This document discusses the development of a novel pattern detection processor using an adaptively divisible dual-port BiTCAM (binary ternary content-addressable memory) to achieve high-throughput, low-power and low-cost pattern detection for mobile devices. The proposed dual-port BiTCAM architecture uses a dual-port AND-type match-line scheme with dual-port active AND gates. This allows for shared storage spaces to reduce power consumption through improved storage efficiency. The divisible BiTCAM also provides flexibility to regularly update the virus database.
Passive monitoring to build Situational AwarenessDavid Sweigert
Passive network monitoring techniques can provide valuable situational awareness for network security professionals. The document describes techniques for passively discovering information about nodes on a network, including operating systems, roles, services, and configurations. This contextual information helps analysts by reducing false positives and focusing resources. The passive approach does not disrupt networks and can operate continuously, in contrast to active scanning tools. A network monitoring prototype is being developed to test these passive discovery techniques.
This document summarizes a research paper analyzing a layered defense system in a virtual lab environment. The paper discusses using tools like honeypots, pfSense firewall, and an intrusion detection system together to form a layered defense model. The researchers used various tools in Kali Linux to simulate attacks and analyze vulnerabilities in the defensive systems. Literature on topics like honeypots, Nmap, pfSense, firewalls, and penetration testing was also reviewed to support the research. The virtual lab experiment tested the layered defense approach against simulated attacks.
ASYMTOTIC ANALYSIS IN SECURED MESSAGE DELIVERYAM Publications
Wireless networking is a method by which homes, telecommunications networks and enterprise (business) installations avoid the costly process of introducing cables into a building, or as a connection between various equipment locations. For such a reasons this technology has become popular. Though it is familiar, its wireless channel is vulnerable to the eavesdroppers during message delivery (security is the major problem). In the previous cases this problem was solved by cryptographic methods such as RSA public key cryptosystem. But due to expensive key distribution and improvement in decoding technology, the message transmitted is said to be unsecured. The problem can be overcome by using artificial noise generation. This paper investigates and studies how to deliver the message securely in the wireless network using artificial noise generation concept.
This paper proposes an automated approach called "content sifting" to quickly detect new worms/viruses based on common exploit sequences and spreading behavior. The approach analyzes network traffic to identify strings that recur frequently across many sources and destinations. The authors developed a prototype system called Earlybird that implemented this approach and was able to automatically detect and generate signatures for existing worms as well as new worms before public disclosure. Earlybird demonstrated the potential for fully automated defenses against even unknown "zero-day" outbreaks.
CONTROLLING IP FALSIFYING USING REALISTIC SIMULATIONIJNSA Journal
This document discusses a proposal to develop a new distributed Internet simulator to study large-scale network events like distributed denial-of-service (DDoS) attacks and worm propagation. Existing network simulators have limited scalability and lack realistic Internet models. The proposed simulator would have a built-in Internet topology model and customizeable modules to simulate specific events while cutting down on unnecessary details. It aims to make large-scale network simulation more accessible to researchers and improve the realism of simulations compared to simplified models currently used. The simulator could help study defenses against problems like IP spoofing, DDoS attacks, and worms.
Dear Student,
DREAMWEB TECHNO SOLUTIONS is one of the Hardware Training and Software Development centre available in
Trichy. Pioneer in corporate training, DREAMWEB TECHNO SOLUTIONS provides training in all software
development and IT-related courses, such as Embedded Systems, VLSI, MATLAB, JAVA, J2EE, CIVIL,
Power Electronics, and Power Systems. It’s certified and experienced faculty members have the
competence to train students, provide consultancy to organizations, and develop strategic
solutions for clients by integrating existing and emerging technologies.
ADD: No:73/5, 3rd Floor, Sri Kamatchi Complex, Opp City Hospital, Salai Road, Trichy-18
Contact @ 7200021403/04
phone: 0431-4050403
Robust encryption algorithm based sht in wireless sensor networksijdpsjournal
In bound applications, the locations
of events reportable by a device network have to be compelled to stay
anonymous. That is, unauthorized observers should be unable to notice the origin of such events by
analyzing the network traffic. I analyze 2 forms of downsides: Communication overhead a
nd machine load
problem. During this paper, I gift a brand new framework for modeling, analyzing, and evaluating
obscurity in device networks. The novelty of the proposed framework is twofold: initial, it introduc
es the
notion of “interval indistinguishabi
lity” and provides a quantitative live to model obscurity in wireless
device networks; second, it maps supply obscurity to the applied mathematics downside I showed that
the
present approaches for coming up with statistically anonymous systems introduce co
rrelation in real
intervals whereas faux area unit unrelated. I show however mapping supply obscurity to consecutive
hypothesis testing with nuisance Parameters ends up in changing the matter of exposing non
-
public supply
data into checking out associate d
egree applicable knowledge transformation that removes or minimize the
impact of the nuisance data victimization sturdy cryptography algorithmic rule. By doing therefore,
I
remodel the matter of analyzing real valued sample points to binary codes, that ope
ns the door for
committal to writing theory to be incorporated into the study of anonymous networks. In existing wor
k,
unable to notice unauthorized observer in network traffic. However our work in the main supported
enhances their supply obscurity against
correlation check. the most goal of supply location privacy is to
cover the existence of real events.
Iaetsd identifying and preventing resource depletion attack inIaetsd Iaetsd
This document discusses identifying and preventing resource depletion attacks in mobile sensor networks. It summarizes that ad-hoc wireless sensor networks are vulnerable to denial of service attacks that aim to drain nodes' battery power over time, disabling the entire network. Existing secure routing protocols do not protect against these "Vampire attacks" which use valid network paths and protocol-compliant messages to minimize energy usage. The document proposes modifying an existing sensor network routing protocol to provably bound the damage from Vampire attacks during packet forwarding.
Passive monitoring to build Situational AwarenessDavid Sweigert
Passive network monitoring techniques can provide valuable situational awareness for network security professionals. The document describes techniques for passively discovering information about nodes on a network, including operating systems, roles, services, and configurations. This contextual information helps analysts by reducing false positives and focusing resources. The passive approach does not disrupt networks and can operate continuously, in contrast to active scanning tools. A network monitoring prototype is being developed to test these passive discovery techniques.
This document summarizes a research paper analyzing a layered defense system in a virtual lab environment. The paper discusses using tools like honeypots, pfSense firewall, and an intrusion detection system together to form a layered defense model. The researchers used various tools in Kali Linux to simulate attacks and analyze vulnerabilities in the defensive systems. Literature on topics like honeypots, Nmap, pfSense, firewalls, and penetration testing was also reviewed to support the research. The virtual lab experiment tested the layered defense approach against simulated attacks.
ASYMTOTIC ANALYSIS IN SECURED MESSAGE DELIVERYAM Publications
Wireless networking is a method by which homes, telecommunications networks and enterprise (business) installations avoid the costly process of introducing cables into a building, or as a connection between various equipment locations. For such a reasons this technology has become popular. Though it is familiar, its wireless channel is vulnerable to the eavesdroppers during message delivery (security is the major problem). In the previous cases this problem was solved by cryptographic methods such as RSA public key cryptosystem. But due to expensive key distribution and improvement in decoding technology, the message transmitted is said to be unsecured. The problem can be overcome by using artificial noise generation. This paper investigates and studies how to deliver the message securely in the wireless network using artificial noise generation concept.
This paper proposes an automated approach called "content sifting" to quickly detect new worms/viruses based on common exploit sequences and spreading behavior. The approach analyzes network traffic to identify strings that recur frequently across many sources and destinations. The authors developed a prototype system called Earlybird that implemented this approach and was able to automatically detect and generate signatures for existing worms as well as new worms before public disclosure. Earlybird demonstrated the potential for fully automated defenses against even unknown "zero-day" outbreaks.
CONTROLLING IP FALSIFYING USING REALISTIC SIMULATIONIJNSA Journal
This document discusses a proposal to develop a new distributed Internet simulator to study large-scale network events like distributed denial-of-service (DDoS) attacks and worm propagation. Existing network simulators have limited scalability and lack realistic Internet models. The proposed simulator would have a built-in Internet topology model and customizeable modules to simulate specific events while cutting down on unnecessary details. It aims to make large-scale network simulation more accessible to researchers and improve the realism of simulations compared to simplified models currently used. The simulator could help study defenses against problems like IP spoofing, DDoS attacks, and worms.
Dear Student,
DREAMWEB TECHNO SOLUTIONS is one of the Hardware Training and Software Development centre available in
Trichy. Pioneer in corporate training, DREAMWEB TECHNO SOLUTIONS provides training in all software
development and IT-related courses, such as Embedded Systems, VLSI, MATLAB, JAVA, J2EE, CIVIL,
Power Electronics, and Power Systems. It’s certified and experienced faculty members have the
competence to train students, provide consultancy to organizations, and develop strategic
solutions for clients by integrating existing and emerging technologies.
ADD: No:73/5, 3rd Floor, Sri Kamatchi Complex, Opp City Hospital, Salai Road, Trichy-18
Contact @ 7200021403/04
phone: 0431-4050403
Robust encryption algorithm based sht in wireless sensor networksijdpsjournal
In bound applications, the locations
of events reportable by a device network have to be compelled to stay
anonymous. That is, unauthorized observers should be unable to notice the origin of such events by
analyzing the network traffic. I analyze 2 forms of downsides: Communication overhead a
nd machine load
problem. During this paper, I gift a brand new framework for modeling, analyzing, and evaluating
obscurity in device networks. The novelty of the proposed framework is twofold: initial, it introduc
es the
notion of “interval indistinguishabi
lity” and provides a quantitative live to model obscurity in wireless
device networks; second, it maps supply obscurity to the applied mathematics downside I showed that
the
present approaches for coming up with statistically anonymous systems introduce co
rrelation in real
intervals whereas faux area unit unrelated. I show however mapping supply obscurity to consecutive
hypothesis testing with nuisance Parameters ends up in changing the matter of exposing non
-
public supply
data into checking out associate d
egree applicable knowledge transformation that removes or minimize the
impact of the nuisance data victimization sturdy cryptography algorithmic rule. By doing therefore,
I
remodel the matter of analyzing real valued sample points to binary codes, that ope
ns the door for
committal to writing theory to be incorporated into the study of anonymous networks. In existing wor
k,
unable to notice unauthorized observer in network traffic. However our work in the main supported
enhances their supply obscurity against
correlation check. the most goal of supply location privacy is to
cover the existence of real events.
Iaetsd identifying and preventing resource depletion attack inIaetsd Iaetsd
This document discusses identifying and preventing resource depletion attacks in mobile sensor networks. It summarizes that ad-hoc wireless sensor networks are vulnerable to denial of service attacks that aim to drain nodes' battery power over time, disabling the entire network. Existing secure routing protocols do not protect against these "Vampire attacks" which use valid network paths and protocol-compliant messages to minimize energy usage. The document proposes modifying an existing sensor network routing protocol to provably bound the damage from Vampire attacks during packet forwarding.
