Computer network is unpredictable due to information warfare and is prone to various
attacks. Such attacks on network compromise the most important attribute, the privacy. Most of such
attacks are devised using special communication channel called ``Covert Channel''. The word ``Covert''
stands for hidden or non-transparent. Network Covert Channel is a concealed communication path within
legitimate network communication that clearly violates security policies laid down. The non-transparency
in covert channel is also referred to as trapdoor. A trapdoor is unintended design within legitimate
communication whose motto is to leak information. Subliminal channel, a variant of covert channel works
similarly except that the trapdoor is set in a cryptographic algorithm. A composition of covert channel with
subliminal channel is the ``Hybrid Covert Channel''. Hybrid covert channel is homogenous or
heterogeneous mixture of two or more variants of covert channels either active at same instance or at
different instances of time. Detecting such malicious channel activity plays a vital role in removing threat
to the legitimate network. In this paper, we present a study of multi-trapdoor covert channels and
introduce design of a new detection engine for hybrid covert channel in transport layer visualized in TCP
and SSL.
Performance analysis of transport layer basedhybrid covert channel detection ...IJNSA Journal
Computer network is unpredictable due to information warfareand is prone to various attacks. Such attacks
on network compromiseson the most important attribute, the privacy. Most of such attacksare devised using
special communication channel called Covert Channel".The word Covert" stands for hidden or nontransparent.
Network Covert Channel is concealed communication paths within legitimatenetwork
communication that clearly violates security policies laiddown. Non-transparency in covert channel is also
referred to as trapdoor.A trapdoor is unintended design within legitimate communication whosemotto is
leak information. Subliminal channel, a variant of covert channelworks similarly as network covert channel
except that trapdoor is setin cryptographic algorithm. A composition of covert channel with
subliminalchannel is the Hybrid Covert Channel". Hybrid covert channelis the homogeneous or
heterogeneous mixture of two or more variantsof covert channel either active at same instance or at
different instanceof time. Detecting such malicious channel activity plays a vital role inremoving threat to
legitimate network.In this paper, we introduce new detection engine for hybrid covert channelin transport
layer visualized in TCP and SSL. A setup made onexperimental test bed (DE-HCC9) in RD Lab of our
department. Thepurpose of this study is to introduce few performance metrics to evaluatedetection engine
and also to understand the multi-trapdoor natureof covert channel.
Covert channels is a vital setup in the analysing the strength of security in a network. Covert Channel is
illegitimate channelling over the secured channel and establishes a malicious conversation. The trap-door
set in such channels proliferates making covert channel sophisticated to detect their presence in network
firewall. This is due to the intricate covert scheme that enables to build robust covert channel over the
network. From an attacker's perspective this will ameliorate by placing multiple such trapdoors in
different protocols in the rudimentary protocol stack. This leads to a unique scenario of “Hybrid Covert
Channel", where different covert channel trapdoors exist at the same instance of time in same layer of
protocol stack. For detection agents to detect such event is complicated due to lack of knowledge over the
different covert schemes. To improve the knowledge of the detection engine to detect the hybrid covert
channel scenario it is required to explore all possible clandestine mediums used in the formation of such
channels. This can be explored by different schemes available and their entropy impact on hybrid covert
channel. The environment can be composed of resources and subject under at-tack and subject which
have initiated the attack (attacker). The paper sets itself an objective to understand the different covert
schemes and the attack scenario (modelling) and possibilities of covert mediums along with metric for
detection.
The peer-reviewed International Journal of Engineering Inventions (IJEI) is started with a mission to encourage contribution to research in Science and Technology. Encourage and motivate researchers in challenging areas of Sciences and Technology.
A Mobile Ad-Hoc Network (MANET) is a self configuring, infrastructure less network of mobile devices
connected by wireless links. Loopholes like wireless medium, lack of a fixed infrastructure, dynamic
topology, rapid deployment practices, and the hostile environments in which they may be deployed, make
MANET vulnerable to a wide range of security attacks and Wormhole attack is one of them. During this
attack a malicious node captures packets from one location in the network, and tunnels them to another
colluding malicious node at a distant point, which replays them locally. This paper presents a cluster based
Wormhole attack avoidance technique. The concept of hierarchical clustering with a novel hierarchical 32-
bit node addressing scheme is used for avoiding the attacking path during the route discovery phase of the
DSR protocol, which is considered as the under lying routing protocol. Pinpointing the location of the
wormhole nodes in the case of exposed attack is also given by using this method.
Modified AODV Algorithm using Data Mining Process: Classification and Clusteringidescitation
Security of Wireless Ad hoc network has a primary
concern to provide protected communication between mobile
nodes. When we routing some packet it can use both malicious
node or authenticate node for forwarding and receiving data.
Malicious node can attack like black hole, misuse of data or
hacked information. Our aim is to discuss the feasibility of
monitoring the node of different networks, to analyze it for
providing better security in AODV routing protocol. We
implement data mining techniques for search large amount
of data according characteristic rules and patterns to detect
malicious node. We have used growing neural gas (GNS)
clustering algorithm to make clusters and analysis data. Using
soft computing technique we find patterns, analysis node and
take decision based on decision tree.
Prevention of Selective Jamming Attacks by Using Packet Hiding MethodsIOSR Journals
Abstract: The open nature of the wireless medium leaves it too weak to intentional interference attacks,
typically defined as jamming. This intentional interference with wireless transmissions can be used as a launch
pad for mounting Denial-of-Service attacks on wireless networks. Typically, jamming has been introduced
under an external threat model. However, intruders with internal knowledge of protocol specifications and
network secrets can launch low-effort jamming attacks that are difficult to detect and counter. In this work, we
address the problem of selective jamming attacks in wireless networks. In these attacks, the hacker is active only
for a short period of time, selectively targeting messages of high importance. We demonstrate the advantages of
selective jamming in terms of network performance degradation and hacker effort by presenting two case
studies; a selective attack on TCP and one on routing. We show that selective jamming attacks can be
forwarded by performing real-time packet classification at the physical layer. To reduce these attacks, we
develop three schemes that prevent real-time packet classification by combining cryptographic primitives with
physical-layer attributes. We analyze the security of the proposed methods and evaluate their computational and
communication overhead.
SECURE LOCATION BASED ROUTING FOR MANETSAnkur Singhal
The video demonstrates sending the file from source to the destination by initially encrypting it using multihops and then decrypting it at the receiver's end
Performance analysis of transport layer basedhybrid covert channel detection ...IJNSA Journal
Computer network is unpredictable due to information warfareand is prone to various attacks. Such attacks
on network compromiseson the most important attribute, the privacy. Most of such attacksare devised using
special communication channel called Covert Channel".The word Covert" stands for hidden or nontransparent.
