Network Forensics is fairly a new area of research which would be used after an intrusion in various
organizations ranging from small, mid-size private companies and government corporations to the defence
secretariat of a country. At the point of an investigation valuable information may be mishandled which
leads to difficulties in the examination and time wastage. Additionally the intruder could obliterate tracks
such as intrusion entry, vulnerabilities used in an entry, destruction caused, and most importantly the
identity of the intruder. The aim of this research was to map the correlation between network security and
network forensic mechanisms. There are three sub research questions that had been studied. Those have
identified Network Security issues, Network Forensic investigations used in an incident, and the use of
network forensics mechanisms to eliminate network security issues. Literature review has been the
research strategy used in order study the sub research questions discussed. Literature such as research
papers published in Journals, PhD Theses, ISO standards, and other official research papers have been
evaluated and have been the base of this research. The deliverables or the output of this research was
produced as a report on how network forensics has assisted in aligning network security in case of an
intrusion. This research has not been specific to an organization but has given a general overview about
the industry. Embedding Digital Forensics Framework, Network Forensic Development Life Cycle, and
Enhanced Network Forensic Cycle could be used to develop a secure network. Through the mentioned
framework, and cycles the author has recommended implementing the 4R Strategy (Resistance,
Recognition, Recovery, Redress) with the assistance of a number of tools. This research would be of
interest to Network Administrators, Network Managers, Network Security personnel, and other personnel
interested in obtaining knowledge in securing communication devices/infrastructure. This research
provides a framework that can be used in an organization to eliminate digital anomalies through network
forensics, helps the above mentioned persons to prepare infrastructure readiness for threats and also
enables further research to be carried on in the fields of computer, database, mobile, video, and audio.
Due to diversity, heterogeneity and complexity of the existing healthcare structure, providing suitable
healthcare services is a complicated process. This work describes the conceptual design of an e-healthcare
system, which implements integration strategies and suitable technologies that will handle the
interoperability problem among its essential components. The proposed solution combines intelligent agent
technology and case based reasoning for highly distributed applications in healthcare environment.
Intelligent agents play a critical role in providing correct information for diagnostic, treatment, etc. They
work on behalf of human agents taking care of routine tasks, thus increasing speed and reliability of the
information exchanges. CBR is used to generate advices to a certain e-healthcare problems by analyzing
solutions given to previously solved problems and to build intelligent systems for disease diagnostics and
prognosis. Preliminary experimental simulation based on Agent Development Framework (JADE)
demonstrated the feasibility of this model.
Internet of things-based photovoltaics parameter monitoring system using Node...IJECEIAES
The use of the internet of things (IoT) in solar photovoltaic (PV) systems is a critical feature for remote monitoring, supervising, and performance evaluation. Furthermore, it improves the long-term viability, consistency, efficiency, and system maintenance of energy production. However, previous researchers' proposed PV monitoring systems are relatively complex and expensive. Furthermore, the existing systems do not have any backup data, which means that the acquired data could be lost if the network connection fails. This paper presents a simple and low-cost IoT-based PV parameter monitoring system, with additional backup data stored on a microSD card. A NodeMCU ESP8266 development board is chosen as the main controller because it is a system-on-chip (SOC) microcontroller with integrated Wi-Fi and low-power support, all in one chip to reduce the cost of the proposed system. The solar irradiance, ambient temperature, PV output voltage and PV output current, are measured with photo-diodes, DHT22, impedance dividers and ACS712. While, the PV output power is a product of the PV voltage and PV current. ThingSpeak, an opensource software, is used as a cloud database and data monitoring tool in the form of interactive graphics. The results showed that the system was designed to be highly accurate, reliable, simple to use, and low-cost.
Wireless Sensor Networks UNIT-1
You can watch my lectures at:
Digital electronics playlist in my youtube channel:
https://www.youtube.com/channel/UC_fItK7wBO6zdWHVPIYV8dQ?view_as=subscriber
My Website : https://easyninspire.blogspot.com/
Security Method in Data Acquisition Wireless Sensor Network Dharmendrasingh417
Wireless sensor networks have recently emerged as a rapidly growing communication infrastructure.
Wireless sensors used to monitor physical or environmental conditions. Sensor networks also face a number of problems. Some, such as energy efficiency, target monitoring, query processing, deployment, data compression, tracking, secure issues, limited bandwidth.
New kind of intrusions causes deviation in the normal behaviour of traffic flow in
computer networks every day. This study focused on enhancing the learning capabilities of IDS
to detect the anomalies present in a network traffic flow by comparing the k-means approach of
data mining for intrusion detection and the outlier detection approach. The k-means approach
uses clustering mechanisms to group the traffic flow data into normal and abnormal clusters.
Outlier detection calculates an outlier score (neighbourhood outlier factor (NOF)) for each flow
record, whose value decides whether a traffic flow is normal or abnormal. These two methods
were then compared in terms of various performance metrics and the amount of computer
resources consumed by them. Overall, k-means was more accurate and precise and has better
classification rate than outlier detection in intrusion detection using traffic flows. This will help
systems administrators in their choice of IDS.
Data Mining Techniques for Providing Network Security through Intrusion Detec...IJAAS Team
Intrusion Detection Systems are playing major role in network security in this internet world. Many researchers have been introduced number of intrusion detection systems in the past. Even though, no system was detected all kind of attacks and achieved better detection accuracy. Most of the intrusion detection systems are used data mining techniques such as clustering, outlier detection, classification, classification through learning techniques. Most of the researchers have been applied soft computing techniques for making effective decision over the network dataset for enhancing the detection accuracy in Intrusion Detection System. Few researchers also applied artificial intelligence techniques along with data mining algorithms for making dynamic decision. This paper discusses about the number of intrusion detection systems that are proposed for providing network security. Finally, comparative analysis made between the existing systems and suggested some new ideas for enhancing the performance of the existing systems.
Due to diversity, heterogeneity and complexity of the existing healthcare structure, providing suitable
healthcare services is a complicated process. This work describes the conceptual design of an e-healthcare
system, which implements integration strategies and suitable technologies that will handle the
interoperability problem among its essential components. The proposed solution combines intelligent agent
technology and case based reasoning for highly distributed applications in healthcare environment.
Intelligent agents play a critical role in providing correct information for diagnostic, treatment, etc. They
work on behalf of human agents taking care of routine tasks, thus increasing speed and reliability of the
information exchanges. CBR is used to generate advices to a certain e-healthcare problems by analyzing
solutions given to previously solved problems and to build intelligent systems for disease diagnostics and
prognosis. Preliminary experimental simulation based on Agent Development Framework (JADE)
demonstrated the feasibility of this model.
Internet of things-based photovoltaics parameter monitoring system using Node...IJECEIAES
The use of the internet of things (IoT) in solar photovoltaic (PV) systems is a critical feature for remote monitoring, supervising, and performance evaluation. Furthermore, it improves the long-term viability, consistency, efficiency, and system maintenance of energy production. However, previous researchers' proposed PV monitoring systems are relatively complex and expensive. Furthermore, the existing systems do not have any backup data, which means that the acquired data could be lost if the network connection fails. This paper presents a simple and low-cost IoT-based PV parameter monitoring system, with additional backup data stored on a microSD card. A NodeMCU ESP8266 development board is chosen as the main controller because it is a system-on-chip (SOC) microcontroller with integrated Wi-Fi and low-power support, all in one chip to reduce the cost of the proposed system. The solar irradiance, ambient temperature, PV output voltage and PV output current, are measured with photo-diodes, DHT22, impedance dividers and ACS712. While, the PV output power is a product of the PV voltage and PV current. ThingSpeak, an opensource software, is used as a cloud database and data monitoring tool in the form of interactive graphics. The results showed that the system was designed to be highly accurate, reliable, simple to use, and low-cost.
