This document summarizes a research paper about implementing self-healing mechanisms to protect against control flow attacks in wireless sensor networks. The paper proposes an access control scheme that can detect attempts to alter the control flow of sensor applications and then recover the sensor data. It processes application code at the machine instruction level rather than analyzing source code. The implementation shows that the self-healing scheme is lightweight and can effectively protect sensor applications from control flow attacks by enforcing access control, providing self-healing recovery, and diversifying code images across sensors.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
This paper deals with the inevitable consequence of the convenience and efficiency we benefit from the open, networked control system operation of safety-critical applications: vulnerability to such system from cyber-attacks. Even with numerous metrics and methods for intrusion detection and mitigation strategy, a complete detection and deterrence of internal code flaws and outside cyber-attacks has not been found and would not be found anytime soon. Considering the ever incompleteness of detection and prevention and the impact and consequence of mal-functions of the safety-critical operations caused by cyber incidents, this paper proposes a new computer control system architecture which assures resiliency even under compromised situations. The proposed architecture is centered on diversification of hardware systems and unidirectional communication from the proposed system in alerting suspicious activities to upper layers. This paper details the architectural structure of the proposed cyber defensive computer control system architecture for power substation applications and its validation in lab experimentation and on a cybersecurity testbed.
Alert Analysis using Fuzzy Clustering and Artificial Neural NetworkIJRES Journal
Intrusion Detection System (IDS) is used to supervise all tricks which are running on particular machine or network. Also it will give you alert regarding to any attack. However now a day’s these alerts are very large in amount. It is very complicated to examine these attacks. We intend a time and space based alert analysis technique which can strap related alerts without surroundings knowledge and provide attack graph to help the administrator to understand the attack on host or network steps wise clearly and fittingly for analysis. A threat evaluation is given to discover out the most treacherous attack, which decrease administrator’s time and energy in calculating huge amount of alerts. We are analyzing the network traffic in form of attack using Entity Threat Evaluation (ETE) which find out which particular host is attacked, Gadget Threat Evaluation (GTE) which tells us within that host which device is attacked, Network Threat Evaluation (NTE) which tells us which network is attacked, Hit Threat Evaluation (HTE) by giving input as dataset of attack. Main idea is that the distribution of different types of attacks is not balanced. The attacks which are not repeatedly occurs, the learning sample size is too small as compared to high-frequent attacks. It makes Artificial Neural Network (ANN) not easy to become skilled at the characters of these attacks and therefore detection precision is much worse. To solve such troubles, we propose a new technique for ANN-based IDS, Fuzzy Clustering (FC-ANN), to enhance the detection precision for low-frequent attacks and detection stability.
Intrusion Detection System - False Positive Alert Reduction TechniqueIDES Editor
Intrusion Detection System (IDS) is the most
powerful system that can handle the intrusions of the computer
environments by triggering alerts to make the analysts take
actions to stop this intrusion, but the IDS is triggering alerts
for any suspicious activity which means thousand alerts that
the analysts should take care of it. IDS generate a large
number of alerts and most of them are false positive as the
behavior construe for partial attack pattern or lack of
environment knowledge. These Alerts has different severities
and most of them don’t require big attention because of the
huge number of the false alerts among them. Monitoring and
identifying risky alerts is a major concern to security
administrator. Deleting the false alerts or reducing the
amount of the alerts (false alerts or real alerts) from the
entire amount alerts lead the researchers to design an
operational model for minimization of false positive alarms,
including recurring alarms by security administrator. In this
paper we are proposing a method, which can reduce such kind
of false positive alarms.
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesIJERA Editor
The extensive use of virtualization in implementing cloud infrastructure brings unrivaled security concerns for cloud tenants or customers and introduces an additional layer that itself must be completely configured and secured. Intruders can exploit the large amount of cloud resources for their attacks. This paper discusses two approaches In the first three features namely ongoing attacks, autonomic prevention actions, and risk measure are Integrated to our Autonomic Cloud Intrusion Detection Framework (ACIDF) as most of the current security technologies do not provide the essential security features for cloud systems such as early warnings about future ongoing attacks, autonomic prevention actions, and risk measure. The early warnings are signaled through a new finite State Hidden Markov prediction model that captures the interaction between the attackers and cloud assets. The risk assessment model measures the potential impact of a threat on assets given its occurrence probability. The estimated risk of each security alert is updated dynamically as the alert is correlated to prior ones. This enables the adaptive risk metric to evaluate the cloud’s overall security state. The prediction system raises early warnings about potential attacks to the autonomic component, controller. Thus, the controller can take proactive corrective actions before the attacks pose a serious security risk to the system. In another Attack Sequence Detection (ASD) approach as Tasks from different users may be performed on the same machine. Therefore, one primary security concern is whether user data is secure in cloud. On the other hand, hacker may facilitate cloud computing to launch larger range of attack, such as a request of port scan in cloud with multiple virtual machines executing such malicious action. In addition, hacker may perform a sequence of attacks in order to compromise his target system in cloud, for example, evading an easy-to-exploit machine in a cloud and then using the previous compromised to attack the target. Such attack plan may be stealthy or inside the computing environment, so intrusion detection system or firewall has difficulty to identify it.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Cyber-Defensive Architecture for Networked Industrial Control SystemsIJEACS
This paper deals with the inevitable consequence of the convenience and efficiency we benefit from the open, networked control system operation of safety-critical applications: vulnerability to such system from cyber-attacks. Even with numerous metrics and methods for intrusion detection and mitigation strategy, a complete detection and deterrence of internal code flaws and outside cyber-attacks has not been found and would not be found anytime soon. Considering the ever incompleteness of detection and prevention and the impact and consequence of mal-functions of the safety-critical operations caused by cyber incidents, this paper proposes a new computer control system architecture which assures resiliency even under compromised situations. The proposed architecture is centered on diversification of hardware systems and unidirectional communication from the proposed system in alerting suspicious activities to upper layers. This paper details the architectural structure of the proposed cyber defensive computer control system architecture for power substation applications and its validation in lab experimentation and on a cybersecurity testbed.