The document describes FADS (Forensic Agent Detection System), a digital forensics tool developed by the Security Research Group at Universiti Sains Malaysia. FADS allows for real-time network monitoring, detection of cyber attacks, and collection of evidence from server and client systems. It features several interfaces for forensic agents, notification of attacks, and storage of evidence in multiple databases for reporting purposes. FADS provides an easier way for law enforcement and organizations to conduct network forensics investigations and gather evidence of cyber crimes.
A Data Hiding Techniques Based on Length of English Text using DES and Attack...IJORCS
The comparing recent proposal for multimedia applications network security remains an important topic for researchers. The security deals with both wired and wireless communication. Network is defined as it is a large system consisting of many similar parts that are connected together to allow the movement or communication between or along the parts or between the parts and a control center. There are the main components of the network information system such as end systems (terminals, servers) and intermediate systems (hubs, switches, gateways). Every node has its own set of vulnerabilities that can be related to hardware, software, protocol stack etc. Nodes are interconnected by physical supports in a network for example connected with cables in wired Local Area Network (LAN) or radio waves (Wi-Fi) in Wireless Local Area Network (WLAN). Some nodes are able to provide services (FTP, HTTP browsing, database access). If two nodes want to communicate together, they must be interconnected physically and logically. Network security deals with also information hiding technique. Now day’s security deals with heterogeneous networks. The use of different wireless and wired network which are working on different platform is heterogeneous. So design of network security for such type of heterogeneous network is difficult task.
This document summarizes a research paper that proposes techniques to detect and localize multiple spoofing attackers in wireless networks using received signal strength (RSS). It begins by introducing the problem of spoofing attacks and outlines three goals: detecting attacks, determining the number of attackers, and localizing multiple adversaries. It then reviews related work on secure routing protocols and key management schemes. An overview of the proposed techniques is provided, including a generalized attack detection model, determining the number of attackers as a multiclass detection problem, and an integrated detection and localization framework (IDOL). Several localization algorithms are also summarized. Experimental results showed the proposed methods can achieve over 90% accuracy in determining the number of attackers.
NTRUSION D ETECTION S YSTEMS IN M OBILE A D H OC N ETWORKS : S TATE OF ...ijcsa
Mobile Ad Hoc Networks (MANETs) are more vulnerable
to different attacks. Prevention methods as
cryptographic techniques alone are not sufficient t
o make them secure; therefore, efficient intrusion
detection must be deployed and elaborated to facili
tate the identification of attacks. An Intrusion De
tection
System (IDS) aims to detect malicious and selfish n
odes in a network. The intrusion detection methods
used
normally for wired networks can no longer adequate
when adapted directly to a wireless ad-hoc network,
so existing techniques of intrusion detection have
to be changed and new techniques have to be determi
ned
to work efficiency and effectively in this new netw
ork architecture of MANETs. In this paper we give a
survey of different architectures and methods of in
trusion detection systems (IDSs) for MANETs
accordingly to the recent literature.
Iaetsd secure data dissemination based onIaetsd Iaetsd
This document proposes a secure data dissemination protocol called Se-Drip for wireless sensor networks. Se-Drip uses a Merkle hash tree to securely disseminate data from a base station to sensor nodes in the network. The protocol has three phases: 1) initialization where the base station generates keys and loads them on nodes, 2) packet preprocessing where the base station constructs data packets and their authentication paths in a Merkle hash tree, and 3) packet verification where nodes verify received packets against the hash tree to authenticate the data. Se-Drip aims to securely disseminate data while being lightweight, robust to packet loss, and resistant to denial-of-service attacks.
PSIM: A TOOL FOR ANALYSIS OF DEVICE PAIRING METHODSIJNSA Journal
Wireless networks are a common place nowadays and almost all of the modern devices support wireless communication in some form. These networks differ from more traditional computing systems due to the ad-hoc and spontaneous nature of interactions among devices. These systems are prone to security risks, such as eavesdropping and require different techniques as compared to traditional security mechanisms. Recently, secure device pairing in wireless environments has got substantial attention from many researchers. As a result, a significant set of techniques and protocols have been proposed to deal with this issue. Some of these techniques consider devices equipped with infrared, laser, ultrasound transceivers or 802.11 network interface cards; while others require embedded accelerometers, cameras and/or LEDs, displays, microphones and/or speakers. However, many of the proposed techniques or protocols have not been implemented at all; while others are implemented and evaluated in a stand-alone manner without being compared with other related work [1]. We believe that it is because of the lack of specialized tools that provide a common platform to test the pairing methods. As a consequence, we designed such a tool. In this paper, we are presenting design and development of the Pairing Simulator (PSim) that can be used to perform the analysis of device pairing methods.
A firewall is a network security device that controls incoming and outgoing network traffic based on a set of security rules. It protects internal networks from unauthorized external access. There are three main types of firewalls: network layer firewalls that filter traffic at the IP level, application layer firewalls that filter traffic by application, and proxy firewalls that intercept traffic and act as an intermediary. Firewalls use packet filtering, proxy services, or stateful inspection to screen traffic and enforce the security policy of an organization. They help control access between networks with different trust levels, such as between the highly trusted internal network and the less trusted internet.
Network Security Enhancement in WSN by Detecting Misbehavioural Activity as C...ijtsrd
This system proposes a centralized system for replica identification. The network is divided into segments and an inspection node is chosen for each segment. Inspection node identifies a clone node by checking the nodes ID and cryptographic key. In this process, Chord algorithm is used to detect the clone node, every node is assigned with random key, before it transmits the data it has to give its key which would be verified by the witness node. If same key is given by another node then the witness node identifies the cloned node. Here every node only needs to know the neighbor list containing all neighbor IDs and its location. In this scheme, Energy Efficient Clustering Protocol EECP protocol is used to implement different energy saving methods. Dr. B. R. Tapas Bapu | Hemavathi S U | Poonkuzhali K | Sweety J "Network Security Enhancement in WSN by Detecting Misbehavioural Activity as Copy Cat Nodes" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-4 , June 2020, URL: https://www.ijtsrd.com/papers/ijtsrd31257.pdf Paper Url :https://www.ijtsrd.com/engineering/computer-engineering/31257/network-security-enhancement-in-wsn-by-detecting-misbehavioural-activity-as-copy-cat-nodes/dr-b-r-tapas-bapu
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
The document proposes a signature-based intrusion detection system using multithreading. It captures network packets and analyzes them for intrusions by comparing signatures to databases of known attacks. A multithreaded design is suggested to improve performance by processing packets in parallel threads. Agents would be deployed on the network with detection modules that use caching of frequent signatures to speed up analysis. An update module would transfer new frequent signatures to the caches.
PREVENTION OF WORMHOLE ATTACK IN WIRELESS SENSOR NETWORKIJNSA Journal
Ubiquitous and pervasive applications, where the Wireless Sensor Networks are typically deployed, lead to the susceptibility to many kinds of security attacks. Sensors used for real time response capability also make it difficult to devise the resource intensive security protocols because of their limited battery, power, memory and processing capabilities. One of potent form of Denial of Service attacks is Wormhole attack that affects on the network layer. In this paper, the techniques dealing with wormhole attack are investigated and an approach for wormhole prevention is proposed. Our approach is based on the analysis of the two-hop neighbors forwarding Route Reply packet. To check the validity of the sender, a unique key between the individual sensor node and the base station is required to be generated by suitable scheme.
Identity Based Detection of Spoofing Attackers in Wireless Networks and Pract...Kumar Goud
Abstract: Wireless spoofing attacks are easy to launch and can significantly impact the performance of networks. Although the identity of a node can be verified through cryptographic authentication, conventional security approaches are not always desirable because of their overhead requirements. In this paper, we propose to use spatial information, a physical property associated with each node, hard to falsify, and not reliant on cryptography, as the basis for (1) detecting spoofing attacks; (2) determining the number of attackers when multiple adversaries masquerading as a same node identity; and (3) localizing multiple adversaries. We propose to use the spatial correlation of received signal strength (RSS) inherited from wireless nodes to detect the spoofing attacks. We then formulate the problem of determining the number of attackers as a multi-class detection problem. Cluster-based mechanisms are developed to determine the number of attackers. When the training data is available, we explore using Support Vector Machines (SVM) method to further improve the accuracy of determining the number of attackers. In addition, we developed an integrated detection and localization system that can localize the positions of multiple attackers. We evaluated our techniques through two testbeds using both an 802.11 (WiFi) network and an 802.15.4 (ZigBee) network in two real office buildings. Our experimental results show that our proposed methods can achieve over 90% Hit Rate and Precision when determining the number of attackers. Our localization results using a representative set of algorithms provide strong evidence of high accuracy of localizing multiple adversaries.
Keywords: Wifi, Spoofing, Wireless, RSS, MAX, WEP, WPA, ISP
This document provides a summary of the MAPS (Malware Analysis and Prediction System) developed by the Security and Forensic Research Group at Universiti Sains Malaysia. MAPS uses multiple modules including an anti-malware module, prediction system, malware analysis, forensic tools, signature database, online repository, and evidence storage to detect, analyze, predict, and prevent malware attacks. It also compares the functions of MAPS to other commercial anti-malware systems such as Avira and Kaspersky.
This paper introduces serious security vulnerabilities in intrusion prevention systems (IPS) that can be exploited using evasion techniques. The authors developed a tool called Evader that can apply various evasion methods to obfuscate malicious traffic and bypass IPS devices. Testing Evader against numerous commercial IPS products, they found that even the latest versions with the most up-to-date signatures and configurations could all be evaded using their advanced evasion techniques. This demonstrates that IPS systems remain highly susceptible to evasion attacks and are unable to effectively prevent modern intrusions.