Wireless Sensor Networks UNIT-1
You can watch my lectures at:
Digital electronics playlist in my youtube channel:
https://www.youtube.com/channel/UC_fItK7wBO6zdWHVPIYV8dQ?view_as=subscriber
My Website : https://easyninspire.blogspot.com/
Security Method in Data Acquisition Wireless Sensor Network Dharmendrasingh417
Wireless sensor networks have recently emerged as a rapidly growing communication infrastructure.
Wireless sensors used to monitor physical or environmental conditions. Sensor networks also face a number of problems. Some, such as energy efficiency, target monitoring, query processing, deployment, data compression, tracking, secure issues, limited bandwidth.
New kind of intrusions causes deviation in the normal behaviour of traffic flow in
computer networks every day. This study focused on enhancing the learning capabilities of IDS
to detect the anomalies present in a network traffic flow by comparing the k-means approach of
data mining for intrusion detection and the outlier detection approach. The k-means approach
uses clustering mechanisms to group the traffic flow data into normal and abnormal clusters.
Outlier detection calculates an outlier score (neighbourhood outlier factor (NOF)) for each flow
record, whose value decides whether a traffic flow is normal or abnormal. These two methods
were then compared in terms of various performance metrics and the amount of computer
resources consumed by them. Overall, k-means was more accurate and precise and has better
classification rate than outlier detection in intrusion detection using traffic flows. This will help
systems administrators in their choice of IDS.
Data Mining Techniques for Providing Network Security through Intrusion Detec...IJAAS Team
Intrusion Detection Systems are playing major role in network security in this internet world. Many researchers have been introduced number of intrusion detection systems in the past. Even though, no system was detected all kind of attacks and achieved better detection accuracy. Most of the intrusion detection systems are used data mining techniques such as clustering, outlier detection, classification, classification through learning techniques. Most of the researchers have been applied soft computing techniques for making effective decision over the network dataset for enhancing the detection accuracy in Intrusion Detection System. Few researchers also applied artificial intelligence techniques along with data mining algorithms for making dynamic decision. This paper discusses about the number of intrusion detection systems that are proposed for providing network security. Finally, comparative analysis made between the existing systems and suggested some new ideas for enhancing the performance of the existing systems.
In distributed systems,to search out information is costly task because they have to be compel led to transfer information from node containing information to the node wherever query is generated,this will l consume latency,network traffic etc.For reducing these parameters mobile agents are accustomed fetch information from nodes wherever i nformation resides. Alongside mobile agents directory containing information concerning database kept on completely different nodes is employed to focus retrieval method solely to those nodes that are containing answers to the query. 3 kinds of agents area unit accustomed fetch data specifically ly coordi nator,search and local agent.
Use of network forensic mechanisms to formulate network securityIJMIT JOURNAL
Network Forensics is fairly a new area of research which would be used after an intrusion in various
organizations ranging from small, mid-size private companies and government corporations to the defence
secretariat of a country. At the point of an investigation valuable information may be mishandled which
leads to difficulties in the examination and time wastage. Additionally the intruder could obliterate tracks
such as intrusion entry, vulnerabilities used in an entry, destruction caused, and most importantly the
identity of the intruder. The aim of this research was to map the correlation between network security and
network forensic mechanisms. There are three sub research questions that had been studied. Those have
identified Network Security issues, Network Forensic investigations used in an incident, and the use of
network forensics mechanisms to eliminate network security issues. Literature review has been the
research strategy used in order study the sub research questions discussed. Literature such as research
papers published in Journals, PhD Theses, ISO standards, and other official research papers have been
evaluated and have been the base of this research. The deliverables or the output of this research was
produced as a report on how network forensics has assisted in aligning network security in case of an
intrusion. This research has not been specific to an organization but has given a general overview about
the industry. Embedding Digital Forensics Framework, Network Forensic Development Life Cycle, and
Enhanced Network Forensic Cycle could be used to develop a secure network. Through the mentioned
framework, and cycles the author has recommended implementing the 4R Strategy (Resistance,
Recognition, Recovery, Redress) with the assistance of a number of tools. This research would be of
interest to Network Administrators, Network Managers, Network Security personnel, and other personnel interested in obtaining knowledge in securing communication devices/infrastructure. This research provides a framework that can be used in an organization to eliminate digital anomalies through network forensics, helps the above mentioned persons to prepare infrastructure readiness for threats and also enables further research to be carried on in the fields of computer, database, mobile, video, and audio.
An Overview of Information Extraction from Mobile Wireless Sensor NetworksM H
Information Extraction (IE) is a key research area within the field of Wireless Sensor Networks (WSNs). It has been characterised in a variety of ways, ranging from the description of its purposes, to reasonably abstract models of its processes and components. There has been only a handful of papers addressing IE over mobile WSNs directly, these dealt with individual mobility related problems as the need arises. This paper is presented as a tutorial that takes the reader from the point of identifying data about a dynamic (mobile) real world problem, relating the data back to the world from which it was collected, and finally discovering what is in the data. It covers the entire process with special emphasis on how to exploit mobility in maximising information return from a mobile WSN. We present some challenges introduced by mobility on the IE process as well as its effects on the quality of the extracted information. Finally, we identify future research directions facing the development of efficient IE approaches for WSNs in the presence of mobility.
Security Issues in Biomedical Wireless Sensor Networks Applications: A SurveyIJARTES
Abstract The use of wireless sensor networks in healthcare
applications is growing in a fast pace. Numerous applications
such as heart rate monitor, blood pressure monitor and
endoscopic capsule are already in use. To address the growing
use of sensor technology in this area, a new field known as
wireless body area networks has emerged. As most devices
and their applications are wireless in nature, security and
privacy concerns are among major areas of concern. Body
area networks can collect information about an individual’s
health, fitness and energy expenditure. Comprising body
sensors that communicate wirelessly with the patients
control device for monitoring and external communication.
This paper provides the challenges of using the wireless
sensor network in biomedical field and how to solve most of
these issues. To analyze the different security strategies in
Wireless Sensor Networks and propose this system to give
highest quality medical care with full security in their
reliability
A PROPOSED MODEL FOR DIMENSIONALITY REDUCTION TO IMPROVE THE CLASSIFICATION C...IJNSA Journal
Over the past few years, intrusion protection systems have drawn a mature research area in the field of computer networks. The problem of excessive features has a significant impact on
intrusion detection performance. The use of machine learning algorithms in many previous researches has been used to identify network traffic, harmful or normal. Therefore, to obtain the accuracy, we must reduce the dimensionality of the data used. A new model design based on a combination of feature selection and machine learning algorithms is proposed in this paper. This model depends on selected genes from every feature to increase the accuracy of intrusion detection systems. We selected from features content only ones which impact in attack detection. The performance has been evaluated based on a comparison of several known algorithms. The NSL-KDD dataset is used for examining classification. The proposed model outperformed the other learning approaches with accuracy 98.8 %.
A SECURE SCHEMA FOR RECOMMENDATION SYSTEMSIJCI JOURNAL
Recommender systems have become an important tool for personalization of online services. Generating
recommendations in online services depends on privacy-sensitive data collected from the users. Traditional
data protection mechanisms focus on access control and secure transmission, which provide security only
against malicious third parties, but not the service provider. This creates a serious privacy risk for the
users. This paper aims to protect the private data against the service provider while preserving the
functionality of the system. This paper provides a general framework that, with the help of a preprocessing
phase that is independent of the inputs of the users, allows an arbitrary number of users to securely
outsource a computation to two non-colluding external servers. This paper use these techniques to
implement a secure recommender system based on collaborative filtering that becomes more secure, and
significantly more efficient than previously known implementations of such systems.