Network Covert Channel is concealed communication paths within legitimatenetwork
communication that clearly violates security policies laiddown. Non-transparency in covert channel is also
referred to as trapdoor.A trapdoor is unintended design within legitimate communication whosemotto is
leak information. Subliminal channel, a variant of covert channelworks similarly as network covert channel
except that trapdoor is setin cryptographic algorithm. A composition of covert channel with
subliminalchannel is the Hybrid Covert Channel". Hybrid covert channelis the homogeneous or
heterogeneous mixture of two or more variantsof covert channel either active at same instance or at
different instanceof time. Detecting such malicious channel activity plays a vital role inremoving threat to
legitimate network.In this paper, we introduce new detection engine for hybrid covert channelin transport
layer visualized in TCP and SSL. A setup made onexperimental test bed (DE-HCC9) in RD Lab of our
department. Thepurpose of this study is to introduce few performance metrics to evaluatedetection engine
and also to understand the multi-trapdoor natureof covert channel.
Covert channels is a vital setup in the analysing the strength of security in a network. Covert Channel is
illegitimate channelling over the secured channel and establishes a malicious conversation. The trap-door
set in such channels proliferates making covert channel sophisticated to detect their presence in network
firewall. This is due to the intricate covert scheme that enables to build robust covert channel over the
network. From an attacker's perspective this will ameliorate by placing multiple such trapdoors in
different protocols in the rudimentary protocol stack. This leads to a unique scenario of “Hybrid Covert
Channel", where different covert channel trapdoors exist at the same instance of time in same layer of
protocol stack. For detection agents to detect such event is complicated due to lack of knowledge over the
different covert schemes. To improve the knowledge of the detection engine to detect the hybrid covert
channel scenario it is required to explore all possible clandestine mediums used in the formation of such
channels. This can be explored by different schemes available and their entropy impact on hybrid covert
channel. The environment can be composed of resources and subject under at-tack and subject which
have initiated the attack (attacker). The paper sets itself an objective to understand the different covert
schemes and the attack scenario (modelling) and possibilities of covert mediums along with metric for
detection.
The peer-reviewed International Journal of Engineering Inventions (IJEI) is started with a mission to encourage contribution to research in Science and Technology. Encourage and motivate researchers in challenging areas of Sciences and Technology.
A Mobile Ad-Hoc Network (MANET) is a self configuring, infrastructure less network of mobile devices
connected by wireless links. Loopholes like wireless medium, lack of a fixed infrastructure, dynamic
topology, rapid deployment practices, and the hostile environments in which they may be deployed, make
MANET vulnerable to a wide range of security attacks and Wormhole attack is one of them. During this
attack a malicious node captures packets from one location in the network, and tunnels them to another
colluding malicious node at a distant point, which replays them locally. This paper presents a cluster based
Wormhole attack avoidance technique. The concept of hierarchical clustering with a novel hierarchical 32-
bit node addressing scheme is used for avoiding the attacking path during the route discovery phase of the
DSR protocol, which is considered as the under lying routing protocol. Pinpointing the location of the
wormhole nodes in the case of exposed attack is also given by using this method.
Modified AODV Algorithm using Data Mining Process: Classification and Clusteringidescitation
Security of Wireless Ad hoc network has a primary
concern to provide protected communication between mobile
nodes. When we routing some packet it can use both malicious
node or authenticate node for forwarding and receiving data.
Malicious node can attack like black hole, misuse of data or
hacked information. Our aim is to discuss the feasibility of
monitoring the node of different networks, to analyze it for
providing better security in AODV routing protocol. We
implement data mining techniques for search large amount
of data according characteristic rules and patterns to detect
malicious node. We have used growing neural gas (GNS)
clustering algorithm to make clusters and analysis data. Using
soft computing technique we find patterns, analysis node and
take decision based on decision tree.
Prevention of Selective Jamming Attacks by Using Packet Hiding MethodsIOSR Journals
Abstract: The open nature of the wireless medium leaves it too weak to intentional interference attacks,
typically defined as jamming. This intentional interference with wireless transmissions can be used as a launch
pad for mounting Denial-of-Service attacks on wireless networks. Typically, jamming has been introduced
under an external threat model. However, intruders with internal knowledge of protocol specifications and
network secrets can launch low-effort jamming attacks that are difficult to detect and counter. In this work, we
address the problem of selective jamming attacks in wireless networks. In these attacks, the hacker is active only
for a short period of time, selectively targeting messages of high importance. We demonstrate the advantages of
selective jamming in terms of network performance degradation and hacker effort by presenting two case
studies; a selective attack on TCP and one on routing. We show that selective jamming attacks can be
forwarded by performing real-time packet classification at the physical layer. To reduce these attacks, we
develop three schemes that prevent real-time packet classification by combining cryptographic primitives with
physical-layer attributes. We analyze the security of the proposed methods and evaluate their computational and
communication overhead.
SECURE LOCATION BASED ROUTING FOR MANETSAnkur Singhal
The video demonstrates sending the file from source to the destination by initially encrypting it using multihops and then decrypting it at the receiver's end
SECURED TEXT MESSAGE TRANSMISSION IN A WIRELESS COMMUNICATION SYSTEM WITH THE...caijjournal
A broad variety of wireless data applications and services depend on security. This paper presents a
simulation-based study of a wireless communication system using a secured Vigenere cipher and the RSA
cryptographic algorithms on text message transmission. The system under consideration uses 1/2-rated
CRC channel coding and BPSK digital modulation over an Additive White Gaussian noise (AWGN)
channel. To address security concerns, a text message is encrypted at the transmitter with the Vigenere
cipher and RSA before being decrypted and compared for different levels of SNR at the receiver end. To
carry out the computer simulation, the Matlab 2016a programming language has been used. The
transmitted text message is successfully retrieved at the receiver end after the Vigenere cipher and the RSA
cryptographic algorithm are implemented. It is also anticipated that as noise power increases, the
effectiveness of a wireless communication system based on the Vigenere cipher and RSA security will
decrease.
A Review of Network Layer Attacks and Countermeasures in WSNiosrjce
IOSR Journal of Electronics and Communication Engineering(IOSR-JECE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of electronics and communication engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in electronics and communication engineering. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
One of the most popular areas of research is wireless communication. Mobile Ad Hoc network (MANET) is a network with wireless mobile nodes, infrastructure less and self organizing. With its wireless and distributed nature it is exposed to several security threats. One of the threats in MANET is the wormhole attack. In this attack a pair of attacker forms a virtual link thereby recording and replaying the wireless transmission. This paper presents types of wormhole attack and also includes different technique for detecting wormhole attack in MANET..
TRIDNT: THE TRUST-BASED ROUTING PROTOCOL WITH CONTROLLED DEGREE OF NODE SELFI...IJNSA Journal
In Mobile ad-hoc network, nodes must cooperate to achieve the routing purposes. Node misbehaviour due to selfish or malicious intention could significantly degrade the performance of MANET because most existing routing protocols in MANET are aiming at finding most efficiency path. In this paper, we propose a Two node-disjoint Routes protocol for Isolating Dropper Node in MANET (TRIDNT) to deal with misbehaviour in MANET. TRIDNT allows some degree of selfishness to give an incentive to the selfish nodes to declare itself to its neighbours, which reduce the misbehaving nodes searching time. In TRIDNT two node-disjoint routes between the source and destination are selected based on their trust values. We use both DLL-ACK and end-to-end TCP-ACK to monitor the behaviour of routing path nodes: if a malicious behaviour is detected then the path searching tool starts to identify the malicious nodes and isolate them. Finally by using a mathematical analysis we find that our proposed protocol reduces the searching time of malicious nodes comparing to the route expected life time, and avoids the isolated misbehaving node from sharing in all future routes, which improve the overall network throughput.