Alert Analysis using Fuzzy Clustering and Artificial Neural NetworkIJRES Journal
Intrusion Detection System (IDS) is used to supervise all tricks which are running on particular machine or network. Also it will give you alert regarding to any attack. However now a day’s these alerts are very large in amount. It is very complicated to examine these attacks. We intend a time and space based alert analysis technique which can strap related alerts without surroundings knowledge and provide attack graph to help the administrator to understand the attack on host or network steps wise clearly and fittingly for analysis. A threat evaluation is given to discover out the most treacherous attack, which decrease administrator’s time and energy in calculating huge amount of alerts. We are analyzing the network traffic in form of attack using Entity Threat Evaluation (ETE) which find out which particular host is attacked, Gadget Threat Evaluation (GTE) which tells us within that host which device is attacked, Network Threat Evaluation (NTE) which tells us which network is attacked, Hit Threat Evaluation (HTE) by giving input as dataset of attack. Main idea is that the distribution of different types of attacks is not balanced. The attacks which are not repeatedly occurs, the learning sample size is too small as compared to high-frequent attacks. It makes Artificial Neural Network (ANN) not easy to become skilled at the characters of these attacks and therefore detection precision is much worse. To solve such troubles, we propose a new technique for ANN-based IDS, Fuzzy Clustering (FC-ANN), to enhance the detection precision for low-frequent attacks and detection stability.
Intrusion Detection System - False Positive Alert Reduction TechniqueIDES Editor
Intrusion Detection System (IDS) is the most
powerful system that can handle the intrusions of the computer
environments by triggering alerts to make the analysts take
actions to stop this intrusion, but the IDS is triggering alerts
for any suspicious activity which means thousand alerts that
the analysts should take care of it. IDS generate a large
number of alerts and most of them are false positive as the
behavior construe for partial attack pattern or lack of
environment knowledge. These Alerts has different severities
and most of them don’t require big attention because of the
huge number of the false alerts among them. Monitoring and
identifying risky alerts is a major concern to security
administrator. Deleting the false alerts or reducing the
amount of the alerts (false alerts or real alerts) from the
entire amount alerts lead the researchers to design an
operational model for minimization of false positive alarms,
including recurring alarms by security administrator. In this
paper we are proposing a method, which can reduce such kind
of false positive alarms.
A Survey on Hidden Markov Model (HMM) Based Intention Prediction TechniquesIJERA Editor
The extensive use of virtualization in implementing cloud infrastructure brings unrivaled security concerns for cloud tenants or customers and introduces an additional layer that itself must be completely configured and secured. Intruders can exploit the large amount of cloud resources for their attacks. This paper discusses two approaches In the first three features namely ongoing attacks, autonomic prevention actions, and risk measure are Integrated to our Autonomic Cloud Intrusion Detection Framework (ACIDF) as most of the current security technologies do not provide the essential security features for cloud systems such as early warnings about future ongoing attacks, autonomic prevention actions, and risk measure. The early warnings are signaled through a new finite State Hidden Markov prediction model that captures the interaction between the attackers and cloud assets. The risk assessment model measures the potential impact of a threat on assets given its occurrence probability. The estimated risk of each security alert is updated dynamically as the alert is correlated to prior ones. This enables the adaptive risk metric to evaluate the cloud’s overall security state. The prediction system raises early warnings about potential attacks to the autonomic component, controller. Thus, the controller can take proactive corrective actions before the attacks pose a serious security risk to the system. In another Attack Sequence Detection (ASD) approach as Tasks from different users may be performed on the same machine. Therefore, one primary security concern is whether user data is secure in cloud. On the other hand, hacker may facilitate cloud computing to launch larger range of attack, such as a request of port scan in cloud with multiple virtual machines executing such malicious action. In addition, hacker may perform a sequence of attacks in order to compromise his target system in cloud, for example, evading an easy-to-exploit machine in a cloud and then using the previous compromised to attack the target. Such attack plan may be stealthy or inside the computing environment, so intrusion detection system or firewall has difficulty to identify it.
A technical review and comparative analysis of machine learning techniques fo...IJECEIAES
Machine learning techniques are being widely used to develop an intrusion detection system (IDS) for detecting and classifying cyber attacks at the network-level and the host-level in a timely and automatic manner. However, Traditional Intrusion Detection Systems (IDS), based on traditional machine learning methods, lacks reliability and accuracy. Instead of the traditional machine learning used in previous researches, we think deep learning has the potential to perform better in extracting features of massive data considering the massive cyber traffic in real life. Generally Mobile Ad Hoc Networks have given the low physical security for mobile devices, because of the properties such as node mobility, lack of centralized management and limited bandwidth. To tackle these security issues, traditional cryptography schemes can-not completely safeguard MANETs in terms of novel threats and vulnerabilities, thus by applying Deep learning methods techniques in IDS are capable of adapting the dynamic environments of MANETs and enables the system to make decisions on intrusion while continuing to learn about their mobile environment. An IDS in MANET is a sensoring mechanism that monitors nodes and network activities in order to detect malicious actions and malicious attempt performed by Intruders. Recently, multiple deep learning approaches have been proposed to enhance the performance of intrusion detection system. In this paper, we made a systematic comparison of three models, Inceprtion architecture convolutional neural network (Inception-CNN), Bidirectional long short-term memory (BLSTM) and deep belief network (DBN) on the deep learning-based intrusion detection systems, using the NSL-KDD dataset containing information about intrusion and regular network connections, the goal is to provide basic guidance on the choice of deep learning models in MANET.