A Novel and Advanced Data Mining Model Based Hybrid Intrusion Detection Frame...Radita Apriana
An Intrusion can be defined as any practice or act that attempt to crack the integrity,
confidentiality or availability of a resource. This may contain of a deliberate unauthorized attempt to access
the information, manipulate the data, or make a system unreliable or unusable. With the expansion of
computer networks at an alarming rate during the past decade, security has become one of the serious
issues of computer systems.IDS, is a detection mechanism for detecting the intrusive activities hidden
among the normal activities. The revolutionary establishment of IDS has attracted analysts to work
dedicatedly enabling the system to deal with technological advancements. Hence, in this regard, various
beneficial schemes and models have been proposed in order to achieve enhanced IDS. This paper
proposes a novel hybrid model for intrusion detection. The proposed framework in this paper may be
expected as another step towards advancement of IDS. The framework utilizes the crucial data mining
classification algorithms beneficial for intrusion detection. The Hybrid framework would hence forth, will
lead to effective, adaptive and intelligent intrusion detection.
Integrated Framework for Secure and Energy Efficient Communication System in ...IJECEIAES
Irrespective of different forms and strategies implementing for securing Wireless Sensor Network (WSN), there are very less strategies that offers cost effective security over heterogeneous network. Therefore, this paper presents an integrated set of different processes that emphasize over secure routing, intellectual and delay-compensated routing, and optimization principle with a sole intention of securing the communication to and from the sensor nodes during data aggregation. The processed system advocates the non-usage of complex cryptography and encourages the usage of probability their and analytical modelling in order to render more practical implementation. The simulated outcome of study shows that proposed system offers reduced delay, more throughputs, and reduced energy consumption in contrast to existing system.
Multi-objective NSGA-II based community detection using dynamical evolution s...IJECEIAES
Community detection is becoming a highly demanded topic in social networking-based applications. It involves finding the maximum intraconnected and minimum inter-connected sub-graphs in given social networks. Many approaches have been developed for community’s detection and less of them have focused on the dynamical aspect of the social network. The decision of the community has to consider the pattern of changes in the social network and to be smooth enough. This is to enable smooth operation for other community detection dependent application. Unlike dynamical community detection Algorithms, this article presents a non-dominated aware searching Algorithm designated as non-dominated sorting based community detection with dynamical awareness (NDS-CD-DA). The Algorithm uses a non-dominated sorting genetic algorithm NSGA-II with two objectives: modularity and normalized mutual information (NMI). Experimental results on synthetic networks and real-world social network datasets have been compared with classical genetic with a single objective and has been shown to provide superiority in terms of the domination as well as the convergence. NDS-CD-DA has accomplished a domination percentage of 100% over dynamic evolutionary community searching DECS for almost all iterations.
Approximation of regression-based fault minimization for network trafficTELKOMNIKA JOURNAL
This research associates three distinct approaches for computer network traffic prediction. They are the traditional stochastic gradient descent (SGD) using a few random samplings instead of the complete dataset for each iterative calculation, the gradient descent algorithm (GDA) which is a well-known optimization approach in deep learning, and the proposed method. The network traffic is computed from the traffic load (data and multimedia) of the computer network nodes via the Internet. It is apparent that the SGD is a modest iteration but can conclude suboptimal solutions. The GDA is a complicated one, can function more accurate than the SGD but difficult to manipulate parameters, such as the learning rate, the dataset granularity, and the loss function. Network traffic estimation helps improve performance and lower costs for various applications, such as an adaptive rate control, load balancing, the quality of service (QoS), fair bandwidth allocation, and anomaly detection. The proposed method confirms optimal values out of parameters using simulation to compute the minimum figure of specified loss function in each iteration.
Novel framework using dynamic passphrase towards secure and energy-efficient ...IJECEIAES
At Mobile Adhoc Network (MANET) has been long-researched topic in adhoc network owing to the associated advantages in its cost-effective application as well as consistent loophopes owing to its inherent charecteristics. This manuscript draws a relationship between the energy factor and security factor which has not been emphasized in any existing studies much. Review of existing security approaches shows that they are highly attack specific, uses complex encryption, and overlooks the involvement of energy factor in it. Therefore, the proposed system introduces a novel mechanism where security tokens and passphrases are utilized in order to offer better security. The proposed system also introduces the usage of an agent node which communications with mobile nodes using group-based communication system thereby ensuring reduced computational effort of mobile nodes towards establishing secured communication. The outcome shows proposed system offers better outcome in contrast to existing system.
An efficient approach on spatial big data related to wireless networks and it...eSAT Journals
Abstract
Spatial big data acts as a important key role in wireless networks applications. In that spatial and spatio temporal problems contains the distinct role in big data and it’s compared to common relational problems. If we are solving those problems means describing the three applications for spatial big data. In each applications imposing the specific design and we are developing our work on highly scalable parallel processing for spatial big data in Hadoop frameworks by using map reduce computational model. Our results show that enables highly scalable implementations of algorithms using Hadoop for the purpose of spatial data processing problems. Inspite of developing these implementations requires specialized knowledge and user friendly.
Keywords: Spatial Big Data, Hadoop, Wireless Networks, Map reduce
Proposed Agent Based Black hole Node Detection Algorithm for Ad-Hoc Wireless...ijcsa
A Mobile ad-hoc network (MANET) is a latest and eme
rging Research topic among researchers. The
reason behind the popularity of MANET is flexibilit
y and independence of network infrastructure. MANET
has some unique characteristic like dynamic network
topology, limited power and limited bandwidth for
communication. MANET has more challenge compare to
any other conventional network. However the
dynamical network topology of MANETs, infrastructur
e-less property and lack of certificate authority m
ake
the security problems of MANETs need to pay more at
tention. This paper represents review of layer wise
security attacks. It also discussed the issues and
challenges of mobile ad hoc network. On the importa
nce of
security issues, this paper proposed intrusion dete
ction framework for detecting network layer threats
such
as black hole attack.
TREND-BASED NETWORKING DRIVEN BY BIG DATA TELEMETRY FOR SDN AND TRADITIONAL N...ijngnjournal
Organizations face a challenge of accurately analyzing network data and providing automated action
based on the observed trend. This trend-based analytics is beneficial to minimize the downtime and
improve the performance of the network services, but organizations use different network management
tools to understand and visualize the network traffic with limited abilities to dynamically optimize the
network. This research focuses on the development of an intelligent system that leverages big data
telemetry analysis in Platform for Network Data Analytics (PNDA) to enable comprehensive trendbased networking decisions. The results include a graphical user interface (GUI) done via a web
application for effortless management of all subsystems, and the system and application developed in
this research demonstrate the true potential for a scalable system capable of effectively benchmarking
the network to set the expected behavior for comparison and trend analysis. Moreover, this research
provides a proof of concept of how trend analysis results are actioned in both a traditional network and
a software-defined network (SDN) to achieve dynamic, automated load balancing.