A NEW CLUSTER-BASED WORMHOLE INTRUSION DETECTION ALGORITHM FOR MOBILE AD-HOC ...IJNSA Journal
In multi-hop wireless systems, the need for cooperation among nodes to relay each other's packets exposes them to a wide range of security attacks. A particularly devastating attack is the wormhole attack, where a malicious node records control traffic at one location and tunnels it to another compromised node, possibly far away, which replays it locally. Routing security in ad hoc networks is often equated with strong and feasible node authentication and lightweight cryptography. Unfortunately, the wormhole attack can hardly be defeated by crypto graphical measures, as wormhole attackers do not create separate packets. They simply replay packets already existing on the network, which pass the cryptographic checks. Existing works on wormhole detection have often focused on detection using specialized hardware, such as directional antennas, etc. In this paper, we present a cluster based
counter-measure for the wormhole attack, that alleviates these drawbacks and efficiently mitigates the wormhole attack in MANET. Simulation results on MATLab exhibit the effectiveness of the proposed algorithm in detecting wormhole attacks.
Hiding message from hacker using novel network techniquesPriyangaRajaram
we address the trouble of selective jamming attacks in wireless networks. In these assaults, the adversary is energetic best for a brief period of time, selectively concentrated on messages of excessive significance. We illustrate the benefits of selective jamming in phrases of network performance degradation and adversary effort with the aid of offering case research. A selective assault on TCP and one on routing. We show that selective jamming attacks can be launched with the aid of performing actual-time packet classification at the physical layer. To mitigate these attacks, we develop 3 schemes that prevent actual-time packet class via combining cryptographic primitives with physical-layer attributes. We analyze the security of our strategies and examine their computational and communication overhead.
International Refereed Journal of Engineering and Science (IRJES) is a leading international journal for publication of new ideas, the state of the art research results and fundamental advances in all aspects of Engineering and Science. IRJES is a open access, peer reviewed international journal with a primary objective to provide the academic community and industry for the submission of half of original research and applications
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...IJTET Journal
Abstract- MANETs are infrastructure less and can be set up anytime anywhere. Due to high mobility of nodes in mobile ad hoc networks (MANETs), there exist frequent link breakages which lead to frequent path failures and route discoveries. The overhead of a route discovery cannot be neglected. In a route discovery, broadcasting is a fundamental and effective data broadcasting mechanism, where a mobile node blindly rebroadcasts the first received route request packets unless it has a route to the destination, and thus it causes the broadcast storm problem and without consider the nodes energy level of route selection it leads to reduce the network lifetime. In this paper proposed to focus is on a two mechanism ESDSR and Neighbor coverage based Probabilistic rebroadcast to overcome those problems. A Energy Saving Dynamic Source Routing in MANETs (ESDSR) which will efficiently utilize the battery power consideration in the route selection time of mobile nodes in such a way that the network will get more life time and Neighbor coverage based Probabilistic rebroadcast mechanism, which can significantly decrease the number of retransmissions so as to reduce the routing overhead, and can also improve the routing performance. The simulation was carried out using the NS-2 network simulator.
Steganography is a technology used since years for the communication of messages secretly. These secret messages are put inside honest carriers. Carriers can be digital images, audio files, video files and so on. The limitation in sending concealed longer messages has been overcoming by the inclusion of video files as carriers. Popular internet services such as Skype, BitTorrent, Google Suggest, and
WLANs are targets of information hiding techniques. Nowadays, plotters are not only using the carriers but also the protocols for communication that regulate the path of the carrier through the Internet. This technique is named Network Steganography.
A Secure message exchange and anti-jamming mechanism in manetIJSRD
Secure neighbor discovery is the fundamental process in the MANET deployed in aggressive environment. It refers to the process that nodes exchange messages to discover and authenticate each other. It is defenseless to the jamming attack in which the adversary intentionally transmits signals to prevent neighboring nodes from exchanging messages. Existing anti-jamming communications depends on JR-SND. The JR-SND, a jamming-resilient secure neighbor discovery scheme for MANETs based on Random spread-code pre-distribution and Direct Sequence Spread Spectrum (DSSS). In Existing, they prevent the jamming and introduce the anti-jamming mechanism using DSSS introduce the secure message exchange mechanism and prevent the collisions during packet transmission. But in this we lack of introducing to detect the selfish and malicious nodes in the network. For this, in the Future Work we will enhance the work by detecting the selfish nodes using Watchdog and Neighbor Coverage-based Probabilistic Rebroadcast Protocol (NCPR).
Performance Analysis of Transport Layer Basedhybrid Covert Channel Detection ...IJNSA Journal
Computer network is unpredictable due to information warfareand is prone to various attacks. Such attacks on network compromiseson the most important attribute, the privacy. Most of such attacksare devised using special communication channel called Covert Channel".The word Covert" stands for hidden or nontransparent.Network Covert Channel is concealed communication paths within legitimatenetwork communication that clearly violates security policies laiddown. Non-transparency in covert channel is also referred to as trapdoor.A trapdoor is unintended design within legitimate communication whosemotto is leak information. Subliminal channel, a variant of covert channelworks similarly as network covert channel except that trapdoor is setin cryptographic algorithm. A composition of covert channel with subliminalchannel is the Hybrid Covert Channel". Hybrid covert channelis the homogeneous or heterogeneous mixture of two or more variantsof covert channel either active at same instance or at different instanceof time. Detecting such malicious channel activity plays a vital role inremoving threat to legitimate network.In this paper, we introduce new detection engine for hybrid covert channelin transport layer visualized in TCP and SSL. A setup made onexperimental test bed (DE-HCC9) in RD Lab of our department. Thepurpose of this study is to introduce few performance metrics to evaluatedetection engine and also to understand the multi-trapdoor natureof covert channel.
ENTROPY BASED DETECTION ANDBEHAVIORAL ANALYSIS OF HYBRID COVERT CHANNELIN SEC...IJNSA Journal
Covert channels is a vital setup in the analysing the strength of security in a network. Covert Channel is illegitimate channelling over the secured channel and establishes a malicious conversation. The trap-door set in such channels proliferates making covert channel sophisticated to detect their presence in network firewall. This is due to the intricate covert scheme that enables to build robust covert channel over the network. From an attacker's perspective this will ameliorate by placing multiple such trapdoors in different protocols in the rudimentary protocol stack. This leads to a unique scenario of “Hybrid Covert Channel", where different covert channel trapdoors exist at the same instance of time in same layer of protocol stack. For detection agents to detect such event is complicated due to lack of knowledge over the different covert schemes. To improve the knowledge of the detection engine to detect the hybrid covert channel scenario it is required to explore all possible clandestine mediums used in the formation of such channels. This can be explored by different schemes available and their entropy impact on hybrid covert channel. The environment can be composed of resources and subject under at-tack and subject which have initiated the attack (attacker). The paper sets itself an objective to understand the different covert schemes and the attack scenario (modelling) and possibilities of covert mediums along with metric for detection.