This document discusses security threats and attacks in wireless ad hoc networks. It begins by introducing ad hoc networks and some of the challenges in providing security in these networks due to their dynamic nature and lack of centralized authority. It then categorizes attacks as either passive or active, with passive attacks including eavesdropping and traffic analysis, and active attacks including masquerading, replay attacks, message modification, and denial-of-service attacks. The document reviews several security requirements and proposes hashing techniques as a potential solution to help secure routing protocols against various attacks. Specifically, it suggests using hash functions and hash chains to authenticate routing information and detect unauthorized modifications. The goal is to develop an efficient security approach that addresses issues like authentication, integrity
Review Paper on Predicting Network Attack Patterns in SDN using MLijtsrd
Software Defined Networking SDN provides several advantages like manageability, scaling, and improved performance. SDN has some security problems, especially if its controller is defense less over Distributed Denial of Service attacks. The mechanism and communication extent of the SDN controller is overloaded when DDoS attacks are performed against the SDN controller. So, as results of the useless flow built by the controller for the attack packets, the extent of the switch flow table becomes full, leading the network performance to decline to a critical threshold. The challenge lies in defining the set of rules on the SDN controller to dam malicious network connections. Historical network attack data are often wont to automatically identify and block the malicious connections. In this review paper, we are going to propose using ML algorithms, tested on collected network attack data, to get the potential malicious connections and potential attack destinations. We use four machine learning algorithms C4.5, Bayesian Network BayesNet , multidimensional language DT , and Naive Bayes to predict the host which will be attacked to support the historical data. DDoS attacks in Software Defined Network were detected by using ML based models. Some key features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Dr. C. Umarani | Gopalshree Kushwaha "Review Paper on Predicting Network Attack Patterns in SDN using ML" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd35732.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-network/35732/review-paper-on-predicting-network-attack-patterns-in-sdn-using-ml/dr-c-umarani
This document summarizes a research paper that aims to detect and prevent wormhole attacks in wireless sensor networks. It first provides background on wormhole attacks, where an attacker tunnels network traffic to another location to compromise routing. It then reviews related work detecting wormholes using cryptography, location verification, or intrusion detection. The paper proposes a system with guard nodes that collaboratively monitor links to detect compromised nodes. It describes modules for network topology establishment, attack establishment through different wormhole modes, and an elimination mechanism where guard nodes isolate attackers once malicious behaviors exceed thresholds. Simulations test the ability of this scheme to improve security against wormhole attacks in resource-constrained wireless sensor networks.
Leveraging the Power of Smartphones: Real Time Monitoring of Water PointsIJERA Editor
In recent years, the world has become more sophisticated. Different aspects of today’s life has been digitized, this include; business, education, health, communication and numerous community services. With the existing extended coverage of cellular networks, most services are constantly deployed to be accessed via mobile phones, as they are also the most pervasive pocket carried devices. Though, both regular and smartphone can be used to convey the basics of mobile based services such as mobile banking, calling and text messaging, smartphone goes extra mile. While regular phones are still the better choice for some, smartphones are tremendously taking over the cellphone market. Smartphones are powered by the vast amount of mobile apps available today which offer unprecedented features and functionalities and as well more advanced internet connectivity. To ensure reliable, sufficient and safe water supply to public, the installed water points need to be well monitored. Quality and quantity parameters of water produced from the water points are constantly tracked to determine if they are within the acceptable range. In case of acute condition, the identified parameters need to be instantly communicated to the District Water Engineer (DWE) for prompt intervention. In this paper we explore the popularity and advantages of smartphones and present a proposed prototype that exploit the power of smartphones in real time monitoring of water points.
Effect of Nozzle Design and Processing Parameter on Characteristics of Glass/...IJERA Editor
Among the various methods commingling process is comparatively better alternative to produce hybrid yarns. The required properties of hybrid yarns can be obtained by controlling main processing parameters such as air pressure, overfeed and take-up speed along with proper selection of nozzle (jet) design. The commingling machine has been fabricated to study the commingling parameters. The nozzle is the most important element of the commingling machine. The design specification of commingling jet along with the processing parameters decides the final characteristics of yarn. In the present study two different types of jets have been selected to investigate commingling characteristics of glass/polypropylene hybrid yarn.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
The document describes FADS (Forensic Agent Detection System), a digital forensics tool developed by the Security Research Group at Universiti Sains Malaysia. FADS allows for real-time network monitoring, detection of cyber attacks, and collection of evidence from server and client systems. It features several interfaces for forensic agents, notification of attacks, and storage of evidence in multiple databases for reporting purposes. FADS provides an easier way for law enforcement and organizations to conduct network forensics investigations and gather evidence of cyber crimes.
A Data Hiding Techniques Based on Length of English Text using DES and Attack...IJORCS
The comparing recent proposal for multimedia applications network security remains an important topic for researchers. The security deals with both wired and wireless communication. Network is defined as it is a large system consisting of many similar parts that are connected together to allow the movement or communication between or along the parts or between the parts and a control center. There are the main components of the network information system such as end systems (terminals, servers) and intermediate systems (hubs, switches, gateways). Every node has its own set of vulnerabilities that can be related to hardware, software, protocol stack etc. Nodes are interconnected by physical supports in a network for example connected with cables in wired Local Area Network (LAN) or radio waves (Wi-Fi) in Wireless Local Area Network (WLAN). Some nodes are able to provide services (FTP, HTTP browsing, database access). If two nodes want to communicate together, they must be interconnected physically and logically. Network security deals with also information hiding technique. Now day’s security deals with heterogeneous networks. The use of different wireless and wired network which are working on different platform is heterogeneous. So design of network security for such type of heterogeneous network is difficult task.
This document summarizes a research paper that proposes techniques to detect and localize multiple spoofing attackers in wireless networks using received signal strength (RSS). It begins by introducing the problem of spoofing attacks and outlines three goals: detecting attacks, determining the number of attackers, and localizing multiple adversaries. It then reviews related work on secure routing protocols and key management schemes. An overview of the proposed techniques is provided, including a generalized attack detection model, determining the number of attackers as a multiclass detection problem, and an integrated detection and localization framework (IDOL). Several localization algorithms are also summarized. Experimental results showed the proposed methods can achieve over 90% accuracy in determining the number of attackers.
NTRUSION D ETECTION S YSTEMS IN M OBILE A D H OC N ETWORKS : S TATE OF ...ijcsa
Mobile Ad Hoc Networks (MANETs) are more vulnerable
to different attacks. Prevention methods as
cryptographic techniques alone are not sufficient t
o make them secure; therefore, efficient intrusion
detection must be deployed and elaborated to facili
tate the identification of attacks. An Intrusion De
tection
System (IDS) aims to detect malicious and selfish n
odes in a network. The intrusion detection methods
used
normally for wired networks can no longer adequate
when adapted directly to a wireless ad-hoc network,
so existing techniques of intrusion detection have
to be changed and new techniques have to be determi
ned
to work efficiency and effectively in this new netw
ork architecture of MANETs. In this paper we give a
survey of different architectures and methods of in
trusion detection systems (IDSs) for MANETs
accordingly to the recent literature.
Iaetsd secure data dissemination based onIaetsd Iaetsd
This document proposes a secure data dissemination protocol called Se-Drip for wireless sensor networks. Se-Drip uses a Merkle hash tree to securely disseminate data from a base station to sensor nodes in the network. The protocol has three phases: 1) initialization where the base station generates keys and loads them on nodes, 2) packet preprocessing where the base station constructs data packets and their authentication paths in a Merkle hash tree, and 3) packet verification where nodes verify received packets against the hash tree to authenticate the data. Se-Drip aims to securely disseminate data while being lightweight, robust to packet loss, and resistant to denial-of-service attacks.
PSIM: A TOOL FOR ANALYSIS OF DEVICE PAIRING METHODSIJNSA Journal
Wireless networks are a common place nowadays and almost all of the modern devices support wireless communication in some form. These networks differ from more traditional computing systems due to the ad-hoc and spontaneous nature of interactions among devices. These systems are prone to security risks, such as eavesdropping and require different techniques as compared to traditional security mechanisms. Recently, secure device pairing in wireless environments has got substantial attention from many researchers. As a result, a significant set of techniques and protocols have been proposed to deal with this issue. Some of these techniques consider devices equipped with infrared, laser, ultrasound transceivers or 802.11 network interface cards; while others require embedded accelerometers, cameras and/or LEDs, displays, microphones and/or speakers. However, many of the proposed techniques or protocols have not been implemented at all; while others are implemented and evaluated in a stand-alone manner without being compared with other related work [1]. We believe that it is because of the lack of specialized tools that provide a common platform to test the pairing methods. As a consequence, we designed such a tool. In this paper, we are presenting design and development of the Pairing Simulator (PSim) that can be used to perform the analysis of device pairing methods.
A firewall is a network security device that controls incoming and outgoing network traffic based on a set of security rules. It protects internal networks from unauthorized external access. There are three main types of firewalls: network layer firewalls that filter traffic at the IP level, application layer firewalls that filter traffic by application, and proxy firewalls that intercept traffic and act as an intermediary. Firewalls use packet filtering, proxy services, or stateful inspection to screen traffic and enforce the security policy of an organization. They help control access between networks with different trust levels, such as between the highly trusted internal network and the less trusted internet.
Network Security Enhancement in WSN by Detecting Misbehavioural Activity as C...ijtsrd
This system proposes a centralized system for replica identification. The network is divided into segments and an inspection node is chosen for each segment. Inspection node identifies a clone node by checking the nodes ID and cryptographic key. In this process, Chord algorithm is used to detect the clone node, every node is assigned with random key, before it transmits the data it has to give its key which would be verified by the witness node. If same key is given by another node then the witness node identifies the cloned node. Here every node only needs to know the neighbor list containing all neighbor IDs and its location. In this scheme, Energy Efficient Clustering Protocol EECP protocol is used to implement different energy saving methods. Dr. B. R. Tapas Bapu | Hemavathi S U | Poonkuzhali K | Sweety J "Network Security Enhancement in WSN by Detecting Misbehavioural Activity as Copy Cat Nodes" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-4 , June 2020, URL: https://www.ijtsrd.com/papers/ijtsrd31257.pdf Paper Url :https://www.ijtsrd.com/engineering/computer-engineering/31257/network-security-enhancement-in-wsn-by-detecting-misbehavioural-activity-as-copy-cat-nodes/dr-b-r-tapas-bapu
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
The document proposes a signature-based intrusion detection system using multithreading. It captures network packets and analyzes them for intrusions by comparing signatures to databases of known attacks. A multithreaded design is suggested to improve performance by processing packets in parallel threads. Agents would be deployed on the network with detection modules that use caching of frequent signatures to speed up analysis. An update module would transfer new frequent signatures to the caches.
PREVENTION OF WORMHOLE ATTACK IN WIRELESS SENSOR NETWORKIJNSA Journal
Ubiquitous and pervasive applications, where the Wireless Sensor Networks are typically deployed, lead to the susceptibility to many kinds of security attacks. Sensors used for real time response capability also make it difficult to devise the resource intensive security protocols because of their limited battery, power, memory and processing capabilities. One of potent form of Denial of Service attacks is Wormhole attack that affects on the network layer. In this paper, the techniques dealing with wormhole attack are investigated and an approach for wormhole prevention is proposed. Our approach is based on the analysis of the two-hop neighbors forwarding Route Reply packet. To check the validity of the sender, a unique key between the individual sensor node and the base station is required to be generated by suitable scheme.