An effective attack preventing routing approach in speed network in manetseSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Network forensics comes under the domain of digital forensics and deals with evidences left behind on the networkiafter a cyber-attack. It is indication of the weakness that led to the crime and the possible cause. Network focused research comes up with many challenges which involves the collection, storage, content, privacy, confiscation and the admissibility. It is important and critical for any network forensic researcher or the investigator to consider adopting efficient forensic network investigation framework or the methodologies in order to improve investigation process. The main aim of this research contribution was to do a comprehensive analysis of concepts of networks forensics through extensive investigation and by analyzing various methodologies and associated tools which should be used in the network forensic investigations. Detailed and in depth analysis of concepts of network forensic investigation on a designed/conceived network architecture was carried out which was then followed by analyzing various methodologies and tools employed. An innovative framework for the investigation was designed which can be used by any forensic expert. The acquired data was analyzed by using information, strategizing and collecting evidence and by analyzing and reporting of the methodologies on the conceptualized network. Consequently, it led to the researcher to adopt and utilize a powerful and efficient forensic network methodology that will ultimately help in improving the investigation process and providing required tools/techniques along with the requisite guidelines that will determine the approach, methods, and strategies which are to be used for networkiforensiciprocess to be followed and be executed with the use of relevant tools that will tend to help in the simplification and improvement of the forensics investigation process.
Forensic the word which indicate the detective work, which searches for and attempting to discover information. Mainly search is carried out for collecting evidence for investigation which is useful in criminal, civil or corporate investigations. Investigation is applicable in presence of some legal rules.
As criminals are getting smarter to perform crime that is, using data hiding techniques such as encryption and steganography, so forensic department has become alert has introduced a new concept called as Digital Forensic, which handles sensitive data which is responsible and confidential.
In distributed systems,to search out information is costly task because they have to be compel led to transfer information from node containing information to the node wherever query is generated,this will l consume latency,network traffic etc.For reducing these parameters mobile agents are accustomed fetch information from nodes wherever i nformation resides. Alongside mobile agents directory containing information concerning database kept on completely different nodes is employed to focus retrieval method solely to those nodes that are containing answers to the query. 3 kinds of agents area unit accustomed fetch data specifically ly coordi nator,search and local agent.
Use of network forensic mechanisms to formulate network securityIJMIT JOURNAL
Network Forensics is fairly a new area of research which would be used after an intrusion in various
organizations ranging from small, mid-size private companies and government corporations to the defence
secretariat of a country. At the point of an investigation valuable information may be mishandled which
leads to difficulties in the examination and time wastage. Additionally the intruder could obliterate tracks
such as intrusion entry, vulnerabilities used in an entry, destruction caused, and most importantly the
identity of the intruder. The aim of this research was to map the correlation between network security and
network forensic mechanisms. There are three sub research questions that had been studied. Those have
identified Network Security issues, Network Forensic investigations used in an incident, and the use of
network forensics mechanisms to eliminate network security issues. Literature review has been the
research strategy used in order study the sub research questions discussed. Literature such as research
papers published in Journals, PhD Theses, ISO standards, and other official research papers have been
evaluated and have been the base of this research. The deliverables or the output of this research was
produced as a report on how network forensics has assisted in aligning network security in case of an
intrusion. This research has not been specific to an organization but has given a general overview about
the industry. Embedding Digital Forensics Framework, Network Forensic Development Life Cycle, and
Enhanced Network Forensic Cycle could be used to develop a secure network. Through the mentioned
framework, and cycles the author has recommended implementing the 4R Strategy (Resistance,
Recognition, Recovery, Redress) with the assistance of a number of tools. This research would be of
interest to Network Administrators, Network Managers, Network Security personnel, and other personnel interested in obtaining knowledge in securing communication devices/infrastructure. This research provides a framework that can be used in an organization to eliminate digital anomalies through network forensics, helps the above mentioned persons to prepare infrastructure readiness for threats and also enables further research to be carried on in the fields of computer, database, mobile, video, and audio.
An Overview of Information Extraction from Mobile Wireless Sensor NetworksM H
Information Extraction (IE) is a key research area within the field of Wireless Sensor Networks (WSNs). It has been characterised in a variety of ways, ranging from the description of its purposes, to reasonably abstract models of its processes and components. There has been only a handful of papers addressing IE over mobile WSNs directly, these dealt with individual mobility related problems as the need arises. This paper is presented as a tutorial that takes the reader from the point of identifying data about a dynamic (mobile) real world problem, relating the data back to the world from which it was collected, and finally discovering what is in the data. It covers the entire process with special emphasis on how to exploit mobility in maximising information return from a mobile WSN. We present some challenges introduced by mobility on the IE process as well as its effects on the quality of the extracted information. Finally, we identify future research directions facing the development of efficient IE approaches for WSNs in the presence of mobility.
Security Issues in Biomedical Wireless Sensor Networks Applications: A SurveyIJARTES
Abstract The use of wireless sensor networks in healthcare
applications is growing in a fast pace. Numerous applications
such as heart rate monitor, blood pressure monitor and
endoscopic capsule are already in use. To address the growing
use of sensor technology in this area, a new field known as
wireless body area networks has emerged. As most devices
and their applications are wireless in nature, security and
privacy concerns are among major areas of concern. Body
area networks can collect information about an individual’s
health, fitness and energy expenditure. Comprising body
sensors that communicate wirelessly with the patients
control device for monitoring and external communication.
This paper provides the challenges of using the wireless
sensor network in biomedical field and how to solve most of
these issues. To analyze the different security strategies in
Wireless Sensor Networks and propose this system to give
highest quality medical care with full security in their
reliability
A PROPOSED MODEL FOR DIMENSIONALITY REDUCTION TO IMPROVE THE CLASSIFICATION C...IJNSA Journal
Over the past few years, intrusion protection systems have drawn a mature research area in the field of computer networks. The problem of excessive features has a significant impact on
intrusion detection performance. The use of machine learning algorithms in many previous researches has been used to identify network traffic, harmful or normal. Therefore, to obtain the accuracy, we must reduce the dimensionality of the data used. A new model design based on a combination of feature selection and machine learning algorithms is proposed in this paper. This model depends on selected genes from every feature to increase the accuracy of intrusion detection systems. We selected from features content only ones which impact in attack detection. The performance has been evaluated based on a comparison of several known algorithms. The NSL-KDD dataset is used for examining classification. The proposed model outperformed the other learning approaches with accuracy 98.8 %.
A SECURE SCHEMA FOR RECOMMENDATION SYSTEMSIJCI JOURNAL
Recommender systems have become an important tool for personalization of online services. Generating
recommendations in online services depends on privacy-sensitive data collected from the users. Traditional
data protection mechanisms focus on access control and secure transmission, which provide security only
against malicious third parties, but not the service provider. This creates a serious privacy risk for the
users. This paper aims to protect the private data against the service provider while preserving the
functionality of the system. This paper provides a general framework that, with the help of a preprocessing
phase that is independent of the inputs of the users, allows an arbitrary number of users to securely
outsource a computation to two non-colluding external servers. This paper use these techniques to
implement a secure recommender system based on collaborative filtering that becomes more secure, and
significantly more efficient than previously known implementations of such systems.
A Novel and Advanced Data Mining Model Based Hybrid Intrusion Detection Frame...Radita Apriana
An Intrusion can be defined as any practice or act that attempt to crack the integrity,
confidentiality or availability of a resource. This may contain of a deliberate unauthorized attempt to access
the information, manipulate the data, or make a system unreliable or unusable. With the expansion of
computer networks at an alarming rate during the past decade, security has become one of the serious
issues of computer systems.IDS, is a detection mechanism for detecting the intrusive activities hidden
among the normal activities. The revolutionary establishment of IDS has attracted analysts to work
dedicatedly enabling the system to deal with technological advancements. Hence, in this regard, various
beneficial schemes and models have been proposed in order to achieve enhanced IDS. This paper
proposes a novel hybrid model for intrusion detection. The proposed framework in this paper may be
expected as another step towards advancement of IDS. The framework utilizes the crucial data mining
classification algorithms beneficial for intrusion detection. The Hybrid framework would hence forth, will
lead to effective, adaptive and intelligent intrusion detection.