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemIJRES Journal
With today’s world filled with information and data, it is very important for one to know which information or data is harmless and which is harmful. Right from cellular phones to big MNCs and Server companies require a security system that is as competent and adaptive as its ever-updating and evolving viruses or malware. The paper talks about the development and implementation of a new idea Adaptive anti-virus based on Anfis logic. An adaptive anti-virus system that will catch up to the speed at which the viruses update and evolve.
In recent years, wireless sensor network (WSN) is used in several application areas resembling observance, tracking, and dominant in IoTs. for several applications of WSN, security is a crucial demand. However, security solutions in WSN disagree from ancient networks because of resource limitation and process constraints. This paper analyzes security solutions: TinySec, IEEE 802.15.4, SPINS, MiniSEC, LSec, LLSP, LISA, and LISP in WSN. This paper additionally presents characteristics, security needs, attacks, cryptography algorithms, and operation modes. This paper is taken into account to be helpful for security designers in WSNs.
The overwhelming threat may be a challenge to
general security system. Fundamentally diverse alert and threat
techniques are been researched in order to reduce deceptive
warnings. Threat Detection Systems generates huge amount of
alerts which becomes challenging to deal with them and prepare
solution. The detection System checks inbound and outbound
network activities and finds an suspicious pattern that indicate
an ongoing steps for attack. Large amount of alert may contain
false alarm therefore need of alert analysis mechanisms to offer
high level information of seriousness of threat, how dangerous
device are and which device admin has to pay more attention. To
solve this query we would make use of time and space based alert
analysis technique that provides a solution in form of attack
graph and its evaluation that provides severity of attack to
administrator.
Novel Malware Clustering System Based on Kernel Data Structureiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
With the growth of computer networking, electronic commerce and web services, security networking systems have become very important to protect infomation and networks againts malicious usage or attacks. In this report, it is designed an Intrusion Detection System using two artificial neural networks: one for Intrusion Detection and the another for Attack Classification.
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
Machine learning in network security using knime analyticsIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly
programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
By:
Jowin John Chemban (jowinchemban@gmail.com)
HGW16CS022 (2016-2020 Batch)
S7 B.Tech Computer Science Engineering
Holy Grace Academy of Engineering, Mala
Date : September 2019
Detecting Unknown Attacks Using Big Data AnalysisEditor IJMTER
Nowadays threat of previously unknown cyber-attacks are increasing because existing security
systems are not able to detect them. Previously, leaking personal information by attacking the PC or
destroying the system was very common cyber attacks . But the goal of recent hacking attacks has changed
from leaking information and destruction of services to attacking large-scale systems such as critical
infrastructures and state agencies. In the other words, existing defence technologies to counter these attacks
are based on pattern matching methods which are very limited. Because of this fact, in the event of new and
previously unknown attacks, detection rate becomes very low and false negative increases. To defend
against these unknown attacks, which cannot be detected with existing technology, a new model based on
big data analysis techniques that can extract information from a variety of sources to detect future attacks is
proposed. The expectation with this model is future Advanced Persistent Threat (APT) detection and
prevention.
A technical review and comparative analysis of machine learning techniques fo...IJECEIAES
Machine learning techniques are being widely used to develop an intrusion detection system (IDS) for detecting and classifying cyber attacks at the network-level and the host-level in a timely and automatic manner. However, Traditional Intrusion Detection Systems (IDS), based on traditional machine learning methods, lacks reliability and accuracy. Instead of the traditional machine learning used in previous researches, we think deep learning has the potential to perform better in extracting features of massive data considering the massive cyber traffic in real life. Generally Mobile Ad Hoc Networks have given the low physical security for mobile devices, because of the properties such as node mobility, lack of centralized management and limited bandwidth. To tackle these security issues, traditional cryptography schemes can-not completely safeguard MANETs in terms of novel threats and vulnerabilities, thus by applying Deep learning methods techniques in IDS are capable of adapting the dynamic environments of MANETs and enables the system to make decisions on intrusion while continuing to learn about their mobile environment. An IDS in MANET is a sensoring mechanism that monitors nodes and network activities in order to detect malicious actions and malicious attempt performed by Intruders. Recently, multiple deep learning approaches have been proposed to enhance the performance of intrusion detection system. In this paper, we made a systematic comparison of three models, Inceprtion architecture convolutional neural network (Inception-CNN), Bidirectional long short-term memory (BLSTM) and deep belief network (DBN) on the deep learning-based intrusion detection systems, using the NSL-KDD dataset containing information about intrusion and regular network connections, the goal is to provide basic guidance on the choice of deep learning models in MANET.
Self Evolving Antivirus Based on Neuro-Fuzzy Inference SystemIJRES Journal
With today’s world filled with information and data, it is very important for one to know which information or data is harmless and which is harmful. Right from cellular phones to big MNCs and Server companies require a security system that is as competent and adaptive as its ever-updating and evolving viruses or malware. The paper talks about the development and implementation of a new idea Adaptive anti-virus based on Anfis logic. An adaptive anti-virus system that will catch up to the speed at which the viruses update and evolve.