Identity Based Detection of Spoofing Attackers in Wireless Networks and Pract...Kumar Goud
Abstract: Wireless spoofing attacks are easy to launch and can significantly impact the performance of networks. Although the identity of a node can be verified through cryptographic authentication, conventional security approaches are not always desirable because of their overhead requirements. In this paper, we propose to use spatial information, a physical property associated with each node, hard to falsify, and not reliant on cryptography, as the basis for (1) detecting spoofing attacks; (2) determining the number of attackers when multiple adversaries masquerading as a same node identity; and (3) localizing multiple adversaries. We propose to use the spatial correlation of received signal strength (RSS) inherited from wireless nodes to detect the spoofing attacks. We then formulate the problem of determining the number of attackers as a multi-class detection problem. Cluster-based mechanisms are developed to determine the number of attackers. When the training data is available, we explore using Support Vector Machines (SVM) method to further improve the accuracy of determining the number of attackers. In addition, we developed an integrated detection and localization system that can localize the positions of multiple attackers. We evaluated our techniques through two testbeds using both an 802.11 (WiFi) network and an 802.15.4 (ZigBee) network in two real office buildings. Our experimental results show that our proposed methods can achieve over 90% Hit Rate and Precision when determining the number of attackers. Our localization results using a representative set of algorithms provide strong evidence of high accuracy of localizing multiple adversaries.
Keywords: Wifi, Spoofing, Wireless, RSS, MAX, WEP, WPA, ISP
This document provides a summary of the MAPS (Malware Analysis and Prediction System) developed by the Security and Forensic Research Group at Universiti Sains Malaysia. MAPS uses multiple modules including an anti-malware module, prediction system, malware analysis, forensic tools, signature database, online repository, and evidence storage to detect, analyze, predict, and prevent malware attacks. It also compares the functions of MAPS to other commercial anti-malware systems such as Avira and Kaspersky.
This paper introduces serious security vulnerabilities in intrusion prevention systems (IPS) that can be exploited using evasion techniques. The authors developed a tool called Evader that can apply various evasion methods to obfuscate malicious traffic and bypass IPS devices. Testing Evader against numerous commercial IPS products, they found that even the latest versions with the most up-to-date signatures and configurations could all be evaded using their advanced evasion techniques. This demonstrates that IPS systems remain highly susceptible to evasion attacks and are unable to effectively prevent modern intrusions.
This document discusses security threats and attacks in wireless ad hoc networks. It begins by introducing ad hoc networks and some of the challenges in providing security in these networks due to their dynamic nature and lack of centralized authority. It then categorizes attacks as either passive or active, with passive attacks including eavesdropping and traffic analysis, and active attacks including masquerading, replay attacks, message modification, and denial-of-service attacks. The document reviews several security requirements and proposes hashing techniques as a potential solution to help secure routing protocols against various attacks. Specifically, it suggests using hash functions and hash chains to authenticate routing information and detect unauthorized modifications. The goal is to develop an efficient security approach that addresses issues like authentication, integrity
Review Paper on Predicting Network Attack Patterns in SDN using MLijtsrd
Software Defined Networking SDN provides several advantages like manageability, scaling, and improved performance. SDN has some security problems, especially if its controller is defense less over Distributed Denial of Service attacks. The mechanism and communication extent of the SDN controller is overloaded when DDoS attacks are performed against the SDN controller. So, as results of the useless flow built by the controller for the attack packets, the extent of the switch flow table becomes full, leading the network performance to decline to a critical threshold. The challenge lies in defining the set of rules on the SDN controller to dam malicious network connections. Historical network attack data are often wont to automatically identify and block the malicious connections. In this review paper, we are going to propose using ML algorithms, tested on collected network attack data, to get the potential malicious connections and potential attack destinations. We use four machine learning algorithms C4.5, Bayesian Network BayesNet , multidimensional language DT , and Naive Bayes to predict the host which will be attacked to support the historical data. DDoS attacks in Software Defined Network were detected by using ML based models. Some key features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Dr. C. Umarani | Gopalshree Kushwaha "Review Paper on Predicting Network Attack Patterns in SDN using ML" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd35732.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-network/35732/review-paper-on-predicting-network-attack-patterns-in-sdn-using-ml/dr-c-umarani
This document summarizes a research paper that aims to detect and prevent wormhole attacks in wireless sensor networks. It first provides background on wormhole attacks, where an attacker tunnels network traffic to another location to compromise routing. It then reviews related work detecting wormholes using cryptography, location verification, or intrusion detection. The paper proposes a system with guard nodes that collaboratively monitor links to detect compromised nodes. It describes modules for network topology establishment, attack establishment through different wormhole modes, and an elimination mechanism where guard nodes isolate attackers once malicious behaviors exceed thresholds. Simulations test the ability of this scheme to improve security against wormhole attacks in resource-constrained wireless sensor networks.
Leveraging the Power of Smartphones: Real Time Monitoring of Water PointsIJERA Editor
In recent years, the world has become more sophisticated. Different aspects of today’s life has been digitized, this include; business, education, health, communication and numerous community services. With the existing extended coverage of cellular networks, most services are constantly deployed to be accessed via mobile phones, as they are also the most pervasive pocket carried devices. Though, both regular and smartphone can be used to convey the basics of mobile based services such as mobile banking, calling and text messaging, smartphone goes extra mile. While regular phones are still the better choice for some, smartphones are tremendously taking over the cellphone market. Smartphones are powered by the vast amount of mobile apps available today which offer unprecedented features and functionalities and as well more advanced internet connectivity. To ensure reliable, sufficient and safe water supply to public, the installed water points need to be well monitored. Quality and quantity parameters of water produced from the water points are constantly tracked to determine if they are within the acceptable range. In case of acute condition, the identified parameters need to be instantly communicated to the District Water Engineer (DWE) for prompt intervention. In this paper we explore the popularity and advantages of smartphones and present a proposed prototype that exploit the power of smartphones in real time monitoring of water points.
Effect of Nozzle Design and Processing Parameter on Characteristics of Glass/...IJERA Editor
Among the various methods commingling process is comparatively better alternative to produce hybrid yarns. The required properties of hybrid yarns can be obtained by controlling main processing parameters such as air pressure, overfeed and take-up speed along with proper selection of nozzle (jet) design. The commingling machine has been fabricated to study the commingling parameters. The nozzle is the most important element of the commingling machine. The design specification of commingling jet along with the processing parameters decides the final characteristics of yarn. In the present study two different types of jets have been selected to investigate commingling characteristics of glass/polypropylene hybrid yarn.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Design and Analysis of the Effect of a Modified Valve with Helical Guideways ...IJERA Editor
The in-cylinder flow of an Internal Combustion Engine(ICE) has drawn much attention of the automotive
researchers and scientists in the present time. A good swirl promotes fast combustion and improves the
efficiency. Based upon this concept, this paper describes the results of a study conducted to investigate the
effects of a “modified valve with helical guide ways” on the performance of combustion. Small internal
combustion engine is designed to be part of a very efficient vehicle to enter a consumption marathon. The
engine should run at low speeds, in order to have low mechanical losses but combustion should be fast, enabling
good combustion efficiency. Therefore, high turbulence is required prior to combustion within the cylinder,
hence the concept of swirl is introduced and its effect on the combustion within the cylinder has been
ascertained in the present work. Assessment of the effect of swirl on combustion performance within the
cylinder requires excessive experimentation by modifying the design of various components of combustion
chamber. Therefore, in the present work using the concept of CFD the simulation of combustion phenomenon
has been carried out and the output parameters in the form of swirl ratio has been assessed. The modelling of
combustion chamber has been carried out using CATIA software and the same is imported to analysis software
ANSYS- CFX module. Here, the performance of the model is assessed by the swirl ratio. The swirl ratio of the
modified valve (Valve with helical guide ways) is obtained as 1.45 which is much higher than a normal valve
with swirl ratio 0.65 as assessed from the present work.
Railway Ticket Counter Problem With STMIJERA Editor
The past few years have marked the start of a historic transition from sequential to parallel computation. The necessity to write parallel programs is increasing as systems are getting more complex while processor speed increases are slowing down. Current parallel programming uses low-level programming constructs like threads and explicit synchronization using locks to coordinate thread execution. Parallel programs written with these constructs are difficult to design, program and debug. Also locks have many drawbacks which make them a suboptimal solution. One such drawback is that locks should be only used to enclose the critical section of the parallel-processing code. If locks are used to enclose the entire code then the performance of the code drastically decreases. Software Transactional Memory (STM) is a promising new approach to programming shared-memory parallel processors. It is a concurrency control mechanism that is widely considered to be easier to use by programmers than locking. It allows portions of a program to execute in isolation, without regard to other, concurrently executing tasks. A programmer can reason about the correctness of code within a transaction and need not worry about complex interactions with other, concurrently executing parts of the program. If STM is used to enclose the entire code then the performance of the code is the same as that of the code in which STM is used to enclose the critical section only and is far better than code in which locks have been used to enclose the entire code. So STM is easier to use than locks as critical section does not need to be identified in case of STM.
Building Development Practice in Flood Prone Area: Case of Ogbaru Council Are...IJERA Editor
This study examined the practice of building development in flood prone areas and how it has contributed to the menace of flooding in Ogbaru Council Area of Anambra State Nigeria. It was a survey research where questionnaires were distributed to heads of the selected households, in addition to physical observations on buildings within the selected households. Four towns out of sixteen towns that made up Ogbaru Council Area of Anambra State were purposefully selected. From these towns, 96 households each were randomly selected and a total of 384 questionnaires were administered to the head of each household or their representative, whereas 242 copies were completed, returned and found useful, thus, giving a response rate of 62.92%. The study found that siting of buildings on waterways, flood channels/plains, inadequate/lack of drains in the compounds, lack of planning restriction/developmental control, size of the building/area occupied by the building among others contribute greatly to the incessant flood menace in the study area. The study therefore deduced that some building practices such as those identified above have the ability of exacerbating the velocity and rate of flooding in the area which turned into natural disaster, and thus, recommended strict enforcement of building and urban development laws and control in the state to reduce indiscriminate erecting of building structures on waterways, including planlessness of our emerging urban centres.
Research Intensity Synthesis of Propionic Acid and Vitamin B12 PropionibacteriaIJERA Editor
This document summarizes a study that selected and characterized strains of Propionibacterium shermanii for their ability to synthesize vitamin B12 and propionic acid. 9 strains of P. shermanii were isolated that could synthesize vitamin B12 between 180-1200 mcg/ml and propionic acid between 0.63-2.53 g/l. The best vitamin B12 and propionic acid producing strains were strains 1, 5, 6, and 7. These strains show promise for use in biotechnology to improve the safety, nutrition and biological value of foods.