A typical analysis of hybrid covert channel using constructive entropy analy...IJECEIAES
A covert timing channel is based on modulation of the timing information in the network packets in a secured communication. The delicacy of this channel is primarily viewed as single coherent channel thwart the detection from any third-party entity or network admin. The timing covert channel is strenuous to detect under many scenarios due to the intricate complexity of the channel. The exploration of timing covert channel shed light on intrinsic design aspects which elevate understanding to an advanced level. This will effectively bring out elite literature aspects of the timing covert channel for seamless implementation. Supraliminal channels are innocuous messagebased channel introduced as a trapdoor in the communication system either intentional or as vulnerability of the system. A hybrid covert channel is the existence of homogeneous or heterogeneous network covert channel variants either at same instant or at different instant of time. For instance, one of possible hybrid covert channel is the co-existence of timing covert channel in transmission control protocol (TCP) and supraliminal channel in voice over internet protocol (VoIP). This paper introduces this variant of the hybrid covert channel and their significance in network communication. The paper also refers to standard measures-entropy, covertness index to understand hybrid covert channel.
SECURED TEXT MESSAGE TRANSMISSION IN A WIRELESS COMMUNICATION SYSTEM WITH THE...caijjournal
A broad variety of wireless data applications and services depend on security. This paper presents a
simulation-based study of a wireless communication system using a secured Vigenere cipher and the RSA
cryptographic algorithms on text message transmission. The system under consideration uses 1/2-rated
CRC channel coding and BPSK digital modulation over an Additive White Gaussian noise (AWGN)
channel. To address security concerns, a text message is encrypted at the transmitter with the Vigenere
cipher and RSA before being decrypted and compared for different levels of SNR at the receiver end. To
carry out the computer simulation, the Matlab 2016a programming language has been used. The
transmitted text message is successfully retrieved at the receiver end after the Vigenere cipher and the RSA
cryptographic algorithm are implemented. It is also anticipated that as noise power increases, the
effectiveness of a wireless communication system based on the Vigenere cipher and RSA security will
decrease.
A Review of Network Layer Attacks and Countermeasures in WSNiosrjce
IOSR Journal of Electronics and Communication Engineering(IOSR-JECE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of electronics and communication engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in electronics and communication engineering. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
One of the most popular areas of research is wireless communication. Mobile Ad Hoc network (MANET) is a network with wireless mobile nodes, infrastructure less and self organizing. With its wireless and distributed nature it is exposed to several security threats. One of the threats in MANET is the wormhole attack. In this attack a pair of attacker forms a virtual link thereby recording and replaying the wireless transmission. This paper presents types of wormhole attack and also includes different technique for detecting wormhole attack in MANET..
TRIDNT: THE TRUST-BASED ROUTING PROTOCOL WITH CONTROLLED DEGREE OF NODE SELFI...IJNSA Journal
In Mobile ad-hoc network, nodes must cooperate to achieve the routing purposes. Node misbehaviour due to selfish or malicious intention could significantly degrade the performance of MANET because most existing routing protocols in MANET are aiming at finding most efficiency path. In this paper, we propose a Two node-disjoint Routes protocol for Isolating Dropper Node in MANET (TRIDNT) to deal with misbehaviour in MANET. TRIDNT allows some degree of selfishness to give an incentive to the selfish nodes to declare itself to its neighbours, which reduce the misbehaving nodes searching time. In TRIDNT two node-disjoint routes between the source and destination are selected based on their trust values. We use both DLL-ACK and end-to-end TCP-ACK to monitor the behaviour of routing path nodes: if a malicious behaviour is detected then the path searching tool starts to identify the malicious nodes and isolate them. Finally by using a mathematical analysis we find that our proposed protocol reduces the searching time of malicious nodes comparing to the route expected life time, and avoids the isolated misbehaving node from sharing in all future routes, which improve the overall network throughput.
A NEW CLUSTER-BASED WORMHOLE INTRUSION DETECTION ALGORITHM FOR MOBILE AD-HOC ...IJNSA Journal
In multi-hop wireless systems, the need for cooperation among nodes to relay each other's packets exposes them to a wide range of security attacks. A particularly devastating attack is the wormhole attack, where a malicious node records control traffic at one location and tunnels it to another compromised node, possibly far away, which replays it locally. Routing security in ad hoc networks is often equated with strong and feasible node authentication and lightweight cryptography. Unfortunately, the wormhole attack can hardly be defeated by crypto graphical measures, as wormhole attackers do not create separate packets. They simply replay packets already existing on the network, which pass the cryptographic checks. Existing works on wormhole detection have often focused on detection using specialized hardware, such as directional antennas, etc. In this paper, we present a cluster based
counter-measure for the wormhole attack, that alleviates these drawbacks and efficiently mitigates the wormhole attack in MANET. Simulation results on MATLab exhibit the effectiveness of the proposed algorithm in detecting wormhole attacks.
Hiding message from hacker using novel network techniquesPriyangaRajaram
we address the trouble of selective jamming attacks in wireless networks. In these assaults, the adversary is energetic best for a brief period of time, selectively concentrated on messages of excessive significance. We illustrate the benefits of selective jamming in phrases of network performance degradation and adversary effort with the aid of offering case research. A selective assault on TCP and one on routing. We show that selective jamming attacks can be launched with the aid of performing actual-time packet classification at the physical layer. To mitigate these attacks, we develop 3 schemes that prevent actual-time packet class via combining cryptographic primitives with physical-layer attributes. We analyze the security of our strategies and examine their computational and communication overhead.
International Refereed Journal of Engineering and Science (IRJES) is a leading international journal for publication of new ideas, the state of the art research results and fundamental advances in all aspects of Engineering and Science. IRJES is a open access, peer reviewed international journal with a primary objective to provide the academic community and industry for the submission of half of original research and applications
Energy Saving DSR and Probabilistic Rebroadcast Mechanism are used to Increas...IJTET Journal
Abstract- MANETs are infrastructure less and can be set up anytime anywhere. Due to high mobility of nodes in mobile ad hoc networks (MANETs), there exist frequent link breakages which lead to frequent path failures and route discoveries. The overhead of a route discovery cannot be neglected. In a route discovery, broadcasting is a fundamental and effective data broadcasting mechanism, where a mobile node blindly rebroadcasts the first received route request packets unless it has a route to the destination, and thus it causes the broadcast storm problem and without consider the nodes energy level of route selection it leads to reduce the network lifetime. In this paper proposed to focus is on a two mechanism ESDSR and Neighbor coverage based Probabilistic rebroadcast to overcome those problems. A Energy Saving Dynamic Source Routing in MANETs (ESDSR) which will efficiently utilize the battery power consideration in the route selection time of mobile nodes in such a way that the network will get more life time and Neighbor coverage based Probabilistic rebroadcast mechanism, which can significantly decrease the number of retransmissions so as to reduce the routing overhead, and can also improve the routing performance. The simulation was carried out using the NS-2 network simulator.