In recent years, wireless sensor network (WSN) is used in several application areas resembling observance, tracking, and dominant in IoTs. for several applications of WSN, security is a crucial demand. However, security solutions in WSN disagree from ancient networks because of resource limitation and process constraints. This paper analyzes security solutions: TinySec, IEEE 802.15.4, SPINS, MiniSEC, LSec, LLSP, LISA, and LISP in WSN. This paper additionally presents characteristics, security needs, attacks, cryptography algorithms, and operation modes. This paper is taken into account to be helpful for security designers in WSNs.
The overwhelming threat may be a challenge to
general security system. Fundamentally diverse alert and threat
techniques are been researched in order to reduce deceptive
warnings. Threat Detection Systems generates huge amount of
alerts which becomes challenging to deal with them and prepare
solution. The detection System checks inbound and outbound
network activities and finds an suspicious pattern that indicate
an ongoing steps for attack. Large amount of alert may contain
false alarm therefore need of alert analysis mechanisms to offer
high level information of seriousness of threat, how dangerous
device are and which device admin has to pay more attention. To
solve this query we would make use of time and space based alert
analysis technique that provides a solution in form of attack
graph and its evaluation that provides severity of attack to
administrator.
Novel Malware Clustering System Based on Kernel Data Structureiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
With the growth of computer networking, electronic commerce and web services, security networking systems have become very important to protect infomation and networks againts malicious usage or attacks. In this report, it is designed an Intrusion Detection System using two artificial neural networks: one for Intrusion Detection and the another for Attack Classification.
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
Machine learning in network security using knime analyticsIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly
programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
MACHINE LEARNING IN NETWORK SECURITY USING KNIME ANALYTICSIJNSA Journal
Machine learning has more and more effect on our every day’s life. This field keeps growing and expanding into new areas. Machine learning is based on the implementation of artificial intelligence that gives systems the capability to automatically learn and enhance from experiments without being explicitly programmed. Machine Learning algorithms apply mathematical equations to analyze datasets and predict values based on the dataset. In the field of cybersecurity, machine learning algorithms can be utilized to train and analyze the Intrusion Detection Systems (IDSs) on security-related datasets. In this paper, we tested different machine learning algorithms to analyze NSL-KDD dataset using KNIME analytics.
Seminar Presentation | Network Intrusion Detection using Supervised Machine L...Jowin John Chemban
By:
Jowin John Chemban (jowinchemban@gmail.com)
HGW16CS022 (2016-2020 Batch)
S7 B.Tech Computer Science Engineering
Holy Grace Academy of Engineering, Mala
Date : September 2019
Detecting Unknown Attacks Using Big Data AnalysisEditor IJMTER
Nowadays threat of previously unknown cyber-attacks are increasing because existing security
systems are not able to detect them. Previously, leaking personal information by attacking the PC or
destroying the system was very common cyber attacks . But the goal of recent hacking attacks has changed
from leaking information and destruction of services to attacking large-scale systems such as critical
infrastructures and state agencies. In the other words, existing defence technologies to counter these attacks
are based on pattern matching methods which are very limited. Because of this fact, in the event of new and
previously unknown attacks, detection rate becomes very low and false negative increases. To defend
against these unknown attacks, which cannot be detected with existing technology, a new model based on
big data analysis techniques that can extract information from a variety of sources to detect future attacks is
proposed. The expectation with this model is future Advanced Persistent Threat (APT) detection and
prevention.
A Survey on Hidden Markov Model (HMM) Based Intention Prediction Techniques IJERA Editor
The extensive use of virtualization in implementing cloud infrastructure brings unrivaled security concerns for
cloud tenants or customers and introduces an additional layer that itself must be completely configured and
secured. Intruders can exploit the large amount of cloud resources for their attacks.
This paper discusses two approaches In the first three features namely ongoing attacks, autonomic prevention
actions, and risk measure are Integrated to our Autonomic Cloud Intrusion Detection Framework (ACIDF) as
most of the current security technologies do not provide the essential security features for cloud systems such as
early warnings about future ongoing attacks, autonomic prevention actions, and risk measure. The early
warnings are signaled through a new finite State Hidden Markov prediction model that captures the interaction
between the attackers and cloud assets. The risk assessment model measures the potential impact of a threat on
assets given its occurrence probability. The estimated risk of each security alert is updated dynamically as the
alert is correlated to prior ones. This enables the adaptive risk metric to evaluate the cloud’s overall security
state. The prediction system raises early warnings about potential attacks to the autonomic component,
controller. Thus, the controller can take proactive corrective actions before the attacks pose a serious security
risk to the system.
In another Attack Sequence Detection (ASD) approach as Tasks from different users may be performed on the
same machine. Therefore, one primary security concern is whether user data is secure in cloud. On the other
hand, hacker may facilitate cloud computing to launch larger range of attack, such as a request of port scan in
cloud with multiple virtual machines executing such malicious action. In addition, hacker may perform a
sequence of attacks in order to compromise his target system in cloud, for example, evading an easy-to-exploit
machine in a cloud and then using the previous compromised to attack the target. Such attack plan may be
stealthy or inside the computing environment, so intrusion detection system or firewall has difficulty to identify
it.
International Journal of Engineering Research and Development (IJERD)IJERD Editor
We would send hard copy of Journal by speed post to the address of correspondence author after online publication of paper.
We will dispatched hard copy to the author within 7 days of date of publication
ENHANCED THREE TIER SECURITY ARCHITECTURE FOR WSN AGAINST MOBILE SINK REPLI...ijwmn
Recent developments on Wireless Sensor Networks have made their application in a wide range
such as military sensing and tracking, health monitoring, traffic monitoring, video surveillance and so on.