Traffic Violation Detection Using Multiple Trajectories of VehiclesIJERA Editor
In general lane change violations are likely to happen before the stop line in the red-light violation detection
region. The system which can be detecting red-light and lane change violation is very useful for the traffic
management detection using vehicles moving in the region of interest and combining with the evaluation of the
trajectories behavior of multiple vehicles using mean square displacement (MSD) to detected both of violation.
We are using image processing technique only to detected traffic signal without help of another other system.
The experiment result shows that the algorithm is high accuracy to detect both of violation.
Voice Activity Detector of Wake-Up-Word Speech Recognition System Design on FPGAIJERA Editor
A typical speech recognition system is push-to-talk operated that requires activation. However for those who use hands-busy applications, movement may by restricted or impossible. One alternative is to use Speech-Only Interface. The proposed method that is called Wake-Up-Word Speech Recognition (WUW-SR) that utilizes speech only interface. A WUW-SR system would allow the user to activate systems (Cell phone, Computer, etc.) with only speech commands instead of manual activation. The trend in WUW-SR hardware design is towards implementing a complete system on a single chip intended for various applications. This paper presents an experimental FPGA design and implementation of a novel architecture of a real time feature extraction processor that includes: Voice Activity Detector (VAD), and features extraction, MFCC, LPC, and ENH_MFCC. In the WUW-SR system, the recognizer front-end with VAD is located at the terminal which is typically connected over a data network(e.g., server)for remote back-end recognition. VAD is responsible for segmenting the signal into speech-like and non-speech-like segments. For any given frame VAD reports one of two possible states: VAD_ON or VAD_OFF. The back-end is then responsible to score the features that are being segmented during VAD_ON stage. The most important characteristic of the presented design is that it should guarantee virtually 100% correct rejection for non-WUW (out of vocabulary words - OOV) while maintaining correct acceptance rate of 99.9% or higher (in vocabulary words - INV). This requirement sets apart WUW-SR from other speech recognition tasks because no existing system can guarantee 100% reliability by any measure.
This document summarizes a study that assessed the condition of drainage facilities in the Kore sector of the Kano River Irrigation Project in Nigeria. A total of 378 field drains and 46 collector drains were surveyed. The results showed that 202 (53.4%) field drains were not functioning due to issues like blockage, waterlogging, and weed infestation. Thirty (30) drains (7.94%) were functioning, while 146 (38.62%) were out of operation as irrigation activities had ceased in those areas due to lack of water. The poor condition of the drains risks deterioration of the irrigation project through problems like waterlogging and soil salinization. Rehabilitation of the drainage system is needed
Random Lead Time of the acute ghrelin response to a psychological stressIJERA Editor
Ghrelin is a growth hormone and cortisol secretagogue that plays an important role in appetite and weight regulation. It is not known whether ghrelin is involved in the eating response to stress in humans. In the present study we examined the effects of psychologically induced stress on plasma ghrelin levels in patients with binge-eating disorder (BED) and in healthy subjects of normal or increased body mass index (BMI). Volunteers were subjected to the standardized trier social stress test (TSST). Basal ghrelin levels in patients were at an intermediate level between thin and healthy obese subjects, but this difference did not attain statistical significance. There were no differences in ghrelin levels throughout the test among the groups after correction for BMI, age and gender. A significant difference in the trend time of ghrelin was revealed when the three groups were analyzed according to their cortisol response to stress. Ghrelin levels increased in cortisol responders whereas no change or a decrease in ghrelin levels occurred in cortisol non-responders. We also found Optimal time T*, Minimal Repair δ and Random Lead Time g to minimize the ghrelin level.
Extract the ancient letters from decoratedIJERA Editor
Nowadays, large databases of ornaments of the hand-press period are available and need efficient retrieval tools
for history specialists and general users. This article deals with document images analysis. The purpose of our
work is to automatically determine the letter represented in an ornamental letter image. Our process is divided
into two parts: Wavelet transformation: Segmentation of the ornamental letter followed by a recognition step.
The segmentation process uses multi-resolution analysis to filter background decorations followed by
binarisation and morphologic reconstruction of the expected letter.
Keywords - segmentation, multiresolution analysis, ornemental lettres, Wavelet transform
Provider Aware Anonymization Algorithm for Preserving M - PrivacyIJERA Editor
In this paper, we consider the collaborative data publishing problem for anonymizing horizontally partitioned
data at multiple data providers. We consider a new type of “insider attack” by colluding data providers who may
use their own data records (a subset of the overall data) in addition to the external background knowledge to
infer the data records contributed by other data providers. The paper addresses this new threat and makes several
contributions. First, we introduce the notion of m-privacy, which guarantees that the anonymized data satisfies a
given privacy constraint against any group of up to m colluding data providers. Second, we present heuristic
algorithms exploiting the equivalence group monotonicity of privacy constraints and adaptive ordering
techniques for efficiently checking m-privacy given a set of records. Finally, we present a data provider-aware
anonymization algorithm with adaptive m- privacy checking strategies to ensure high utility and m-privacy of
anonymized data with efficiency. Experiments on real-life datasets suggest that our approach achieves better or
comparable utility and efficiency than existing and baseline algorithms while providing m-privacy guarantee.
Validation of the Newly Developed Fabric Feel Tester for Its Accuracy and Rep...IJERA Editor
The present paper deals with a comprehensive study of reproducibility of the newly developed instrument to
study fabric handle characteristics using extraction principle. As reported earlier that a new nozzle extraction
method for objective measurement of fabric handle characteristics has been developed. The force exerted by the
fabric being drawn out of the nozzle is known as extraction force and the force exerted by the fabric at the side
wall of the nozzle is known as radial force. A few fabric samples have been tested on this newly developed
instrument and the effect of numbers of tests has been studied. It has been observed that minimum five samples
of a fabric test in this instrument gives lower standard deviation of the test results. Also the overall deviations of
results justified the reproducibility of the instrument and hence the said instrument if validated for its testing
parameters.
This document describes a study on the uniformity of pressure profiles in a wind tunnel. It begins with background information on the development of wind tunnels. It then describes the experimental setup of the uni-insta's wind tunnel, which features a bell mouth entry, honeycomb settling chamber, and acrylic working section. Pressure measurements were taken at six points in the working section using a probe and manometer. Graphs of the pressure readings show the pressure distribution was nearly uniform, with small variations between the five static pressure ports. The document concludes the wind tunnel achieved good simulation of atmospheric boundary layers and uniform flow.
This document summarizes research on neuromorphic silicon neurons and synapses. It discusses how analog VLSI circuits can mimic the behavior of biological neurons and synapses. Specifically, it describes the implementation of integrate-and-fire neuron models using axon-hillock circuits and voltage amplifier circuits. It also briefly discusses non-plastic and plastic silicon synapses. The goal is to develop biologically inspired hardware systems using very large scale integrated circuits to model the basic computational units of the nervous system.
This document discusses a study on evaluating thermal fatigue failure of boiler tubes made of SMST (Salzgitter Mannesmann strain less boiler tube) DMV 304 HCu material. Thermal fatigue occurs in boiler tubes due to the cyclic temperature fluctuations from startup and shutdown. The study uses a smithy furnace to heat tube specimens to 600°C and quench them in water to simulate the temperature cycling. Tube specimens were subjected to 50, 100, 150, and 200 thermal cycles and then analyzed using microstructure analysis and Vickers hardness testing. The results showed increasing grain coarsening and decreasing hardness with more thermal cycles. Failure occurred after 200 cycles, indicating the limit of thermal fatigue life for the tube material under these
This document discusses firewalls and their types. It begins by explaining that firewalls protect networks by guarding entry points and are becoming more sophisticated. It then defines a firewall as a network security system that controls incoming and outgoing network traffic based on rules. The document outlines different generations of firewalls and describes four main types: packet filtering, stateful packet inspection, application gateways/proxies, and circuit-level gateways. It details the characteristics, strengths, and weaknesses of each type. Finally, it emphasizes that networks are still at risk of attacks and that firewalls have become ubiquitous, so choosing the right solution depends on needs, policies, resources.
Firewall technology emerged in the late 1980s in response to growing threats on the internet. The first generation of firewalls were packet filters that inspected packets at the network layer based on information like source/destination addresses and port numbers. The second generation introduced stateful packet inspection, which tracked the state of network connections. The third generation analyzed traffic at the application layer to better understand application protocols and detect attacks. Modern firewalls incorporate various techniques from these generations including deep packet inspection, intrusion prevention, and application-specific rules.
Agent based intrusion detection, response and blocking using signature method...Mumbai Academisc
This document discusses an approach to intrusion prevention using active networks. It proposes using agents for intrusion detection and response that are integrated with a collaborative intrusion detection system (IDS) to provide a wider array of information. Signatures are used to detect intrusions, and when detected, responses include blocking the connection to prevent further access to data. The system is intended to provide rapid detection and response to evolving network threats.
ER Publication,
IJETR, IJMCTR,
Journals,
International Journals,
High Impact Journals,
Monthly Journal,
Good quality Journals,
Research,
Research Papers,
Research Article,
Free Journals, Open access Journals,
erpublication.org,
Engineering Journal,
Science Journals,
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysisijceronline
This document summarizes a research paper that proposes a new method for identifying denial of service (DoS) attacks using multivariate correlation analysis (MCA). The method involves three main steps: 1) generating basic features from network traffic, 2) using MCA to extract correlations between features and generate triangle area maps, and 3) using an anomaly-based detection mechanism to distinguish attacks from normal traffic based on differences from pre-generated normal profiles. The researchers evaluate their method on the KDD Cup 99 dataset and achieve moderate detection performance. However, they identify issues related to differences in feature scales that reduce detection of some attacks. They propose using statistical normalization to address this.
A firewall is a network security device that controls incoming and outgoing network traffic based on a set of security rules. It protects internal networks from unauthorized external access. There are three main types of firewalls: network layer firewalls that filter traffic at the IP level, application layer firewalls that filter traffic by application, and proxy firewalls that intercept traffic and act as an intermediary. Firewalls use packet filtering, proxy services, or stateful inspection to screen traffic and enforce the security policy of an organization. They help control access between networks with different trust levels, such as between the highly trusted internal network and the less trusted internet.
International Journal of Network Security & Its Applications (IJNSA)IJNSA Journal
This document contains summaries of multiple papers on topics related to network and information security. The papers discuss intrusion detection systems using genetic algorithms and the KDD99 dataset, security risks of cloud computing implementations in enterprises, security challenges and solutions for vehicular ad hoc networks, and security issues and potential solutions for cloud computing, big data, Hadoop and MapReduce environments. The document provides links to the full papers and cites the number of times each paper has been referenced by other works.