Steganography is a technology used since years for the communication of messages secretly. These secret messages are put inside honest carriers. Carriers can be digital images, audio files, video files and so on. The limitation in sending concealed longer messages has been overcoming by the inclusion of video files as carriers. Popular internet services such as Skype, BitTorrent, Google Suggest, and
WLANs are targets of information hiding techniques. Nowadays, plotters are not only using the carriers but also the protocols for communication that regulate the path of the carrier through the Internet. This technique is named Network Steganography.
A Secure message exchange and anti-jamming mechanism in manetIJSRD
Secure neighbor discovery is the fundamental process in the MANET deployed in aggressive environment. It refers to the process that nodes exchange messages to discover and authenticate each other. It is defenseless to the jamming attack in which the adversary intentionally transmits signals to prevent neighboring nodes from exchanging messages. Existing anti-jamming communications depends on JR-SND. The JR-SND, a jamming-resilient secure neighbor discovery scheme for MANETs based on Random spread-code pre-distribution and Direct Sequence Spread Spectrum (DSSS). In Existing, they prevent the jamming and introduce the anti-jamming mechanism using DSSS introduce the secure message exchange mechanism and prevent the collisions during packet transmission. But in this we lack of introducing to detect the selfish and malicious nodes in the network. For this, in the Future Work we will enhance the work by detecting the selfish nodes using Watchdog and Neighbor Coverage-based Probabilistic Rebroadcast Protocol (NCPR).
Performance Analysis of Transport Layer Basedhybrid Covert Channel Detection ...IJNSA Journal
Computer network is unpredictable due to information warfareand is prone to various attacks. Such attacks on network compromiseson the most important attribute, the privacy. Most of such attacksare devised using special communication channel called Covert Channel".The word Covert" stands for hidden or nontransparent.Network Covert Channel is concealed communication paths within legitimatenetwork communication that clearly violates security policies laiddown. Non-transparency in covert channel is also referred to as trapdoor.A trapdoor is unintended design within legitimate communication whosemotto is leak information. Subliminal channel, a variant of covert channelworks similarly as network covert channel except that trapdoor is setin cryptographic algorithm. A composition of covert channel with subliminalchannel is the Hybrid Covert Channel". Hybrid covert channelis the homogeneous or heterogeneous mixture of two or more variantsof covert channel either active at same instance or at different instanceof time. Detecting such malicious channel activity plays a vital role inremoving threat to legitimate network.In this paper, we introduce new detection engine for hybrid covert channelin transport layer visualized in TCP and SSL. A setup made onexperimental test bed (DE-HCC9) in RD Lab of our department. Thepurpose of this study is to introduce few performance metrics to evaluatedetection engine and also to understand the multi-trapdoor natureof covert channel.
ENTROPY BASED DETECTION ANDBEHAVIORAL ANALYSIS OF HYBRID COVERT CHANNELIN SEC...IJNSA Journal
Covert channels is a vital setup in the analysing the strength of security in a network. Covert Channel is illegitimate channelling over the secured channel and establishes a malicious conversation. The trap-door set in such channels proliferates making covert channel sophisticated to detect their presence in network firewall. This is due to the intricate covert scheme that enables to build robust covert channel over the network. From an attacker's perspective this will ameliorate by placing multiple such trapdoors in different protocols in the rudimentary protocol stack. This leads to a unique scenario of “Hybrid Covert Channel", where different covert channel trapdoors exist at the same instance of time in same layer of protocol stack. For detection agents to detect such event is complicated due to lack of knowledge over the different covert schemes. To improve the knowledge of the detection engine to detect the hybrid covert channel scenario it is required to explore all possible clandestine mediums used in the formation of such channels. This can be explored by different schemes available and their entropy impact on hybrid covert channel. The environment can be composed of resources and subject under at-tack and subject which have initiated the attack (attacker). The paper sets itself an objective to understand the different covert schemes and the attack scenario (modelling) and possibilities of covert mediums along with metric for detection.
A typical analysis of hybrid covert channel using constructive entropy analy...IJECEIAES
A covert timing channel is based on modulation of the timing information in the network packets in a secured communication. The delicacy of this channel is primarily viewed as single coherent channel thwart the detection from any third-party entity or network admin. The timing covert channel is strenuous to detect under many scenarios due to the intricate complexity of the channel. The exploration of timing covert channel shed light on intrinsic design aspects which elevate understanding to an advanced level. This will effectively bring out elite literature aspects of the timing covert channel for seamless implementation. Supraliminal channels are innocuous messagebased channel introduced as a trapdoor in the communication system either intentional or as vulnerability of the system. A hybrid covert channel is the existence of homogeneous or heterogeneous network covert channel variants either at same instant or at different instant of time. For instance, one of possible hybrid covert channel is the co-existence of timing covert channel in transmission control protocol (TCP) and supraliminal channel in voice over internet protocol (VoIP). This paper introduces this variant of the hybrid covert channel and their significance in network communication. The paper also refers to standard measures-entropy, covertness index to understand hybrid covert channel.
An ensemble model to detect packet length covert channelsIJECEIAES
Covert channel techniques have enriched the way to commit dangerous and unwatched attacks. They exploit ways that are not intended to convey information; therefore, traditional security measures cannot detect them. One class of covert channels that difficult to detect, mitigate, or eliminate is packet length covert channels. This class of covert channels takes advantage of packet length variations to convey covert information. Numerous research articles reflect the useful use of machine learning (ML) classification approaches to discover covert channels. Therefore, this study presented an efficient ensemble classification model to detect such types of attacks. The ensemble model consists of five machine learning algorithms representing the base classifiers. The base classifiers include naive Bayes (NB), decision tree (DT), support vector machine (SVM), k-nearest neighbor (KNN), and random forest (RF). Whereas, the logistic regression (LR) classifier was employed to aggregate the outputs of the base classifiers and thus to generate the ensemble classifier output. The results showed a good performance of our proposed ensemble classifier. It beats all single classification algorithms, with a 99.3% accuracy rate and negligible classification errors.
International Journal of Engineering Research and DevelopmentIJERD Editor
Electrical, Electronics and Computer Engineering,
Information Engineering and Technology,
Mechanical, Industrial and Manufacturing Engineering,
Automation and Mechatronics Engineering,
Material and Chemical Engineering,
Civil and Architecture Engineering,
Biotechnology and Bio Engineering,
Environmental Engineering,
Petroleum and Mining Engineering,
Marine and Agriculture engineering,
Aerospace Engineering.
Implementation of Steganographic Method Based on IPv4 Identification Field ov...IJERA Editor
In this paper we present first a study of covert channels (steganography) that may be applied for each TCP/IP layer in VoIP application. Then, we present a steganographic method which hide secret data in IP protocol header fields, particularly the identification field. The IP protocol covert channel implementation was carried out in NS-3 (Network Simulator 3).
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysisijceronline
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
In this paper we propose a system that allows a safe and secure data transfer in MANETs between the source and the destination. As MANETs are unplanned networks and networks of instant communication, they are prone to attacks like disclosure, brute force attacks etc. In this paper we mainly concentrate on limiting the disclosure attacks in MANETs. Disclosure attack means that the network is monitored quietly without modifying it. The monitoring of network is possible only if the traffic is known. Hiding of traffic between the source and destination would prevent disclosure attacks in MANETs. To hide the traffic between the source and destination we must identify it. The traffic is identified using STARS(Statistical Traffic Pattern Discovery System for MANETs) technique. Using this technique, the traffic is made observable only for the intermediary nodes and the data is sent via intermediary nodes to the destination as single hop. The data which is sent as single hop by hop via intermediary nodes prevents the malicious node from knowing the original source and destination and thus preventing MANETs from disclosure attack.