Integrated Framework for Secure and Energy Efficient Communication System in ...IJECEIAES
Irrespective of different forms and strategies implementing for securing Wireless Sensor Network (WSN), there are very less strategies that offers cost effective security over heterogeneous network. Therefore, this paper presents an integrated set of different processes that emphasize over secure routing, intellectual and delay-compensated routing, and optimization principle with a sole intention of securing the communication to and from the sensor nodes during data aggregation. The processed system advocates the non-usage of complex cryptography and encourages the usage of probability their and analytical modelling in order to render more practical implementation. The simulated outcome of study shows that proposed system offers reduced delay, more throughputs, and reduced energy consumption in contrast to existing system.
Multi-objective NSGA-II based community detection using dynamical evolution s...IJECEIAES
Community detection is becoming a highly demanded topic in social networking-based applications. It involves finding the maximum intraconnected and minimum inter-connected sub-graphs in given social networks. Many approaches have been developed for community’s detection and less of them have focused on the dynamical aspect of the social network. The decision of the community has to consider the pattern of changes in the social network and to be smooth enough. This is to enable smooth operation for other community detection dependent application. Unlike dynamical community detection Algorithms, this article presents a non-dominated aware searching Algorithm designated as non-dominated sorting based community detection with dynamical awareness (NDS-CD-DA). The Algorithm uses a non-dominated sorting genetic algorithm NSGA-II with two objectives: modularity and normalized mutual information (NMI). Experimental results on synthetic networks and real-world social network datasets have been compared with classical genetic with a single objective and has been shown to provide superiority in terms of the domination as well as the convergence. NDS-CD-DA has accomplished a domination percentage of 100% over dynamic evolutionary community searching DECS for almost all iterations.
Approximation of regression-based fault minimization for network trafficTELKOMNIKA JOURNAL
This research associates three distinct approaches for computer network traffic prediction. They are the traditional stochastic gradient descent (SGD) using a few random samplings instead of the complete dataset for each iterative calculation, the gradient descent algorithm (GDA) which is a well-known optimization approach in deep learning, and the proposed method. The network traffic is computed from the traffic load (data and multimedia) of the computer network nodes via the Internet. It is apparent that the SGD is a modest iteration but can conclude suboptimal solutions. The GDA is a complicated one, can function more accurate than the SGD but difficult to manipulate parameters, such as the learning rate, the dataset granularity, and the loss function. Network traffic estimation helps improve performance and lower costs for various applications, such as an adaptive rate control, load balancing, the quality of service (QoS), fair bandwidth allocation, and anomaly detection. The proposed method confirms optimal values out of parameters using simulation to compute the minimum figure of specified loss function in each iteration.
Novel framework using dynamic passphrase towards secure and energy-efficient ...IJECEIAES
At Mobile Adhoc Network (MANET) has been long-researched topic in adhoc network owing to the associated advantages in its cost-effective application as well as consistent loophopes owing to its inherent charecteristics. This manuscript draws a relationship between the energy factor and security factor which has not been emphasized in any existing studies much. Review of existing security approaches shows that they are highly attack specific, uses complex encryption, and overlooks the involvement of energy factor in it. Therefore, the proposed system introduces a novel mechanism where security tokens and passphrases are utilized in order to offer better security. The proposed system also introduces the usage of an agent node which communications with mobile nodes using group-based communication system thereby ensuring reduced computational effort of mobile nodes towards establishing secured communication. The outcome shows proposed system offers better outcome in contrast to existing system.
An efficient approach on spatial big data related to wireless networks and it...eSAT Journals
Abstract
Spatial big data acts as a important key role in wireless networks applications. In that spatial and spatio temporal problems contains the distinct role in big data and it’s compared to common relational problems. If we are solving those problems means describing the three applications for spatial big data. In each applications imposing the specific design and we are developing our work on highly scalable parallel processing for spatial big data in Hadoop frameworks by using map reduce computational model. Our results show that enables highly scalable implementations of algorithms using Hadoop for the purpose of spatial data processing problems. Inspite of developing these implementations requires specialized knowledge and user friendly.
Keywords: Spatial Big Data, Hadoop, Wireless Networks, Map reduce
Proposed Agent Based Black hole Node Detection Algorithm for Ad-Hoc Wireless...ijcsa
A Mobile ad-hoc network (MANET) is a latest and eme
rging Research topic among researchers. The
reason behind the popularity of MANET is flexibilit
y and independence of network infrastructure. MANET
has some unique characteristic like dynamic network
topology, limited power and limited bandwidth for
communication. MANET has more challenge compare to
any other conventional network. However the
dynamical network topology of MANETs, infrastructur
e-less property and lack of certificate authority m
ake
the security problems of MANETs need to pay more at
tention. This paper represents review of layer wise
security attacks. It also discussed the issues and
challenges of mobile ad hoc network. On the importa
nce of
security issues, this paper proposed intrusion dete
ction framework for detecting network layer threats
such
as black hole attack.
TREND-BASED NETWORKING DRIVEN BY BIG DATA TELEMETRY FOR SDN AND TRADITIONAL N...ijngnjournal
Organizations face a challenge of accurately analyzing network data and providing automated action
based on the observed trend. This trend-based analytics is beneficial to minimize the downtime and
improve the performance of the network services, but organizations use different network management
tools to understand and visualize the network traffic with limited abilities to dynamically optimize the
network. This research focuses on the development of an intelligent system that leverages big data
telemetry analysis in Platform for Network Data Analytics (PNDA) to enable comprehensive trendbased networking decisions. The results include a graphical user interface (GUI) done via a web
application for effortless management of all subsystems, and the system and application developed in
this research demonstrate the true potential for a scalable system capable of effectively benchmarking
the network to set the expected behavior for comparison and trend analysis. Moreover, this research
provides a proof of concept of how trend analysis results are actioned in both a traditional network and
a software-defined network (SDN) to achieve dynamic, automated load balancing.
An effective attack preventing routing approach in speed network in manetseSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Network forensics comes under the domain of digital forensics and deals with evidences left behind on the networkiafter a cyber-attack. It is indication of the weakness that led to the crime and the possible cause. Network focused research comes up with many challenges which involves the collection, storage, content, privacy, confiscation and the admissibility. It is important and critical for any network forensic researcher or the investigator to consider adopting efficient forensic network investigation framework or the methodologies in order to improve investigation process. The main aim of this research contribution was to do a comprehensive analysis of concepts of networks forensics through extensive investigation and by analyzing various methodologies and associated tools which should be used in the network forensic investigations. Detailed and in depth analysis of concepts of network forensic investigation on a designed/conceived network architecture was carried out which was then followed by analyzing various methodologies and tools employed. An innovative framework for the investigation was designed which can be used by any forensic expert. The acquired data was analyzed by using information, strategizing and collecting evidence and by analyzing and reporting of the methodologies on the conceptualized network. Consequently, it led to the researcher to adopt and utilize a powerful and efficient forensic network methodology that will ultimately help in improving the investigation process and providing required tools/techniques along with the requisite guidelines that will determine the approach, methods, and strategies which are to be used for networkiforensiciprocess to be followed and be executed with the use of relevant tools that will tend to help in the simplification and improvement of the forensics investigation process.
Forensic the word which indicate the detective work, which searches for and attempting to discover information. Mainly search is carried out for collecting evidence for investigation which is useful in criminal, civil or corporate investigations. Investigation is applicable in presence of some legal rules.