A firewall is a network security system that controls incoming and outgoing network traffic based on rules. It establishes a barrier between an internal trusted network and an external untrusted network like the Internet. Firewalls exist as both software and hardware. Hardware firewalls are standalone devices that provide network-level protection, while software firewalls install on individual devices. Common firewall techniques include packet filtering, application gateways, proxy servers, and network address translation. Firewalls are customizable and can filter traffic based on IP addresses, domains, protocols, ports, and specific words. They provide security against threats like remote access, backdoors, denial of service attacks, viruses, and spam.
Pre-filters in-transit malware packets detection in the networkTELKOMNIKA JOURNAL
Conventional malware detection systems cannot detect most of the new malware in the network
without the availability of their signatures. In order to solve this problem, this paper proposes a technique
to detect both metamorphic (mutated malware) and general (non-mutated) malware in the network using a
combination of known malware sub-signature and machine learning classification. This network-based
malware detection is achieved through a middle path for efficient processing of non-malware packets.
The proposed technique has been tested and verified using multiple data sets (metamorphic malware,
non-mutated malware, and UTM real traffic), this technique can detect most of malware packets in
the network-based before they reached the host better than the previous works which detect malware in
host-based. Experimental results showed that the proposed technique can speed up the transmission of
more than 98% normal packets without sending them to the slow path, and more than 97% of malware
packets are detected and dropped in the middle path. Furthermore, more than 75% of metamorphic
malware packets in the test dataset could be detected. The proposed technique is 37 times faster than
existing technique.
The document discusses Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). It states that IDS monitors network traffic to detect potential security breaches by analyzing for signs of attacks or unauthorized access. When suspicious activity is identified, an alert is generated. IPS goes beyond detection and can also prevent security breaches by blocking malicious traffic before it reaches its destination. IPS can detect and block known attack patterns by examining traffic patterns and signatures. Both hardware and software based IDS/IPS solutions can be effective, with the choice depending on an organization's specific needs and constraints. Popular open-source and commercial IDS/IPS tools are also mentioned.
This document discusses using data mining techniques to classify and detect internet worms. It proposes a model that preprocesses network packet data to extract features, then uses three data mining algorithms (Random Forest, Decision Tree, Bayesian Network) to classify the data as normal, worm, or other network attacks. The model was able to detect internet worms with over 99% accuracy and less than 1% false alarm rate when classifying test data, outperforming Bayesian Network. In general, the document evaluates using machine learning for network-based internet worm detection.
Internet Worm Classification and Detection using Data Mining Techniquesiosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
This document discusses the Address Resolution Protocol (ARP) and its use in intrusion detection systems. It proposes a standardized 64-byte ARP protocol structure to more easily capture ARP packets from a network. The structure includes fields for frame information, destination and source addresses, ARP type details, and sender/target MAC and IP addresses. This standardized structure could be integrated into network monitoring to help detect intrusions without affecting normal data transfer processes. Overall, the document aims to optimize the ARP sequence for use in intrusion detection systems.
This document provides summaries of 7 IEEE papers from 2012 related to software projects in various domains such as Java, J2ME, J2EE, .NET, MATLAB and NS2. The papers discuss topics such as password security, data provenance, trust-aware routing in wireless sensor networks, content distribution via network coding, detecting insider threats, secure message passing interfaces, and the security of an anonymity system with traceability.
Network Security: Experiment of Network Health Analysis At An ISPCSCJournals
This paper presents the findings of an analysis performed at an internet service provider. Based on netflow data collected and analyzed using nfdump, it helped assess how healthy is the network of an Internet Service Providers (ISP). The findings have been instrumental in reflection about reshaping the network architecture. And they have also demonstrated the need for consistent monitoring system.
In computing, a firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic based on applied rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is not assumed to be secure and trusted.
Many personal computer operating systems include software-based firewalls to protect against threats from the public Internet. Many routers that pass data between networks contain firewall components and, conversely, many firewalls can perform basic routing functions.
HOW TO DETECT MIDDLEBOXES: GUIDELINES ON A METHODOLOGYcscpconf
Internet middleboxes such as VPNs, firewalls, and proxies can significantly change handling of traffic streams. They play an increasingly important role in various types of IP networks. If end hosts can detect them, these hosts can make beneficial, and in some cases, crucial improvements in security and performance But because middle boxes have widely varying behavior and effects on the traffic they handle, no single technique has been discovered that can detect all of them.
Devising a detection mechanism to detect any particular type of middle box interference involves many design decisions and has numerous dimensions. One approach to assist with the
complexity of this process is to provide a set of systematic guidelines. This paper is the first attempt to introduce a set of general guidelines (as well as the rationale behind them) to assist researchers with devising methodologies for end-hosts to detect middle boxes by the end-hosts. The guidelines presented here take some inspiration from the previous work of other
researchers using various and often ad hoc approaches. These guidelines, however, are mainly based on our own experience with research on the detection of middle boxes. To assist
researchers in using these guidelines, we also provide an example of how to bring them into play for detection of network compression.
How to detect middleboxes guidelines on a methodologycsandit
Internet middleboxes such as VPNs, firewalls, and proxies can significantly change handling of
traffic streams. They play an increasingly important role in various types of IP networks. If end
hosts can detect them, these hosts can make beneficial, and in some cases, crucial improvements
in security and performance But because middleboxes have widely varying behavior and effects
on the traffic they handle, no single technique has been discovered that can detect all of them.
Devising a detection mechanism to detect any particular type of middlebox interference involves
many design decisions and has numerous dimensions. One approach to assist with the
complexity of this process is to provide a set of systematic guidelines. This paper is the first
attempt to introduce a set of general guidelines (as well as the rationale behind them) to assist
researchers with devising methodologies for end-hosts to detect middleboxes by the end-hosts.
The guidelines presented here take some inspiration from the previous work of other
researchers using various and often ad hoc approaches. These guidelines, however, are mainly
based on our own experience with research on the detection of middleboxes. To assist
researchers in using these guidelines, we also provide an example of how to bring them into
play for detection of network compression
International Journal of Network Security & Its Applications (IJNSA)IJNSA Journal
The International Journal of Network Security & Its Applications (IJNSA) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of the computer Network Security & its applications. The journal focuses on all technical and practical aspects of security and its
applications for wired and wireless networks. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on understanding Modern security threats and countermeasures, and establishing new collaborations in these areas.
International Journal of Network Security & Its Applications (IJNSA)
O046048187
1. R. Indu Praveena et al Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 4, Issue 6( Version 4), June 2014, pp.81-87
www.ijera.com 81 | P a g e
A Novel Approach of Pattern Detection Processor for Multipurpose Devices R. Indu Praveena, Bignhneswar panda, Aditya Putta M.Tech Student (11H91D6802) Associate Professor Professor & HOD Abstract In this day and age, itinerant handsets coalesce the functionality of preset phones and PDAs. Unfortunately, mobile handsets development system has been determined by souk demand, focusing on new features and neglecting security. So, it is imperative to study the lying on hand face with the aim of facing the transportable handsets threat suppression development along by way of the different techniques as well seeing that methodologies with the intention of used to facade folks challenges and contain the mobile handsets malwares. A TCAM-based virus-detection entry provides towering throughput, but also challenges for small power and low cost. In this paper, an adaptively dividable equal-port BiTCAM (unifying dual and ternary CAMs) is projected to achieve a high-throughput, low-power, and low-cost virus-detection workspace for mobile devices. The proposed dual-port BiTCAM is realized with the dual-port AND-type match-line scheme which is composed of dual -port active AND gates. The dual-port designs diminish power expenditure through supplement storage efficiency owing to shared storage spaces. In totaling, the dividable BiTCAM provides high flexibility for regularly update the virus-database. In this paper, am presenting a multi blueprint matching algorithm with low area and less complexity. Prior to going to store patterns within database; patterns decoding is done with an efficient approach like TCAM. together ternary and twofold combines to form TCAM patterns. This paper is developed with an adaptively dividable dual-port BiTCAM to achieve a high-throughput, low-power, and low-cost pattern-detection processor for multipurpose devices. Keywords: CAMs, Patterns, PDAs, TCAM
I. INTRODUCTION
NETWORK security has always been an chief issue. End users are vulnerable to virus attacks, spams and Trojan horses, for example. They may visit malicious websites or hackers may gain entry to their computers and use them as android computers to attack others. To ensure a secure network environment, firewalls were first introduced to block unauthorized Internet users from accessing resources in a private network by means of simply checking the sachet top (MAC address/IP address/port number). Over the past few years, there has been a substantial increase in the number of malware that have been in print for mobile devices. As per , there exist at least 31 families and 170 variants of branded mobile malware. Statistics have shown that at least 10 Trojans are released every week. Even however it took computer viruses twenty years to evolve, their mobile device counterparts have evolve for the duration of just a length of two years. To understand the threat that is involved, we opening present the comparison of the environment used for PC-based and itinerant device malware. While dealing with a mammoth integer of virusThis method drastically reduces the probability of creature attacked. nevertheless, attacks such when spam, spyware, worms, viruses, and phishing target the application sheet rather than the arrangement layer. then traditional firewalls thumbs down longer provide enough protection. Many solutions, such as germ scanners, spam-mail filters, instantaneous messaging protectors, network shields, content filters, and peer-to-peer protector, have been in actual actuality implement. Initially, these solutions were position into service at the end-user side but be likely en route for be merged into routers/firewalls to provide profound protection. As a result, these routers stop threats on the network periphery along with keep them not in of corporate Networks. In this case, the firewall router might firstly deny some connections beginning the firewall based on the target’s IP address and the connection port. Then, the fire-wall router would monitor the content of the web pages to prevent the user from accessing any page that connects to malware links or inappropriate content, based on content filters. When the user wants to download a compressed file, to ensure that the file is not infected, the firewall router must decompress this file and check it using anti-virus programs. In summary, firewall routers require several time-consuming steps
RESEARCH ARTICLE OPEN ACCESS
2. R. Indu Praveena et al Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 4, Issue 6( Version 4), June 2014, pp.81-87
www.ijera.com 82 | P a g e
to provide a secure connection. In some gear parallel combinational logic is applied at every one word in the memory and a test is completed next to the same time for coincidence with the search word. into other cases the search word and all of the words in the memory are shifted serially in synchronism; a single bit of the search expression is subsequently compared to the same bit of every solitary of of the memory words using as loads of single-bit coincidence circuits as there are words in the memory. Amplifications of the associative reminiscence technique allow for masking the search word or requiring only a “close” amusement as opposed to an exact equivalent Small parallel associative memories are used in cache memory and effective recollection mapping applications. Cabir was developed for mobile phones running the Symbian and Series 60 software, and using Bluetooth. The virus searches within Bluetooth's range (about 30 meters) for mobile phones running in discoverable mode and sends itself, disguised as a security file, to any vulnerable devices. The virus only becomes active if the recipient accepts the file and then installs it. Once installed, the virus displays the word "Caribe" on the device's display. Each time an infected phone is turned on, the virus launches itself and scans the area for other devices to send itself to. The scanning process is likely to drain the phone's batteries. Cabir can be thought of as a hybrid virus/worm: its mode of distribution qualifies it as a network worm, but it requires user interaction like a traditional virus.Since equivalent operations on many words are expensive (in hardware), a variety of stratagems are used on the road to approximate associative memory operation lacking actually carrying out the full test described here. solitary of these uses hashing to generate a “best speculation” for a conventional address followed by a test of the contents of that address. A data-storage device in which a location is identified by its informational content rather than by names, addresses, or relative positions, and from which the data may be retrieved.