Robust encryption algorithm based sht in wireless sensor networksijdpsjournal
In bound applications, the locations
of events reportable by a device network have to be compelled to stay
anonymous. That is, unauthorized observers should be unable to notice the origin of such events by
analyzing the network traffic. I analyze 2 forms of downsides: Communication overhead a
nd machine load
problem. During this paper, I gift a brand new framework for modeling, analyzing, and evaluating
obscurity in device networks. The novelty of the proposed framework is twofold: initial, it introduc
es the
notion of “interval indistinguishabi
lity” and provides a quantitative live to model obscurity in wireless
device networks; second, it maps supply obscurity to the applied mathematics downside I showed that
the
present approaches for coming up with statistically anonymous systems introduce co
rrelation in real
intervals whereas faux area unit unrelated. I show however mapping supply obscurity to consecutive
hypothesis testing with nuisance Parameters ends up in changing the matter of exposing non
-
public supply
data into checking out associate d
egree applicable knowledge transformation that removes or minimize the
impact of the nuisance data victimization sturdy cryptography algorithmic rule. By doing therefore,
I
remodel the matter of analyzing real valued sample points to binary codes, that ope
ns the door for
committal to writing theory to be incorporated into the study of anonymous networks. In existing wor
k,
unable to notice unauthorized observer in network traffic. However our work in the main supported
enhances their supply obscurity against
correlation check. the most goal of supply location privacy is to
cover the existence of real events.
International Journal of Engineering Research and DevelopmentIJERD Editor
Electrical, Electronics and Computer Engineering,
Information Engineering and Technology,
Mechanical, Industrial and Manufacturing Engineering,
Automation and Mechatronics Engineering,
Material and Chemical Engineering,
Civil and Architecture Engineering,
Biotechnology and Bio Engineering,
Environmental Engineering,
Petroleum and Mining Engineering,
Marine and Agriculture engineering,
Aerospace Engineering.
HOW TO DETECT MIDDLEBOXES: GUIDELINES ON A METHODOLOGYcscpconf
Internet middleboxes such as VPNs, firewalls, and proxies can significantly change handling of traffic streams. They play an increasingly important role in various types of IP networks. If end hosts can detect them, these hosts can make beneficial, and in some cases, crucial improvements in security and performance But because middle boxes have widely varying behavior and effects on the traffic they handle, no single technique has been discovered that can detect all of them.
Devising a detection mechanism to detect any particular type of middle box interference involves many design decisions and has numerous dimensions. One approach to assist with the
complexity of this process is to provide a set of systematic guidelines. This paper is the first attempt to introduce a set of general guidelines (as well as the rationale behind them) to assist researchers with devising methodologies for end-hosts to detect middle boxes by the end-hosts. The guidelines presented here take some inspiration from the previous work of other
researchers using various and often ad hoc approaches. These guidelines, however, are mainly based on our own experience with research on the detection of middle boxes. To assist
researchers in using these guidelines, we also provide an example of how to bring them into play for detection of network compression.
How to detect middleboxes guidelines on a methodologycsandit
Internet middleboxes such as VPNs, firewalls, and proxies can significantly change handling of
traffic streams. They play an increasingly important role in various types of IP networks. If end
hosts can detect them, these hosts can make beneficial, and in some cases, crucial improvements
in security and performance But because middleboxes have widely varying behavior and effects
on the traffic they handle, no single technique has been discovered that can detect all of them.
Devising a detection mechanism to detect any particular type of middlebox interference involves
many design decisions and has numerous dimensions. One approach to assist with the
complexity of this process is to provide a set of systematic guidelines. This paper is the first
attempt to introduce a set of general guidelines (as well as the rationale behind them) to assist
researchers with devising methodologies for end-hosts to detect middleboxes by the end-hosts.
The guidelines presented here take some inspiration from the previous work of other
researchers using various and often ad hoc approaches. These guidelines, however, are mainly
based on our own experience with research on the detection of middleboxes. To assist
researchers in using these guidelines, we also provide an example of how to bring them into
play for detection of network compression
Blockchain-Based Secure and Scalable Routing Mechanisms for VANETs ApplicationsIJCNCJournal
The VANET has seen a boom in the distribution of significant source data,enabling connected vehicle communications to enhance roadway safety.Despite the potential for interesting applications invehicle networks,thereare still unresolved issues that have the potential to hinder bandwidth utilization once deployed. Specifically, insider assaults on VANET platforms such as Blackhole attemptscan completely stop vehicle-to-vehicle communications and impair the networks' performance level. In this study, we provide the blockchain-based decentralized trust scoring architecture for the participants in the network to identify existing and blacklisted insider adversaries in VANET. To address this concern, we suggest a two-level detection technique, in the first level neighboring nodes determine theirtrustworthiness and in the second level it aggregates trust scores for vehicle nodes using a consortium blockchain-based mechanism that uses authorized Road Side Units (RSUs) as consensus mechanism. The blacklisted node records are then periodically changed based on the trust scores supplied by the nearby nodes. In regards to the practical scope of the network, the experimental study demonstrates that the suggested solution is effective and sustainable. To improve packet delivery ratio and vehicle node security in the VANET, the blockchain-based Trust-LEACH routing technique has also been created. The performance analysis has been carried out for Computational cost analysis, Computational time for block creation, Network analysis, SecurityAnalysis, and MITM attack analysis. Additionally, we provide proof that the suggested approach enhances VANET reliability by thwarting and removing insider threat initiation nodes from its blacklist.
Similar to Design of Transport Layer Based Hybrid Covert Channel Detection Engine (20)
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
Prosigns: Transforming Business with Tailored Technology Solutions
Design of Transport Layer Based Hybrid Covert Channel Detection Engine
1. International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC) Vol.1, No.4, December 2010
DOI : 10.5121/ijasuc.2010.1409 93
Design of Transport Layer Based Hybrid
Covert Channel Detection Engine
Anjan K #1
, Jibi Abraham *2
, Mamatha Jadhav V #3
#
Department Of Computer Science and Engineering,
M.S.Ramaiah Institute of Technology,
Bangalore,India
1
annjankk_msrit@in.com 3
mamsdalvi@gmail.com
*
College of Engineering
Pune, India
2
jibia.comp@coep.ac.in
Abstract : Computer network is unpredictable due to information warfare and is prone to various
attacks. Such attacks on network compromise the most important attribute, the privacy. Most of such
attacks are devised using special communication channel called ``Covert Channel''. The word ``Covert''
stands for hidden or non-transparent. Network Covert Channel is a concealed communication path within
legitimate network communication that clearly violates security policies laid down. The non-transparency
in covert channel is also referred to as trapdoor. A trapdoor is unintended design within legitimate
communication whose motto is to leak information. Subliminal channel, a variant of covert channel works
similarly except that the trapdoor is set in a cryptographic algorithm. A composition of covert channel with
subliminal channel is the ``Hybrid Covert Channel''. Hybrid covert channel is homogenous or
heterogeneous mixture of two or more variants of covert channels either active at same instance or at
different instances of time. Detecting such malicious channel activity plays a vital role in removing threat
to the legitimate network. In this paper, we present a study of multi-trapdoor covert channels and
introduce design of a new detection engine for hybrid covert channel in transport layer visualized in TCP
and SSL.