Wireless sensor nodes are restricted to computational resources, and are always deployed in a harsh,
unattended or unfriendly environment. Therefore, network security becomes a tough task and it involves
the authorization of admittance to data in a network. The problem of authentication and pair wise key
establishment in sensor networks with mobile sink is still not solved in the mobile sink replication attacks.
In q-composite key pre distribution scheme, a large number of keys are compromised by capturing a
small fraction of sensor nodes by the attacker. The attacker can easily take a control of the entire network
by deploying a replicated mobile sinks. Those mobile sinks which are preloaded with compromised keys
are used authenticate and initiate data communication with sensor node. To determine the above problem
the system adduces the three-tier security framework for authentication and pair wise key establishment
between mobile sinks and sensor nodes. The previous system used the polynomial key pre distribution
scheme for the sensor networks which handles sink mobility and continuous data delivery to the
neighbouring nodes and sinks, but this scheme makes high computational cost and reduces the life time of
sensors. In order to overcome this problem a random pair wise key pre distribution scheme is suggested
and further it helps to improve the network resilience. In addition to this an Identity Based Encryption is
used to encrypt the data and Mutual authentication scheme is proposed for the identification and
isolation of replicated mobile sink from the network.
Keyloggers are a invasive software often used to harvest secret information. One of the main reasons for
this fast growth is the possibility for unprivileged programs running in the user space to secretly steal and record all the
keystrokes typed by the users on a system. The ability to run in unprivileged mode makes possible their implementation
and distribution. but, at the same time, allows one to understand and imitate their behavior in detail.
ER Publication,
IJETR, IJMCTR,
Journals,
International Journals,
High Impact Journals,
Monthly Journal,
Good quality Journals,
Research,
Research Papers,
Research Article,
Free Journals, Open access Journals,
erpublication.org,
Engineering Journal,
Science Journals,
Efficient Data Aggregation in Wireless Sensor NetworksIJAEMSJORNAL
Sensor network is a term used to refer to a heterogeneous system combining tiny sensors and actuators with general/special-purpose processors. Sensor networks are assumed to grow in size to include hundreds or thousands of low-power, low-cost, static or mobile nodes. This system is created by observing that for any densely deployed sensor network, high redundancy exists in the gathered information from the sensor nodes that are close to each other we have exploited the redundancy and designed schemes to secure different kinds of aggregation processing against both inside and outside attacks.
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online.
Modification data attack inside computer systems: A critical reviewCSITiaesprime
This paper is a review of types of modification data attack based on computer systems and it explores the vulnerabilities and mitigations. Altering information is a kind of cyber-attack during which intruders interfere, catch, alter, take, or erase critical data on the personal computers (PCs) and applications through using network exploit or by running malicious executable codes on victim's system. One of the most difficult and trendy areas in information security is to protect the sensitive information and secure devices from any kind of threats. Latest advancements in information technology in the field of information security reveal huge amount of budget funded for and spent on developing and addressing security threats to mitigate them. This helps in a variety of settings such as military, business, science, and entertainment. Considering all concerns, the security issues almost always come at first as the most critical concerns in the modern time. As a matter of fact, there is no ultimate security solution; although recent developments in security analysis are finding daily vulnerabilities, there are many motivations to spend billions of dollars to ensure there are vulnerabilities waiting for any kind of breach or exploit to penetrate into the systems and networks and achieve particular interests. In terms of modifying data and information, from old-fashioned attacks to recent cyber ones, all of the attacks are using the same signature: either controlling data streams to easily breach system protections or using non-control-data attack approaches. Both methods can damage applications which work on decision-making data, user input data, configuration data, or user identity data to a large extent. In this review paper, we have tried to express trends of vulnerabilities in the network protocols’ applications.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Online Intrusion Alert Aggregation with Generative Data Stream ModelingIJMER
Online intrusion alert aggregation with generative data stream modeling is a approach which uses generative modeling. It also use a method called as probabilistic methods. It can be assume that instances of an attack is similar as a process may be a random process which is producing alerts. This paper aims at collecting and modeling these attacks on some similar parameters, so that attack from beginning to completion can be identified. This collected and modeled alerts is given to security
personnel to estimate conclusion and take relative action. With some data sets, we show that it is easy to
deduct number of alerts and count of missing meta alerts is also extremely low. Also we demonstrate that generation of meta alerts having delay of only few seconds even after
first alert is produced already.
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...IJNSA Journal
End users are increasingly vulnerable to attacks directed at web browsers which make the most of popularity of today’s web services. While organizations deploy several layers of security to protect their systems and data against unauthorised access, surveys reveal that a large fraction of end users do not utilize and/or are not familiar with any security tools. End users’ hesitation and unfamiliarity with security products contribute vastly to the number of online DDoS attacks, malware and Spam distribution. This work on progress paper proposes a design focused on the notion of increased participation of internet service providers in protecting end users. The proposed design takes advantage of three different detection tools to identify the maliciousness of a website content and alerts users through utilising Internet Content Adaptation Protocol (ICAP) by an In-Browser cross-platform messaging system. The system also incorporates the users’ online behaviour analysis to minimize the scanning intervals of malicious websites database by client honeypots. Findings from our proof of concept design and other research indicate that such a design can provide a reliable hybrid detection mechanism while introducing low delay time into user browsing experience.
AN ISP BASED NOTIFICATION AND DETECTION SYSTEM TO MAXIMIZE EFFICIENCY OF CLIE...