II. CONCEPT OF A FIREWALL ROUTER Network firewalls and routers can use a rule database to decide which packets will be allowed from one network onto another. By filtering packets the firewalls and routers can improve security and performance -- by excluding packets which may pose a security risk to a network or are not relevant to it. However, as the size of the rule list increases, it becomes difficult to maintain and validate the rules, and the cost of rule lookup may add significantly to latency. Ordered binary decision diagrams (BDDs) -- a compact method of representing and manipulating boolean expressions -- are a potential method of representing the rules. This paper explores how BDDs can be used to develop methods that aid analysis of rules to validate them and changes to them, to improve performance, and facilitate hardware crutch up. 1 Introduction The growth of network and internet communication creates several challenges for network design. The first paper published on firewall technology was in 1988, when engineers from Digital Equipment Corporation (DEC) developed filter systems known as packet filter firewalls. This fairly basic system was the first generation of what is now a highly involved and technical internet security feature. At AT&T Bell Labs, Bill Cheswick and Steve Bellovin were continuing their research in packet filtering and developed a working model for their own company based on their original first generation architecture. Packet filters act by inspecting the "packets" which are transferred between computers on the Internet. If a packet matches the packet filter's set of filtering rules, the packet filter will drop (silently discard) the packet or reject it (discard it, and send "error responses" to the source). This type of packet filtering pays no attention to whether a packet is part of an existing stream of traffic (i.e. it stores no information on connection "state"). Instead, it filters each packet based only on information contained in the packet itself (most commonly using a combination of the packet's source and destination address, its protocol, and, for TCP and UDP traffic, the port number). TCP and UDP protocols constitute most communication over the Internet, and because TCP and UDP traffic by convention uses well known ports for particular types of traffic, a "stateless" packet filter can distinguish between, and thus control, those types of traffic (such as web browsing, remote printing, email transmission, file transfer), unless the machines on each side of the packet filter are both using the same non-standard ports. Packet filtering firewalls work mainly on the first three layers of the OSI reference model, which means most of the work is done between the network and physical layers, with a little bit of peeking into the transport layer to figure out source and destination port numbers.[9] When a packet originates from the sender and filters through a firewall, the device checks for matches to any of the packet filtering rules that are configured in the firewall and drops or rejects the packet accordingly. When the packet passes through the firewall, it filters the packet on a protocol/port number basis (GSS). For example, if a rule in the firewall exists to block telnet access, then the firewall will block the TCP protocol for port number 23. Two imperative issues are safety and performance. When a new connection is established, the firewall router scans the con-nection and forwards these packet to the host after confirming that the
3. R. Indu Praveena et al Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 4, Issue 6( Version 4), June 2014, pp.81-87
www.ijera.com 83 | P a g e
connection is secure. Because firewall routers focus on the application layer of the OSI model, they must reassemble in-coming packet to restore the original connection and examine them through different application parsers to guarantee a secure set-up environment. For occurrence, believe a user search for information on web pages and then tries to download a com-pressed file beginning a web server. In this case, the firewall router might initially deny some acquaintances from the firewall base on the target’s IP address and the connection port. Then, the fire-wall router would monitor the content of the web pages to prevent the user from accessing any page that connects to malware links or inapt pleased, based on content filters. When the user wants to download a compressed file, to ensure that the file is not infected, the firewall router be obliged to decompress this file and check it using anti-virus programs. In summary, firewall routers require several time-consuming stepladder to provide a secure association.
III. PRESENT SYSTEM
There are many algorithms and accompanying hardware accelerators for fast pattern matching. One of the typical algorithms is the automation approach. This approach is based on Aho and Corasick’s algorithm (AC), which introduces a linear-time algorithm for multi-pattern search with a large finite-state ma-chine. Its performance is not affected by the size of a given pattern set (the sum of all pattern lengths). In contrast, heuristic approaches are based on the Boyer-Moore algorithm, which was introduced in 1977. Its key feature is the shift value, which shifts the algorithm’s search window for multiple characters when it encounters a mismatch. However, attacks such as spam, spyware, worms, viruses, and phishing target the application layer rather than the network layer. Therefore, traditional firewalls no longer provide enough protection. Many solutions, such as virus scanners, spam-mail filters, instant messaging protectors, network shields, content filters, and peer- to-peer protectors, have been effectively implemented. Initially, these solutions were implemented at the end-user side but tend to be merged into routers/firewalls to provide multi-layered protection. As a result, these routers stop threats on the network edge and keep them out of corporate networks.The search window is a range of text exactly fetched by pattern matching algorithms for each examination. This algorithm performs better because it makes fewer comparisons than the naïve pattern-matching algorithm. At runtime, the Boyer-Moore algorithm uses a pattern pointer to locate a candidate position by assuming that a desired pattern exists at this position. The algorithm then shifts its search window to the right of this pattern. By default, desired patterns can exist in any position of a text; therefore, all positions in a text are candidate positions and must be examined. If the string of search windows does not appear in the pattern, the algorithm can shift the pattern pointer to the right and skip multiple characters from the candidate position to the end of the pattern without making comparisons. Based on this concept, Wu and Manber (WM) modified the Boyer-Moore algorithm to search for multiple patterns. However, the performance of both of these algorithms is bounded by the pattern length. By default, desired patterns can exist in any position of a text; therefore, all positions in a text are candidate positions and must be examined. If the string of search windows does not appear in the pattern, the algorithm can shift the pattern pointer to the right and skip multiple characters from the candidate position to the end of the pattern without making comparisons. Based on this concept, Wu and Manber (WM) [18] modified the Boyer-Moore algorithm to search for multiple patterns. The WM algorithm is widely used in many applications, including Unix tools such as agrep and glimpse. However, the performance of both of these algorithms is bounded by the pattern length. Its performance is not affected by the size of a given pattern set (the sum of all pattern lengths), but it requires a significant amount of memory due to state explosion. Experiments [17] have shown that the suboptimal AC algorithm requires 84.15 MB memory to represent Snort’s rule set (4219 rules, as of December 2005). Even an Intel IXP2855 network processor (512 kB on-chip memory) must store such a pattern set in off-chip memory. Therefore, the memory hierarchy is the main factor in performance. Many previous studies have tried to lower memory requirements. In 2005, Lin Tan introduced a bit-split method by splitting an 8-bit character into four 2-bit characters to construct the automaton. Their state machines are smaller than the original, and they have fewer fan-out states for each transaction. However, the bit-split method reads several memory blocks in parallel when matching patterns. Thus, it can only be implemented by on-chip memory because of its high memory read port requirements. Piti Piyachon and Yan Luo extended this concept to the Intel IXP2855 network processor. For increasingly large pattern sets, an IBM team implemented an optimized AC algorithm on the cell processor, and they discovered that the memory gap was the bottleneck. As a result, they modified the algorithm and used DMA to reduce the effect on the memory system. In contrast, heuristic approaches are based on the Boyer-Moore algorithm, which was introduced in 1977. Its key feature is the shift value, which shifts the algorithm’s search window for multiple characters when it encounters a mismatch. The search window is a range
4. R. Indu Praveena et al Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 4, Issue 6( Version 4), June 2014, pp.81-87
www.ijera.com 84 | P a g e
of text exactly fetched by pattern matching algorithms for each examination. This algorithm performs better because it makes fewer comparisons than the naïve pattern-matching algorithm.
IV. VIRUS DETECTION PROCESSOR
Focus on algorithms and have even developed for specialized circuits to increase the scanning speed. However, these works have not considered the interactions between algorithms and memory hierarchy. Because the number of attacks is increasing, pattern-matching processors require external memory to support an unlimited pattern set. This method makes the memory systemthe bottleneck. However,when the pattern set is already intractably large, a perfect solution is unattainable. Both engines have individual memories for storing significant information. For cost reasons, only a small amount of significant information regarding the patterns can be stored in the filteringEngine’s on- chip memory. In this case, we use a 32-kB onchip memory for the ClamAV virus database, which contained more than 30 000 virus codes and localized most of the computing inside the chip.Conversely, the exact-matching engine not only stores the entire pattern in external memory but also provides information to speed up the matching process. Our exactmatching engine is space- efficient and requires only four times the memory space of the original size pattern set. The size of a pattern set is the sum of the pattern length for each pattern in the given pattern set; in other words, it is the minimum size of the memory required to store the pattern set for the exact-matching engine. In this case, 8 MB of offchip memory was required for the ClamAV virus database (2 MB). The filtering engine screens Impossible matches by consulting two TCAM lookup tables (named no- plane and yes-plane), which are used to perform two steps of the on-chip data-scanning as shown in Fig1. Only important filtering signatures and skip data are stored on the chip. In order to reduce the on-chip memory, the filtering engine operates only on the fixed amount of the memory, including a 16-KB TCAM and a 8.5-KB SRAM.These filtering data are extracted from the entire virus database by pre-processing the 30K virus patterns released from the ClamAV. The operation principle of the virus-detection processor. The filtering engine screens impossible matches by consulting two TCAM lookup tables (named no-plane and yes- plane), which are used to perform two steps of the on-chip data-scanning. The proposed exact-matching engine also supports data pre fetching and caching techniques to hide the access latency of the off-chip memory by allocating its data structure well. The other modules include a text buffer and a text pump that pre-fetches text in streaming method to overlap the matching progress and text reading. A load/store interface was used to support bandwidth sharing. This proposed architecture has six steps shown in Fig.2 for finding patterns. Initially, a pattern pointer is assigned to point to the start of the given text at the filtering stage. Suppose the pattern matching processor examines the text from left to right. The filtering engine fetches a piece of text from the text buffer. If the position indicated by the pattern pointer is not a candidate position, then the filtering engine skips this piece of text and shifts the pattern pointer right multiple characters to continue to check the next position.
