Spot oriented agent role
simulator-Design and agent bgised dynamical system. Proceedings of the Third
International Workshop on Agent-based Approaches in Economic and Social
Complex Systems (AESCS '04), pp. 49-56
Chen, L., Carley, KM. (2004) The impact of countermeasure spreading on the
propagation of computer viruses. IEEE Transactions on Systems, Man and
Cybernetics-Part B: Cybernetics, Vol. 34, No. 2, pp. 823-833.
View publication stats
View publication stats