Keywords : Covert Channel, Subliminal Channel, Hybrid Covert Channel, Network Security,
Trapdoors
I. INTRODUCTION
Covert channel [1] [2] [3] is a malicious conversation within a legitimate network
communication. Covert channels clearly violate the security policies laid down by the network
environment allowing the information leak to the unauthorized or unknown receiver. Covert
channels do not have concrete definition and are scenario oriented. Covertness in these channels
exhibit behaviours like multi-trapdoor and protocol hopped where in which channelling is not
constrained to pair of communication entities. A fundamental covert channel can be visualised in
figure 1 depicting the covert communication model employed in the covert channel with pre-
shared information encoding and decoding scheme between the covert users.
2. International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC) Vol.1, No.4, December 2010
94
Further a covert channel can exist between processes in operating system or amongst
distributed objects or it can exist wherever communication is established. Focus in this paper is
on exploiting the covertness in rudimentary network model. At this point of discussion, covert
channel is associated with variety of similarly sounding terminologies like side channel or
stegnographic channel or supraliminal channel. These literature terms are indifferent to each
other and stand on the motto of promoting covertness in different forms or scenarios in a
communication model over legitimate network.
Covert channels in general exhibit some characteristics: Capacity, Noise and Transmission
mode [12]. Capacity of covert channel is the quantity of covert data that has to be transmitted.
Noise is the amount of disturbance that can interfere with the covert data when transmitted in the
network channel. Transmission mode is many times found to be synchronous but can also be
asynchronous. A broad classification of the covert channels is described in [5].
Hybrid covert channel [5], a variant of covert channel is defined as homogeneous or
heterogeneous composition of two or more covert channel variants existing either at same
instance or at different instances of time. Hybrid covert channel does not have concrete
composition. It is unimaginable to completely assess number of covert channels involved in
hybrid composition. Hence detection is a tedious work. Complexity adds on if the hybrid covert
channel behaves as multi-trapdoor and protocol hopped [9]. Hybrid covert channel here as shown
in figure 2 is visualized as a combination of simple network covert channel in TCP and
subliminal channel in SSL, both being transport layer protocols.
Figure 2: Hybrid Covert Channel in Transport Layer
Figure 1: Covert Channel Visualization
3. International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC) Vol.1, No.4, December 2010
95
Further sections of this paper cover various detection methods and design of a system to tackle
the hybrid covert channel based on the proper detection method. Section II explores related work.
Section III gives brief insight about various detection methodologies available in the literature.
Section IV delineates about the system design. Conclusion and future enhancements are provided
in section V.
II. RELATED WORK
Extensive work has been done to devise better detection methods to detect only covert channel
either on live wire or on a dataset. The method proposed in [6] is based on detecting covert shells
by monitoring the unusual traffic in the network stream. Detection in covert timing channels
proposed in [7] is based on packet inter-arrival and the whole process is modelled as Poisson's
distribution. Illegal information flows in covert channels are tracked by tracing the Message
Sequence Charts (MSC) in [8]. The paper [10] employs a statistical protocol based detection to
detect hybrid covert channel based on analysis made on packet headers.
III. DETECTION METHODS
Detection methods [10] for covert channels embedded in various protocols are relatively a new
area of research. Covert channel detection is to actively monitor the illegal information flow or
covert channel in the network stream. Covert Channel Identification is to identify a couple of
resources used for covert channeling, especially this happen in the case of storage based covert
channels. Focus in the proposed work is on active monitoring the malicious activity on the
network stream and not the identification of resources. Various authors across the globe have
categorized detection into following categories listed below:
A. Signature Based Detection
It involves searching specific pre-defined patterns in the network stream and when the pattern
appears, it triggers an alarm process. Best example for kind of channel it can detect is NetCat -
which is a reverse-shell communication between the internal network and a public network.
B. Protocol Based Detection
It involves searching the protocols for anomalies or violations while monitoring the network
stream. This requires understanding the protocol specification described in their RFC's and
detector must be knowledgeable to scan covert vulnerable fields in the protocol header. The best
example for channel that can be found is Covert_TCP tool which manipulates sequence number
field in TCP and IP ID in IPv4 packet for the covert communication.
C. Behavioral Based Detection
It involves creation of user profiles and reference profiles with respect to network stream in a
legitimate environment. These reference profiles are later applied to the production environment
for lateral comparison of real time user profiles with reference profiles. Best instance is writing
arbitrary data in any packet using stegnographic techniques.
D. Other Approaches
Other approaches include detection based on the data mining principles like neural network and
scenario based Bayes interference. Neural network approach involves training the network for `t'
4. International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC) Vol.1, No.4, December 2010
96
period until required accurate values to trigger the alarm process by the detection engine. In
scenario based Bayes interference, a system is setup to check whether each suspicious matched
signature (hypothetical attack) found in the monitored data stream is part of a global set
(symptoms). Then use each global set to calculate, with a Bayes inference, the probability for a
known attack to be on hold knowing the P (Hypothetical attack / Symptoms) probability. If the
detection engine finds a suspicious scenario whose probability value is greater than a set
threshold, an alarm process is triggered by the detection engine.
Above categorization can also behave as either statistical or probabilistic. A statistical approach is
to run the detection engine for `t' hours and record an amount of data `d'. This period is called as
learning period and such approach helps to increase the accuracy and also to set the threshold
value for the alarm process. A probabilistic approach is to set a probability for the specific event S
that occurs after the events P, Q and R as y%. This helps the detection engine to tune itself to
such events in its running period.
IV. DESIGN OF COVERT CHANNEL CREATION AND DETECTION
A. Major Design Criteria
Hybrid covert channel is visualized here as heterogeneous combination of trapdoors placed in
TCP and SSL in the transport layer. Design aspects with respect to TCP and SSL take different
route. TCP packets can be captured from the network interface of a system physically connected
to a small scale LAN. SSL payload is part of TCP packet. In order to detect the trapdoor in each
of the protocol, first let us look at the process of formation of the TCP packet when an application
data is sent from the application layer as described in figure 3.
Figure 3: Hybrid Covert Channel Formation
In figure 3, words marked in italics refer to covert and those with normal font refer to legitimate
process. In order to test the detection of such trapdoors in a channel, the channel itself needs to
be constructed. Before going any further with design of the channels and the detection engine, a
decision on the detection method to be employed plays a vital role. Network protocol like TCP is
involved and hence protocol based detection can be employed but security protocol like SSL
demands to have more runs to detect the trapdoor. Hence it follows a statistical approach,
therefore detection method for hybrid covert channel is an amalgamation of protocol based and
statistical based, termed as Statistical Protocol Based Detection.