Fig 1 Virus Detection Processor Architecture
Fig 2 Two-phase pattern execution flow Conversely, the exact-matching engine not only stores the entire pattern in external memory but also provides information to speed up the matching process. Our exact-matching engine is space-efficient and requires only four times the memory space of the original size pattern set. The size of a pattern set is the sum of the pattern length for each pattern in the given pattern set; in other words, it is the minimum size of the memory required to store the pattern set for the exact-matching engine. In this case, 8 MB of off-chip memory was required for the Clam AV virus database (2 MB). The proposed exact-matching engine also supports data prefetching and caching techniques to hide the access latency of the off-chip memory by allocating its data structure well. The other modules include a text buffer and a text pump that prefetches text in streaming method to overlap the matching progress and text reading. A load/store interface was used to support bandwidth sharing.
5. R. Indu Praveena et al Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 4, Issue 6( Version 4), June 2014, pp.81-87
www.ijera.com 85 | P a g e
4.1 General Process 4.1.1 No-Plane Structure The filtering engine screens impossible matches by consulting two TCAM lookup tables (named no-plane and yes-plane). which are used to perform two steps of the on chip data-scanning to obtain a fast shift table. which indicates the impossible matching patterns (so-called noplane). By comparing the input datum with the no-plane TCAM from the least significant bit (LSB), the engine first looks up the shift table to perform a quick shift of impossible bytes until locating a possible match. If the input datum is matched with an entry of no-plane, the input string will be skipped according to the shift count stored in the shift SRAM 4.1.2 Yes plane Structure When the comparison of no-plane is missed or if the corresponding shift-count is zero, the filtering engine will enter the second step of virus detection, as shown in Fig. 1(d). Then we further look up another signature table (called the yes-plane) to eliminate any false positives by ensuring that the prefix has the same signature. The filtering engine will skip the input datum if it is mismatched with the data of the yes-plane. If a possible match is still not ruled out, then the exactly-matching engine performs suffix matching by making comparisons with a suffix tree stored in off-chip memory, which can hold a large number of virus patterns.The yes-plane TCAM to reduce more exact comparisons. The filtering engine will skip the input datum if it is mismatched with the data of the yes-plane. If a possible match is still not ruled out, then the exactlymatching engine performs suffix matching by making comparisons with a suffix tree stored in off-chip memory, which can hold a large number of virus patterns. The offchip memory needs roughly 8MB to store the entire 2MB virus patterns of the ClamAV .Our idea is to merge these two single-port TCAMs into a single rectangular dual-port TCAM and concurrently match with the whole prefix. To achieve this goal we need a dual-port TCAM and two SRAMs as shown in the right part of FIG, with a division line inserted in the dual-port TCAM array to separate the no-plane entries and the yes-plane entries. With the proposed dual-port TCAM, the ternary cells storing “X” terms can be minimized, and consequently both the total memory capacity and the power consumption are reduced It includes two single-port TCAMs and two SRAMs. One TCAM serves as the no-plane. 4.2 Wu-Manber Algorithm
The Wu-Manber algorithm is a high- performance, multipattern matching algorithm based on the Boyer-Moore algorithm. It builds three tables in the pre processing stage: a shift table, a hash table and a prefix table. The Wu-Manber algorithm is an exact-matching algorithm, but its shift table is an efficient filtering structure. The shift table is an extension of the bad-character concept in the Boyer-Moore algorithm, but they are not identical. The fig 3 shows Wu-Manber Algorithm match flow.
Fig 3 Matching flow 4.3 Bloom Filter Algorithm A Bloom filter is a space-efficient data structure used to test whether an element exists in a given set. This algorithm is composed of different hash functions and a long vector of bits. Initially, all bits are set to 0 at the pre processing stage. To add an element, the Bloom filter hashes the element by these hash functions and gets positions of its vector. The Bloom filter then sets the bits at these positions to 1. The value of a vector that only contains an element is called the signature of an element. To check the membership of a particular element, the Bloom filter hashes this element by the same hash functions at run time, and it also generates positions of the vector. The fig 4 shows bloom filter algorithm match flow.
Fig 4 Matching flow
The filter only hashes all of the pattern prefixes at the preprocessing stage. Multiple patterns setting
6. R. Indu Praveena et al Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 4, Issue 6( Version 4), June 2014, pp.81-87
www.ijera.com 86 | P a g e
the same position of the bit vector are allowed. The arrows indicate the candidate positions. The gray bars represent the search window that the Bloom filter actually fetches for comparison. Both the candidate position and search window are aligned together. Thus, the Bloom filter scans and compares patterns from the head rather than the tail, like the Wu- Manber algorithm. In step 1, the filter hashes “He” and mismatches the signature with the bit vector. The filter then shifts right 1 character and finds the next candidate position. For the search window “ee”, the Bloom filter matches the signature and then causes a false alarm to perform an exact-matching in steps 2 and 3. The filter then returns to the filtering stage and shifts one character to the right in step 4, which launches a true alarm for the pattern “ever”. Finally, the Bloom filter filters the rest of text and finds nothing. The Bloom filter then sets the bits at these positions to 1. The value of a vector that only contains an element is called the signature of an element. To check the membership of a particular element, the Bloom filter hashes this element by the same hash functions at run time, and it also generates positions of the vector. If all of these bits are set to 1, this query is claimed to be positive, otherwise it is claimed to be negative. The output of the Bloom filter can be a false positive but never a false negative. Therefore, some pattern matching algorithms based on the Bloom filter must operate with an extra exact-matching algorithm. However, the Bloom filter still features the following advantages: 1) it is a space-efficient data structure; 2) the computing time of the Bloom filter is scaled linearly with the number of patterns; and 3) the Bloom filter is independent.
4.4 Shift-Signature Algorithm
The proposed algorithm re-encodes the shift table to merge the signature table into a new table named the shift-signature table. The shift-signature table has the same size as the original shift table, as its width and length are the same seeing that the original change counter. There are two field, S- flag with carry, in the shift signature table. The carry meadow has two types of data: a shift value and a signature. These two data types are used by two different algorithms. Thus, the S-flag is worn to designate the data type of a carry. The filtering steam engine can then filter the text using a different algorithm at the same time as providing a higher filter rate. The system used to merge these two tables is described as follows. First, the algorithm generates two tables, a alter table and signature table, at the pre processing period. The age bracket of the shift table is the same as in the Wu-Manber algorithm. The S-flag is a1-bit field used to indicate the data type of the bring Two data types, shift value or signature, are defined for a carry. The size and breadth of the shift signature counter are the same as those of the original shift table. To join these two table the algorithm maps both entry in the shift table and autograph table onto the shift- signature table. For the non-zero shift values, the S-flags are set, and their original shift values are cut out at 1-bit to fit their carries. Conversely, for the zero change values, their Sflags are clear, and their carries are used to store their signatures. In this method, all of the entries in the shift-signature table contribute to the filtering rate at run time. Because of the address collision of badcharacters, most entries contain less than half of the maximum shift distance for a large pattern set. Therefore, although this method sacrifices the maximum shift distance, the filter rate is not reduced but rather improved. The fig 5 shows Shift-Signature Algorithm match flow.
Fig 5 Matching flow
V. OUTPUTS
5.1 NO VIRUS CASE
Fig 6 Proposed virus detection processor
7. R. Indu Praveena et al Int. Journal of Engineering Research and Applications www.ijera.com
ISSN : 2248-9622, Vol. 4, Issue 6( Version 4), June 2014, pp.81-87
www.ijera.com 87 | P a g e
5.2 VIRUS CASE
Fig 7 Proposed virus detection processor 5.3 SYSNYHESIS WNDOW
Fig 8 Proposed virus detection processor synthesization
VI. CONCLUSION
In this paper we describe a novel architecture for prototype matching virus detection processor for network intrusion unearthing system. The virus detection -processor is RAM-based aim which be used to store the additional bug model to hit upon the virus patterns .the dual port morsel CAM be dexterous pattern matching train is accomplished of detect added bug patterns . Since the pattern are mechanical hooked on the co-processor with software, the planning can continue to exist used to implement design in FPGA as fighting vigorous as ASIC We have shown with the intention of our blueprint filter survive talented of yield ing concert that surpass the most recent FPGA implementations while enabling the users to course it with out having to regenerate moreover reconfigure the hardware. Such quick configuration may become critical, as the rate of coming out of new attack increase. Many previous designs include claimed to make available high performance, but the memory gap created by using external memory decrease recital because of the increasing size of virus databases. Furthermore, imperfect resources restrict the expediency of these algorithms used for embedded network security systems. Two-phase heuristic algorithms are a solution with a tradeoff between performances and cost due to an efficient filter table accessible in internal recollection however, their performance is without problems threatened by malicious attacks. This work analyzes two scenarios of malevolent attacks and provides two methods. The design of the adjustable division line provides high flexibility for updating virus databases. REFERENCES [1] TSMC 0.13μm Logic 1P8M Salicide CU FSG 1.2V/3.3V Process Documents, Taiwan Semiconductor Manufacturing Co., Ltd.. [2] F. Yu, R. H. Katz, and T. V. Lakshman, “Gigabit rate packet pattern matching using TCAM,” in Proc. 12th IEEE Int. Conf. Netw. Protocols, 2004, pp. 174– 178.intrusion detection system,” ACMTrans. Embed. Comput. Syst., vol. 3, pp. 614–633, 2004. [3] D. P. Scarpazza, O. Villa, and F. Petrini, “High-speed string searching against large dictionaries on the Cell/B.E. processor,” in Proc. IEEE Int. Symp. Parallel Distrib. Process., 2008, pp. 1–8. [4] S. Dharmapurikar, P. Krishnamurthy, and T. S. Sproull, “Deep packet inspection using parallel bloom filters,” IEEE Micro, vol. 24, no. 1, pp.52–61, Jan. 2004. [5] L. Tan and T. Sherwood, “A high throughput string matching architecture for intrusion detection and prevention,”in Proc. 32nd Annu. Int. Symp. Comput. Arch., 2005, pp. 112–122. [6] Chieh-Jen Cheng, Chao-Ching Wang, Wei- Chun Ku, Tien-Fu Chen , and Jinn-Shyan Wang, “Scalable High-Performance Virus Detection Processor Against a Large Pattern Set for Embedded Network Security” Commun. VOL. 20, NO. 5, MAY 2012. [7] V. Aho and M. J. Corasick, “Efficient string matching: An aid to bibliographic search,” Commun. ACM, vol. 18, pp. 333–340, 1975. [8] O. Villa, D. P. Scarpazza, and F. Petrini, “ Accelerating real-time string searching with multicore processors,” Computer, vol. 41, pp. 42–50,2008. [9] R.-T. Liu, N.-F. Huang, C.-N. Kao, and C.- H. Chen, “A fast string matching algorithm for network processor-based intrusion detection system,” ACMTrans. Embed. Comput. Syst., vol. 3, pp. 614–633, 2004. [10] Micron Technology, Inc., Boise, ID, “256 MB DDR2 SDRAM datasheet,” 2003.