Bp24447451
1. J.Emi Karmichael / International Journal of Engineering Research and Applications
(IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 2, Issue 4, July-August 2012, pp.447-451
Study And Implementation Of Self Healing Mechanism For The
Control Flow Attack For Wireless Sensor Networks
J.Emi Karmichael
Centre For Information Technology And Engineering,
M S University, Tirunelveli
ABSTRACT
Nowadays wireless sensor networks have control flow of a sensor application. To protect the
found their way into a wide variety of applications control flow, this paper proposes access control
and systems with vastly varying requirements and scheme that can detect attacks attempting to alter the
characteristics, but all of them have a common control flow and then recover sensor data. Sensors use
element: faults are a normal fact and not isolated very simple embedded systems due to cost, efficiency,
events as in traditional networks. Thus, in order to quality and resource limitations, sensors do not have
guarantee the network quality of service, it is sophisticated operating systems (OSs) to manage code
essential for the sensor network to be able to detect for safety. Simple Os have been developed for
and heal failures. The presented approach aims to embedded systems. However, they do not distinguish
employ self-healing services, allowing them to kernel mode or user mode when executing an
discover, examine, diagnose and react to instruction, and application data is adjacent to system
malfunctions. In sensor application, a malicious data. Hence, one application routine can easily access
code can change the flow of sensor to achieve the the data of the system or other application routines.
attacks. The downloaded malicious code will steal Furthermore, high-level programming languages have
or modify the sensor data. To protect the control become popular in developing sensor applications
flow of sensor, this paper proposes self healing because of their convenience for coding and
scheme that can detect the attack or the attempt to maintenance over assembly languages. Open source
alter the control flow and recover the sensor based sensor applications have been developed as
application to the normal operation In additional, well. Consequently, applications share more and more
the original data which is altered by attackers is common code as they use similar development
recovered from the private memory of sensor. Here environments. Memory fault attacks based on the same
the private memory is used for storing sensor data principle in regular computers become threats to
as reference, which is used during self optimization sensor networks[1]. First, sensors do not have
time, thus strong security is obtained. In architecture to effectively enforce access control in
additional, the original data which is altered by program memory. A few schemes have been proposed
attackers is recovered from the private memory of to enforce access control in a sensor’s data memory by
sensor. the selfhealing scheme directly processes using software-based memory management. These
application code at the machine instruction level, approaches do not prevent exploiting packets from
instead of performing control or data analysis on accessing other code segments in the same program
source code. The implementation show that the memory. Second, sensors do not have an effective
self-healing scheme is lightweight in protecting recovery mechanism. Illegally accessing instructions
sensor applications. in program memory normally causes the crash of the
running sensor applications and results in a long
1.INTRODUCTION restart period[2].The access control code effectively
Applications in sensor networks have been enforces access control in program memory such that
researched and developed for years. However, most the control flow cannot be maliciously altered. The
security work focused on threats to networking and access control code itself is designed to be resilient to
communication protocols. Lessons learned from worm control flow attacks that attempt to evade the access
attacks that exploit memory vulnerabilities show that control. The scheme provides a self-healing recovery
attackers can compromise an entire network without routine to quickly remove a compromised task from
hacking legitimate accounts or breaking protocols. is the application and restore the sensor to a normal state.
to protect the control flow of sensor and from the The routine cleans up sabotaged data in data memory
memory fault.[2] In a sensor’s simple memory and releases the resources taken by the compromised
architecture, injected code can alter task. The scheme works at the machine instruction
447 | P a g e
2. J.Emi Karmichael / International Journal of Engineering Research and Applications
(IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 2, Issue 4, July-August 2012, pp.447-451
level and directly processes an application’s machine This paper focuses on control flow attacks that alter
code instead of the application’s source code. The control flow to execute an unexpected
scheme diversifies the protected code images or sequence of instructions.
different sensors.
3.OVERVIEW OF POSSIBLE ATTACKS
2.RELATED WORK Wireless sensor network security is many-
Various journals are referred to know the sensor and fold, there are various ways to attack them. It is
its attacking methodologies from the given references commonly assumed that wireless sensor networks are
papers at below . Attacks on the data collected without based on non tamper resistant devices, i.e. an attacker
appropriate authentication of the nodes an attacker can can easily collect a few nodes to analyze or modify
impersonate a node to send fake data. An attacker not them. However, as the network is large, possibly made
part of the network can tamper with the data. While of hundreds or thousands of devices, an attacker
there exists many Data authentication is a difficult cannot tamper with all the devices. This is a basic
problem in WSN, therefore data tempering by a assumption in security protocols designed for wireless
malicious node is a difficult problem. Secure data sensor networks. An attacker can chose to attack the
aggregation protocols have been proposed to solve network, the data or directly the nodes that are
those issues. In a physical intrusion detection alarm described in paper [5].
system, the authority using the system would be
willing that the alarms reported are secret, i.e. the 3.1 MEMORY FAULT ATTACK
messages passing would not to acknowledge the Many computer attacks exploit
detection of the intruder. This for example would vulnerabilities due to memory fault in current
allow the authority to catch the intruder in the act. . At computer systems. Such attacks can be categorized as
mean while, it runs protection code to enforce access control flow attacks. Attackers can overwrite control
control in program memory. This will match the data to alter control flow via exploiting vulnerabilities
public memory and private memory and recover the of format string error, double-free error, heap
data if fault occurs. Like wise it will self optimist the overflow, return-to-lib, etc is given in paper [1]
sensor node and recover its original data. Many Attackers can alter control flow to execute injected
computer attacks exploit memory vulnerabilities in malicious code or to bypass conditional branches or
current computer systems. Various vulnerabilities have invoke indirect jumps.