As criminals are getting smarter to perform crime that is, using data hiding techniques such as encryption and steganography, so forensic department has become alert has introduced a new concept called as Digital Forensic, which handles sensitive data which is responsible and confidential.
A Proactive Approach in Network Forensic Investigation ProcessEditor IJCATR
nformation Assurance and Security (IAS) is a crucial component in the corporate environment to ensure that the secrecy of
sensitive data is protected, the integrity of important data is not violated, and the availability of critical systems is guaranteed. The
advancement of Information communication and technology into a new era and domain such as mobility and Internet of Things,
its ever growing user’s base and sophisticated cyber-attacks forces the organizations to deploy automated and robust defense
mechanism to manage resultant digital security incidences in real time. Digital forensic is a scientific process that facilitates
detection of illegal activities and in-appropriate behaviors using scientific tools, techniques and investigation frameworks. This
research aims at identifying processes that facilitate and improves digital forensic investigation process. Existing digital forensic
framework will be reviewed and the analysis will be compiled toderive a network forensic investigation framework that include
evidence collection, preservation and analysis at a sensor level and in real time. It is aimed to discover complete relationship with
optimal performance among known and unseen/new alerts generated by multiple network sensors in order to improve the quality
of alert and recognize attack strategy
Network security is one of the foremost anxieties of the modern time. Over
the previous years, numerous studies have been accompanied on the
intrusion detection system. However, network security is one of the foremost
apprehensions of the modern era this is due to the speedy development and
substantial usage of altered technologies over the past period. The
vulnerabilities of these technologies security have become a main dispute
intrusion detection system is used to classify unapproved access and unusual
attacks over the secured networks. For the implementation of intrusion
detection system different approaches are used machine learning technique
is one of them. In order to comprehend the present station of application of
machine learning techniques for solving the intrusion discovery anomalies in
internet of thing (IoT) based big data this review paper conducted. Total 55
papers are summarized from 2010 and 2021 which were centering on the
manner of the single, hybrid and collaborative classifier design. This review
paper also includes some of the basic information like IoT, big data, and
machine learning approaches are discussed.
Network Forensics is scientifically proven technique to accumulate, perceive, identify, examine, associate, analyse and document digital evidence from multiple systems for the purpose of uncovering the fact of attacks and other problem incident as well as performing the action to recover from the attack. Many systems are proposed for designing the network forensic systems. In this paper we have prepared comparative analysis of various models based on different techniques.
Network Forensic Investigation of HTTPS ProtocolIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
Cyber Warfare is the current single greatest emerging threat to National Security. Network security has become an essential component of any computer network. As computer networks and systems become ever more fundamental to modern society, concerns about security has become increasingly important. There are a multitude of different applications open source and proprietary available for the protection +-system administrator, to decide on the most suitable format for their purpose requires knowledge of the available safety measures, their features and how they affect the quality of service, as well as the kind of data they will be allowing through un flagged. A majority of methods currently used to ensure the quality of a networks service are signature based. From this information, and details on the specifics of popular applications and their implementation methods, we have carried through the ideas, incorporating our own opinions, to formulate suggestions on how this could be done on a general level. The main objective was to design and develop an Intrusion Detection System. While the minor objectives were to; Design a port scanner to determine potential threats and mitigation techniques to withstand these attacks. Implement the system on a host and Run and test the designed IDS. In this project we set out to develop a Honey Pot IDS System. It would make it easy to listen on a range of ports and emulate a network protocol to track and identify any individuals trying to connect to your system. This IDS will use the following design approaches: Event correlation, Log analysis, Alerting, and policy enforcement. Intrusion Detection Systems (IDSs) attempt to identify unauthorized use, misuse, and abuse of computer systems. In response to the growth in the use and development of IDSs, we have developed a methodology for testing IDSs. The methodology consists of techniques from the field of software testing which we have adapted for the specific purpose of testing IDSs. In this paper, we identify a set of general IDS performance objectives which is the basis for the methodology. We present the details of the methodology, including strategies for test-case selection and specific testing procedures. We include quantitative results from testing experiments on the Network Security Monitor (NSM), an IDS developed at UC Davis. We present an overview of the software platform that we have used to create user-simulation scripts for testing experiments. The platform consists of the UNIX tool expect and enhancements that we have developed, including mechanisms for concurrent scripts and a record-and-replay feature. We also provide background information on intrusions and IDSs to motivate our work.
The paper emphasizes the human aspects of cyber incidents concerning protecting information and
technology assets by addressing behavioral analytics in cybersecurity for digital forensics applications.
The paper demonstrates the human vulnerabilities associated with information systems technologies and
components. This assessment is based on past literature assessments done in this area. This study also
includes analyses of various frameworks that have led to the adoption of behavioral analysis in digital
forensics. The study's findings indicate that behavioral evidence analysis should be included as part of the
digital forensics examination. The provision of standardized investigation methods and the inclusion of
human factors such as motives and behavioral tendencies are some of the factors attached to the use of
behavioral digital forensic frameworks. However, the study also appreciates the need for a more
generalizable digital forensic method.
The paper emphasizes the human aspects of cyber incidents concerning protecting information and
technology assets by addressing behavioral analytics in cybersecurity for digital forensics applications.
The paper demonstrates the human vulnerabilities associated with information systems technologies and
components. This assessment is based on past literature assessments done in this area. This study also
includes analyses of various frameworks that have led to the adoption of behavioral analysis in digital
forensics. The study's findings indicate that behavioral evidence analysis should be included as part of the
digital forensics examination. The provision of standardized investigation methods and the inclusion of
human factors such as motives and behavioral tendencies are some of the factors attached to the use of
behavioral digital forensic frameworks. However, the study also appreciates the need for a more
generalizable digital forensic method.
The paper emphasizes the human aspects of cyber incidents concerning protecting information and
technology assets by addressing behavioral analytics in cybersecurity for digital forensics applications.
The paper demonstrates the human vulnerabilities associated with information systems technologies and
components. This assessment is based on past literature assessments done in this area. This study also
includes analyses of various frameworks that have led to the adoption of behavioral analysis in digital
forensics. The study's findings indicate that behavioral evidence analysis should be included as part of the
digital forensics examination. The provision of standardized investigation methods and the inclusion of
human factors such as motives and behavioral tendencies are some of the factors attached to the use of
behavioral digital forensic frameworks. However, the study also appreciates the need for a more
generalizable digital forensic method.
HYBRIDIZED MODEL FOR DATA SECURITY BASED ON SECURITY HASH ANALYSIS (SHA 512) ...IJNSA Journal
High-profile security breaches and attacks on many organization’s database have been on the increase and the consequences of this, are the adverse effect on the organizations in terms of financial loss and reputation. Many of the security breaches has been ascribed to the vulnerability of the organization’s networks, security policy and operations. Additionally, the emerging technology solutions like Internet-ofThings (IoT), Artificial Intelligence, and Cloud Computing, has extremely exposed many of the organizations to different forms of cyber-threats and attacks. Researchers and system designers have made attempts to proffer solution to some of these challenges. However, the efficacy of the techniques remains a great concern due to insufficient control mechanisms. For instance, many of the techniques are majorly based on a single mode encryption techniques which are not too robust to withstand the threats and attacks on organization’s database. To proffer solution to these challenges, the current research designed and integrated a hybridized data security model based on Secured Hash Analysis (SHA 512) and Salting Techniques to enhance the adeptness of the existing techniques. The Hash Analysis algorithm was used to map the data considered to a bit string of a fixed length and salt was added to the password strings essentially to hide its real hash value. The idea of adding salt to the end of the password is basically to complicate the password cracking process. The hybridized model was implemented in Windows environment using python 3.7 IDE platform and tested on a dedicated Local Area Network (LAN) that was exposed to threats from both internal and external sources. The results from the test show that the model performed well in terms of efficiency and robustness to attacks. The performance of the new model recorded a high level of improvement over the existing techniques with a recital of 97.6%.