5. International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC) Vol.1, No.4, December 2010
97
B. Designing Hybrid Covert Channel for Experimental Setup
Design issues here takes two different routes as discussed below. With reference to figure 3, flow
of design follows like first subliminal channel in SSL and then the simple network covert channel
in TCP.
1) Designing Subliminal Channel in SSL
SSL had wide range of cipher algorithms that assist in secured communication. One such
algorithm is the DSA that provide authentication service. Subliminal channel is created in DSA
as per [12]. Practically this can be done in following ways
• Covert user provides his random number during the signature generation process.
• Covert user replaces system generated public-private keys with his keys.
In either of both cases, the signature component contains the subliminal activity. If private key of
covert sender is known to the covert receiver then decoding is very simple. This can be
programmed either with OpenSSL or JSSE secure sockets.
2) Designing Simple Network Covert Channel in TCP
As theoretically explained in [5] a covert sender can place his covert data in covert vulnerable
fields like sequence number, Flags, Ack, options, padding and reserved. Since simple network
covert channel is being constructed in this work, focus is on sequence number, padding and flags
fields.
In order to implement this, a covert user needs a direct access to TCP packet generation process.
Practically under a programming platform this can be implemented in two ways:
• Jpcap libraries in Java that gives direct control of the interface to the developer, here a
covert user.
• BSD socket in Linux where socket creation can be done in the raw mode of operation to
create custom packet and informing the kernel not to append the checksum as this is done by the
developer.
C. Design of Covert Detection Engine
Design flow for detecting also takes two stages; one for detecting the SSL trapdoor or subliminal
channel and the other for the covert channel in TCP. For TCP based covert channel, TCP packet
must be available for diagnosis; this can be done by employing a protocol analyser or sniffer. For
SSL, it assumed that covert user has replaced the original supplied keys and also the manipulation
of random number is done. In such cases, randomness test for both keys and the random number
will prove the fact that the trapdoor is placed by the covert party. Algorithm below gives a
picture of the detection process.
6. International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC) Vol.1, No.4, December 2010
98
Algorithm for Detection Engine
Step 1: Capture TCP packets from Network Interface from user specified network device
Step 2: Store the TCP packet.
Step 3: Analyse the TCP header on covert vulnerable fields
Step 4: Analyse the signature in TCP payload and test the key against PRNG tester
Step 5: Log the entries of the covert and subliminal activity.
Step 6: Compute the performance graph and detection content computation from the each session
data set.
A single cycle of the detection engine starting with the packet capturing from the interface, then
to detection and back to interface can be better understood with flow diagram depicted in figure
4.
Figure 4: Detection Engine Cycle
V. CONCLUSION AND FUTURE ENHANCEMENTS
Hard compromise on confidential information is clearly unacceptable in presence of security
measures for legitimate network. Conspiracy between communication parties is not legitimate
(Covert Parties) and existence of Hybrid Covert Channel is the strongest threat in communication
which should be decommissioned. Conclusion is to build system to detect the activity of hybrid
covert channel in a small scale LAN. This paper has focussed on designing such a system to
evaluate its performance using an experimental test bed. The future enhancements include the
7. International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC) Vol.1, No.4, December 2010
99
performance evaluation of the system using the real time test bed. Also enhancements could be
planned to cover most of the possible covert fields in TCP packet header like acknowledgment
bounce and options.
VI. ACKNOWLEDGEMENTS
We thank Prof. V Muralidaran, Department Head, Department of Computer Science and
Engineering, M.S.Ramaiah Institute of Technology, Bangalore for his constant support and
encouragement.
Anjan Koundinya thanks Late Dr. V.K Ananthashayana, Erstwhile Head, Department of
Computer Science and Engineering, M.S.Ramaiah Institute of Technology, Bangalore, for
igniting the passion for research.
VII. REFERENCES
[1] Vishal Bharti, Practical Development and Deployment of Covert Communication in IPv4, Journal on
Teoretical and Applied Information Technology, Apr 2007.
[2] Sebastian Zander et.al, Covert Channels and Counter Measures in Computer Network Protocols, IEEE
communication Magazine on survey an tutorials, December 2007.
[3] Sweety Chauhan, Analysis and Detection of Network Covert channel, Technical Report by Department
of computer science and Electrical Engineering,University of Maryland Baltimore County, Dec 2005.
[4] Enping Li , Scott Craver, A supraliminal channel in a wireless phone application, Proceedings of the
11th ACM workshop on Multimedia and security, September 07-08, 2009, Princeton, New Jersey, USA.
[5] Anjan K and Jibi Abraham, Behaviour Analysis of Transport Layer based Hybrid Covert Channel,
CNSA 2010, Springer-Verlag LNCS series.
[6] Sarder Cabuk,Carla Brodley,Clay Sheilds, IP Covert Channel Detection, ACM Transaction on
Information and System Security, Vol 12, Article 22, Apr 2009.
[7] Sarder Cabuk, Carla Brodley, Clay Sheilds, IP Covert Timing Channels : Design and Detection, CCS'
04, Oct 2004.
[8] Loïc Hélouët, Claude Jard, Marc Zeitoun, Covert channels detection in protocols using scenarios,
SPV’03, April 2003.
[9] Steffen Wendzel, Protocol Channels, HAKIN9, Jun 2009.
[10] Description of Detection Approaches at http://gray-world.net/projects/papers/html/cctde.html
[11] Description of JPcap Libraries at http://netresearch.ics.uci.edu/kfujii/jpcap/doc/index.html
[12] Gustavus J Simmons, The Subliminal Channel and Digital Signatures, Springer-Verlag, 1998.
[13] Jerry Banks et.al. Discrete Event System Simulation, Third edition, Prentice Hall, Jan 2001.
[14] Description of Randomness test suite - JRandTester at http://sourceforge.net/projects/jrandtest.
8. International Journal of Ad hoc, Sensor & Ubiquitous Computing (IJASUC) Vol.1, No.4, December 2010
100
AUTHORS PROFILE
Anjan K has received his B.E degree from Visveswariah Technological University,
Belgaum, India in 2007 and his M.Tech degree in Department of Computer Science
and Engineering, M.S. Ramaiah Institute of Technology, Bangalore, India. He has
been awarded Best Performer PG 2010 and Rank holder for his academic
excellence. His areas of research includes Network Security and Cryptography,
Adhoc Networks and Mobile Computing.
Jibi Abraham has received her M.S degree in Software Systems from BITS,
Rajasthan, India in 1999 and PhD degree from Visveswariah Technological
University, Belgaum, India in 2008 in the area of Network Security. Her areas of
research interests include Network routing algorithms, Cryptography, Network
Security of Wireless Sensor Networks and Algorithms Design. Currently she is
working as a Professor at College of Engineering, Pune, India.
Mamatha Jadhav V has received her M.Tech degree in Computer Science and
Engineering from Dr. Ambedkar Institute of Technology, Bangalore, India. She is
currently working as a faculty in Department of Computer Science and
Engineering, M.S. Ramaiah Institute of technology, Bangalore, India. Her subject
interests include Computer Networks, DBMS and Wireless Networks.