been identified in software, such as stack overflow,
format string error, double-free error, heap overflow, 3.2 CONTROL FLOW ATTACK
return-to-libc, etc. These vulnerabilities are exploited Attackers can alter the control flow via many
to overwrite critical data in memory to launch control well known buffer overflow techniques. In sensor
flow attacks [3] and data flow attacks [4]. Control flow nodes, attackers could find more approaches as the
attacks manipulate control data to change the flow of sensor’s architecture is very simple. Attackers can
code execution. Return addresses and function directly overwrite kernel data or registers that are
pointers are two major types of control data that memory-mapped. The program memory of the
attackers are interested in altering and exploiting. In a processor is write-protected such that the application
typical “stack smashing” attack, return address in stack code can reliably work in the field. One of the attacks
is overwritten to the address where injected codes are targeting this architecture is to alter the control flow of
executed when the function (corresponding to the a sensor application that as been refered in paper [1].
current stack frame) returns. When target program’s
control data are modified, attackers can execute 4.ATTACK MODEL
injected malicious code or out-of context library code In this paper, we do not consider attacks that
at the memory address pointed by the altered control simply capture nearby sensors. Instead, we examine
data. Data flow attacks do not alter the control flow, attacks that send malicious packets to exploit
but rather manipulate non control data to cause vulnerability in remote sensors. Such attacks help
security breach in software. Many real-world software attackers obtain more control over remote sensors that
applications are susceptible to data flow attacks [4]. In are not in their nearby areas. Such attacks can
such attacks, attackers examine the software to find effectively threaten a network of tens or hundreds of
out “which data within a target application are critical sensors. We assume attackers can obtain source code
to security other than control data, whether the or binary image of sensor applications, find
vulnerabilities exist at appropriate stages of execution exploitable coding errors, and develop exploiting
that can lead to eventual security compromises, and packets offline, ahead of launching attacks.
whether the severity of security compromises is Researchers have found techniques that use non
equivalent to that of traditional control data attacks.
448 | P a g e
3. J.Emi Karmichael / International Journal of Engineering Research and Applications
(IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 2, Issue 4, July-August 2012, pp.447-451
executable data carried in exploiting packets to vulnerability of the running task in fact allows the
redirect the control flow to achieve certain attacks. exploiting. Then, the access control code hands over
First, a malicious packet is injected into a vulnerable the compromised task to the recovery routine that
sensor. Since the sensor is not aware if the packet is cleans the compromised task and returns the execution
malicious or not, it will put the packet in a buffer in to the task scheduler for the next pending task. Both
data memory. Then, when the packet is being the task scheduler and the recovery routine are
processed in the sensor, the packet exploits protected with access control code to prevent attackers
vulnerability in code. The exploitable vulnerability from exploiting them. The intuitive arrangement of
varies, but leads to altering the control flow so that the interactive graphical elements (windows, toolbars,
data carried in the packet can misuse the application menus, etc.) makes it easy to view and access the
code. The misuse of the application code is carried in a many powerful capabilities of ModelSim. VHDL
chain of operations. Each unit in the chain consists of includes facilities for describing logical structure and
two steps and uses a part of data in the injected packet function of digital systems at a number of levels of
to accomplish a part of the attack. As the injected abstraction, from system level down to the gate level.
packet does not carry any code, each unit in the chain It is intended, among other things, as a modeling
must use a part of the application code, and also language for specification and simulation. We can also
ensure that, when it finishes, the control flow is altered use it for hardware synthesis if we restrict ourselves to
to the next address of application code that can be used a subset that can be automatically translated into
by the next unit in the chain. The first step in a unit of hardware. Easy-to-use wizards step you through
the misuse chain loads some data in the injected creation of more complex HDL blocks. The wizards
packet into registers. Because registers are used for show how to create parameterizable logic blocks, test
passing parameters to functions in sensors, the loaded bench stimuli, and design objects. The source window
data will be used as the parameters in the second step. templates and wizards benefit both novice and
Then, the second step invokes a function in the advanced HDL developers with time-saving shortcuts.
application code with the loaded parameters to Control flow analysis component. It identifies
accomplish a specific part of attack. Finally, after the CNs that includes the code of interrupt routines, and
chain of misused operations completes, the attack application routines. It also identifies and restructures
exits. The attacking packet could simply alter the the data memory layout with task related memory and
control flow to the RESET interrupt to restart the non-task-related memory. Recovery code insertion
sensor, or release the control flow to let the sensor component. It appends the recovery routine to the
regain the control. original application code. It also fills NOPs to all
empty addresses in the code memory. Access control
5..IMPLEMENTATION code insertion component. It assigns a random mark to
Self-healing scheme is to handle control flow each CN and inserts the access control code to enforce
attacks. It has two modules (a) access control module access control in code memory. The safety of the
that enforces the control flow of a running task, and access control code is based on the fact that both
(b) recovery module with additional memory that marks and code are stored in the write protected code
recovers the control flow of the sensor application memory and cannot be modified.
from a compromised task. The execution of a sensor
application is managed by the task scheduler of the 6.OVERVIEW OF SELF-HEALING
sensor’s OS. When a sensor receives a packet, a task ARCHITECTURE
will be dispatched by the task scheduler to process the The recovery first releases resources allocated to the
packet. Once the task finishes, the execution of the compromised task, then releases the compromised task
application will return to the task scheduler so that the from the kernel, and finally guides the kernel to
next pending task can be dispatched. The self-healing execute the next pending task. As kernel routines are
scheme embeds small blocks of access control code in very crucial in a system, restarting the whole system is
all code segments in the program memory. the ideal, safe and straightforward response to
In a normal situation, all code segments being eliminate kernel attacks in sensors. Hence, in this
accessed by a task are in fact determined by the sensor paper, we focus on recovering the system when
application. Hence, each task has a pre-determined application tasks are being exploited. Because it is
control flow. A non-compromised task should not possible that an exploited function may affect other
have any abnormal access to a code segment that is not functions of the same task, the recovery is task-based.