Network Security and Privacy in Medium Scale Businesses in NigeriaINFOGAIN PUBLICATION
Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources. This study investigates a general framework for assessing the security and privacy of current networks. We ask a more general question: what security and privacy mechanisms are available to the medium sized businesses in Nigeria and to what extent have they utilized these mechanisms for the safety of organizational data. The study made use of both primary and secondary data sources. The primary source was a questionnaire administered to a total of 105 medium scale businesses in some of states i, Nigeria. The result showed that medium scale businesses in Nigeria store electronic data to a very high extent but lack the adequate hardware/software to prevent unauthorized access to electronically stored data. However, many of these companies do not have official policy as regards customer data privacy. In cases where they exist, customers are not aware of such policies. This study therefore recommends that government and regulatory bodies should give serious attention to network security and privacy of medium scale businesses in Nigeria. Network security standards should be set for any organization setting up or providing a wireless network. Government should also review existing data privacy laws and ensure that customers are aware of such laws before engaging in any transaction that involves giving aware their personal data to the third party.
Optimised malware detection in digital forensicsIJNSA Journal
On the Internet, malware is one of the most serious threats to system security. Most complex issues and
problems on any systems are caused by malware and spam. Networks and systems can be accessed and
compromised by malware known as botnets, which compromise other systems through a coordinated
attack. Such malware uses anti-forensic techniques to avoid detection and investigation. To prevent systems
from the malicious activity of this malware, a new framework is required that aims to develop an optimised
technique for malware detection. Hence, this paper demonstrates new approaches to perform malware
analysis in forensic investigations and discusses how such a framework may be developed.
Review on effectiveness of deep learning approach in digital forensicsIJECEIAES
Cyber forensics is use of scientific methods for definite description of cybercrime activities. It deals with collecting, processing and interpreting digital evidence for cybercrime analysis. Cyber forensic analysis plays very important role in criminal investigations. Although lot of research has been done in cyber forensics, it is still expected to face new challenges in near future. Analysis of digital media specifically photographic images, audio and video recordings are very crucial in forensics This paper specifically focus on digital forensics. There are several methods for digital forensic analysis. Currently deep learning (DL), mainly convolutional neural network (CNN) has proved very promising in classification of digital images and sound analysis techniques. This paper presents a compendious study of recent research and methods in forensic areas based on CNN, with a view to guide the researchers working in this area. We first, defined and explained preliminary models of DL. In the next section, out of several DL models we have focused on CNN and its usage in areas of digital forensic. Finally, conclusion and future work are discussed. The review shows that CNN has proved good in most of the forensic domains and still promise to be better.
An Intrusion Detection based on Data mining technique and its intended import...Editor IJMTER
Intrusion detection is a pivotal and essential requirement of today’s era. There are two
major side of Intrusion detection namely, Host based intrusion detection as well as network based
intrusion detection. In Host based intrusion detection system, it monitors the information arrive at the
particular machine or node. While in network based intrusion system, it monitor and analyze whole
traffic of network. Data mining introduce latest technology and methods to handle and categorize
types of attacks using different classification algorithm and matching the patterns of malicious
behavior. Due to the use of this data mining technology, developers extract and analyze the types of
attack in the network.
In addition to this there are two major approach of intrusion detection. First, anomaly based approach,
in which attacks are found with high false alarm rate. However, in signature based approach, false
alarm rate is low with lack of processing of novel attacks. Most of the researchers do their research
based on signature intrusion with the purpose to increase detection rate. Major advantage of this
system, IDS does not require biased assessment and able to identify massive pattern of attacks.
Moreover, capacity to handle large connection records of network. In this paper we try to discover
the features of intrusion detection based on data mining technique.
NETWORK INTRUSION DETECTION AND COUNTERMEASURE SELECTION IN VIRTUAL NETWORK (...ijsptm
Intrusion in a network or a system is a problem today as the trend of successful network attacks continue to
rise. Intruders can explore vulnerabilities of a network system to gain access in order to deploy some virus
or malware such as Denial of Service (DOS) attack. In this work, a frequency-based Intrusion Detection
System (IDS) is proposed to detect DOS attack. The frequency data is extracted from the time-series data
created by the traffic flow using Discrete Fourier Transform (DFT). An algorithm is developed for
anomaly-based intrusion detection with fewer false alarms which further detect known and unknown attack
signature in a network. The frequency of the traffic data of the virus or malware would be inconsistent with
the frequency of the legitimate traffic data. A Centralized Traffic Analyzer Intrusion Detection System
called CTA-IDS is introduced to further detect inside attackers in a network. The strategy is effective in
detecting abnormal content in the traffic data during information passing from one node to another and
also detects known attack signature and unknown attack. This approach is tested by running the artificial
network intrusion data in simulated networks using the Network Simulator2 (NS2) software.
Similar to USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY (20)
MULTIMODAL COURSE DESIGN AND IMPLEMENTATION USING LEML AND LMS FOR INSTRUCTIO...IJMIT JOURNAL
Traditionally, teaching has been centered around classroom delivery. However, the onslaught of the
COVID-19 pandemic has cultivated usage of technology, teaching, and learning methodologies for course
delivery. We investigate and describe different modes of course delivery that maintain the integrity of
teaching and learning. This paper answers to the research questions: 1) What course delivery method our
academic institutions use and why? 2) How can instructors validate the guidelines of the institutions? 3)
How courses should be taught to provide student learning outcomes? Using the Learning Environment
Modeling Language (LEML), we investigate the design and implementation of courses for delivery in the
following environments: face-to-face, online synchronous, asynchronous, hybrid, and hyflex. A good
course design and implementation are key components of instructional alignment. Furthermore, we
demonstrate how to design, implement, and deliver courses in synchronous, asynchronous, and hybrid
modes and describe our proposed enhancements to LEML.
Novel R&D Capabilities as a Response to ESG Risks-Lessons From Amazon’s Fusio...IJMIT JOURNAL
Environmental, Social, and Governance (ESG) management is essential for transforming corporate
financial performance-oriented business strategies into Finance (F) + ESG optimization strategies to
achieve the Sustainable Development Goals (SDGs).
In this trend, the rise of ESG risks has divided firms into two categories. Former incorporates a growthmindset that creates a passion for learning, and urges it to improve itself by endeavoring Research and
development (R&D) -driven challenges, while the other category, characterized by risk aversion, avoids
challenging highly uncertain R&D activities and seeks more manageable endeavors.
This duality underscores the complexity of corporate R&D strategies in addressing ESG risks and
necessitates the development of novel R&D capabilities for corporate R&D transformation strategies
towards F + ESG optimization.
International Journal of Managing Information Technology (IJMIT) ** WJCI IndexedIJMIT JOURNAL
The International Journal of Managing Information Technology (IJMIT) is a quarterly open access peer-reviewed journal that publishes articles that contribute new results in all areas of the strategic application of information technology (IT) in organizations. The journal focuses on innovative ideas and best practices in using IT to advance organizations – for-profit, non-profit, and governmental. The goal of this journal is to bring together researchers and practitioners from academia, government, and industry to focus on understanding both how to use IT to support the strategy and goals of the organization and to employ IT in new ways to foster greater collaboration, communication, and information sharing both within the organization and with its stakeholders. The International Journal of Managing Information Technology seeks to establish new collaborations, new best practices, and new theories in these areas.