in its control flow. Thus, the access control code will In this section, we first discuss the idea of the recovery
allow the execution of any regular task. If packet approach normally used in preemptive OSs and then
exploits vulnerability in the code of the running task, the recovery approach for the non-Preemptive OS in
we consider the task to be compromised. The
449 | P a g e
4. J.Emi Karmichael / International Journal of Engineering Research and Applications
(IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 2, Issue 4, July-August 2012, pp.447-451
sensors. Attackers can overwrite control data to alter develop the malicious code and then alter the control
control flow via exploiting vulnerabilities of format flow. After that recovery module will recover the
string error, double-free error, heap over flow, return- sensor module and sensor data. If a packet exploits
to-libc, etc. Attackers can alter control flow to execute vulnerability in the code of the Running task, we
injected malicious code or to bypass conditional consider the task to be compromise. The redirection
branches or invoke indirect jumps. Control flow will be captured by the access control code at the end
analysis component. It identifies CNs that include the of the destination code segment, because the execution
code of interrupt routines, TinyOS routines, and of the code segments deviates the normal. In the block
application routines. It also identifies and restructures diagram, the sensor node will sense the input data and
the data memory layout with task related memory and the sensed data will store in the public and private
non-taskrelated memory. The recovery code insertion memory. Here the access code will control the access
component generates the recovery routine and attaches and it will check whether fault is occurred or not. If
it to the original code. It appends the recovery routine any memory fault occurs then the private memory will
to the original application code. Italso fills NOPs to all recover the data.
empty addresses in the code memory. Finally, the
access control code insertion competent safeguards the 7.RECOVERY OF A SENSOR NODE DATA
unprotected code and also diversifies the protection The recovery, it first releases resources
code to ensure releases the compromised task from the allocated to the compromised sensor data, then
kernel, and finally guides the kernel to execute the releases the data from the kernel, and finally guides
next pending task. Each individual sensor obtains a the kernel to execute the next sensor data to original
unique protected position. In this section, we first discuss the idea of the
recovery approach normally used in recovery OSs and
then the recovery approach for the Tiny OS in sensors
has been developed. Attackers can overwrite control
data to alter sensor data via exploiting vulnerabilities
of format string error, double-free error, heap over
Attackers can alter control flow to execute injected
malicious code or to bypass conditional branches or
invoke indirect jumps. The recovery code insertion
component generates the recovery routine and attaches
it to the original code. Finally, the access control code
insertion component safeguards the unprotected that
done in [1] and additionally the protection code to
FIG 1 Self Optimization Of Sensor Node that each ensure the original data that each individual sensor .
individual sensor obtains a unique protected code
image. 8.CONCLUSION AND FUTURE SCOPES
Code image. The two memory areas that are public The overhead of the self-healing scheme in
and private are used. If public get attack then private program memory and how much it affect the execution
can be used to recover the sensor data which is altered of normal routines will be examined. That enforces
by malicious code. Here for sample develop the access control in the control flow of sensor
malicious code and then alter the control flow. After applications and recovers the sensor data using the
that recovery module will recover the sensor module additive memory, when a control flow attack and
and sensor data. If a packet exploits vulnerability in memory fault attacks are captured. The security
the code of the Running task, we consider the task to analysis shows that the scheme self- optimizes the
be compromise. The redirection will be captured by sensor node and its data from various attack. Finally
the access control code at the end of the destination restore the sensor to a normal state. In the future, the
code segment, because the execution of the code study of preventing the attackers to intrude inside the
segments deviates the normal control flow of the task. sensor application is derived on new trends. The
The recovery first releases resources allocated to the current self-healing scheme simply releases memory
compromised task, then releases the compromised task and recover the data from private memory taken by a
from the kernel, and finally guides the kernel to compromised task. On next step the memory
execute the next pending task. The two memory areas protection scheme can be implemented for more
that are public and private are used. If public get attack confidential areas.
then private can be used to recover the sensor data
which is altered by malicious code. Here for sample
450 | P a g e
5. J.Emi Karmichael / International Journal of Engineering Research and Applications
(IJERA) ISSN: 2248-9622 www.ijera.com
Vol. 2, Issue 4, July-August 2012, pp.447-451
REFERENCES
[1] Christopher Ferguson, Qijun Gu, Hongchi Shi
“Self-healing Control Flow Protection in Sensor
Applications”, March 16 2009, Zurich,
Switzerland.
[2] Harald Vogt, Matthias Ringwald, Mario Straser
, “Intrusion Detection and Failure Recovery in
Sensor Nodes” , at ETH Zurich, Switzerland.
[3] A. Smirnov and T. Chiueh, “DIRA: Automatic
Detection, Identification and Repair of Control-
Data Attacks,” Proc. Ann. Network and
Distributed System Security Symp., 2005.
[4] C. Kruegel, E. Kirda, D. Mutz, W. Robertson,
and G. Vigna, “Automating Mimicry Attacks
Using Static Binary Analysis,” Proc. USENIX
Security Symp., 2005.
[5] “Self-Healing Methodology in Ubiquitous
Sensor Network”, Giljong Yoo, and Eunseok
Lee, p.p 3, February, at School of
Information and Communication Engineering
Sungkyunkwan University.
[6] A. One, “Smashing the Stack for Fun and
Profit,” Phrack Magazine,
http://www.phrack.com/issues.html?issue=49&i
d= 14#article, 1996.
451 | P a g e