International Journal of Managing Information Technology (IJMIT) ** WJCI IndexedIJMIT JOURNAL
The International Journal of Managing Information Technology (IJMIT) is a quarterly open access peer-reviewed journal that publishes articles that contribute new results in all areas of the strategic application of information technology (IT) in organizations. The journal focuses on innovative ideas and best practices in using IT to advance organizations – for-profit, non-profit, and governmental. The goal of this journal is to bring together researchers and practitioners from academia, government, and industry to focus on understanding both how to use IT to support the strategy and goals of the organization and to employ IT in new ways to foster greater collaboration, communication, and information sharing both within the organization and with its stakeholders. The International Journal of Managing Information Technology seeks to establish new collaborations, new best practices, and new theories in these areas.
NOVEL R & D CAPABILITIES AS A RESPONSE TO ESG RISKS- LESSONS FROM AMAZON’S FU...IJMIT JOURNAL
Environmental, Social, and Governance (ESG) management is essential for transforming corporate
financial performance-oriented business strategies into Finance (F) + ESG optimization strategies to
achieve the Sustainable Development Goals (SDGs).
In this trend, the rise of ESG risks has divided firms into two categories. Former incorporates a growthmindset that creates a passion for learning, and urges it to improve itself by endeavoring Research and
development (R&D) -driven challenges, while the other category, characterized by risk aversion, avoids
challenging highly uncertain R&D activities and seeks more manageable endeavors.
This duality underscores the complexity of corporate R&D strategies in addressing ESG risks and
necessitates the development of novel R&D capabilities for corporate R&D transformation strategies
towards F + ESG optimization.
Building on this premise, this paper conducts an empirical analysis, utilizing reliable firms data on ESG
risk and brand value, with a focus on 100 global R&D leader firms. It analyzes R&D and actions for ESG
risk mitigation, and assesses the development of new functions that fulfill F + ESG optimization through
R&D. The analysis also highlights the significance of network externality effects, with a specific focus on
Amazon, a leading R&D company, providing insights into the direction for transforming R&D strategies
towards F + ESG optimization.
The dynamics of stakeholder engagement in F + ESG optimization are indicated with the example of
amazon's activities. Through the analysis, it became evident that Amazon's capacity encompassing growth
and scalability, specifically its ability to grow and expand, is accelerating high-level research and
development by gaining the trust of stakeholders in the "synergy through R&D-driven ESG risk
mitigation."
Finally, as examples of these initiatives, the paper discussed the Climate Pledge led by Amazon and the
transformation of Japan's management system.
A REVIEW OF STOCK TREND PREDICTION WITH COMBINATION OF EFFECTIVE MULTI TECHNI...IJMIT JOURNAL
It is important for investors to understand stock trends and market conditions before trading stocks. Both
these capabilities are very important for an investor in order to obtain maximized profit and minimized
losses. Without this capability, investors will suffer losses due to their ignorance regarding stock trends
and market conditions. Technical analysis helps to understand stock prices behavior with regards to past
trends, the signals given by indicators and the major turning points of the market price. This paper reviews
the stock trend predictions with a combination of the effective multi technical indicator strategy to increase
investment performance by taking into account the global performance and the proposed combination of
effective multi technical indicator strategy model.
INTRUSION DETECTION SYSTEM USING CUSTOMIZED RULES FOR SNORTIJMIT JOURNAL
These days the security provided by the computer systems is a big issue as it always has the threats of
cyber-attacks like IP address spoofing, Denial of Service (DOS), token impersonation, etc. The security
provided by the blue team operations tends to be costly if done in large firms as a large number of systems
need to be protected against these attacks. This leads these firms to turn to less costly security
configurations like IDS Suricata and IDS Snort. The main theme of the project is to improve the services
provided by Snort which is a tool used in creating a vague defense against cyber-attacks like DDOS
attacks which are done on both physical and network layers. These attacks in turn result in loss of
extremely important data. The rules defined in this project will result in monitoring traffic, analyzing it,
and taking appropriate action to not only stop the attack but also locate its source IP address. This whole
process uses different tools other than Snort like Wireshark, Wazuh and Splunk. The product of this will
result in not only the detection of the attack but also the source IP address of the machine on which the
attack is initiated and completed. The end product of this research will result in sets of default rules for the
Snort tool which will not only be able to provide better security than its previous versions but also be able
to provide the user with the IP address of the attacker or the person conducting the attack. The system
involves the integration of Wazuh with Snort tool in order to make it more efficient than IDS Suricata
which is another intrusion detection system capable of detecting all these types of attacks as mentioned.
Splunk is another tool used in this project which increases the firewall efficiency to pass the no. of bits to
be scanned and the no. of bits scanned successfully. Wazuh is used in this system as it is the best choice for
traffic monitoring and incident response than any other of its alternatives in the market. Since this system
is used in firms which are known to handle big amounts of data and for this purpose, we use Splunk tool as
it is very efficient in handling big amounts of data. Wireshark is used in this system in order to give the IDS
automation in its capability to capture and report the malicious packets found during the network scan. All
of this gives the IDS a capability of a low budget automated threat detection system. This paper gives
complete guidelines for authors submitting papers for the AIRCC Journals.
Artificial Intelligence (AI) has rapidly become a critical technology for businesses seeking to improve
efficiency and profitability. One area where AI is proving particularly impactful is in service operations
management, where it is used to create AI-powered service operations (AIServiceOps) that deliver highvalue services to customers. AIServiceOps involve the use of AI to automate and optimize various business
processes, such as customer service, sales, marketing, and supply chain management. The rapid
development of Artificial Intelligence has prompted many changes in the field of Information Technology
(IT) Service Operations. IT Service Operations are driven by AI, i.e., AIServiceOps. AI has empowered
new vitality and addressed many challenges in IT Service Operations. However, there is a literature gap on
the Business Value Impact of Artificial intelligence (AI) Powered IT Service Operations. It can help IT
build optimized business resilience by creating value in complex and ever-changing environments as
product organizations move faster than IT can handle. So, this research paper examines how AIServiceOps
creates business value and sustainability, basically how AIServiceOps makes the IT staff liberation from a
low-level, repetitive workout and traditional IT practices for a continuously optimized process. One of the
research objectives is to compare Traditional IT Service Operations with AIServiceOPs. This paper
provides the basis for how enterprises can evaluate AIServiceOps and consider it a digital transformation
tool. The paper presents a case study of a company that implemented AI-powered service operations
(AIServiceOps) and analyzes the resulting business outcomes. The study shows that AIServiceOps can
significantly improve service delivery, reduce response times, and increase customer satisfaction.
Furthermore, it demonstrates how AIServiceOps can deliver substantial cost savings, such as reducing
labor costs and minimizing downtime.
MEDIATING AND MODERATING FACTORS AFFECTING READINESS TO IOT APPLICATIONS: THE...IJMIT JOURNAL
Although IOT seems to be the upcoming trend, it is still in its infancy; especially in the banking industry.
There is a clear gap in literature, as only few studies identify factors affecting readiness to IOT
applications in banks in general, and almost negligible investigations on mediating and moderating
factors. Accordingly, this research aims to investigate the main factors that affect employees’ readiness to
IOT applications, while highlighting the mediating and moderating factors in the Egyptian banking sector.
The importance of Egypt stems from its high population and steady steps taken towards technology
adoption. 479 valid questionnaires were distributed over HR employees in banks. Data collected was
statistically analysed using Regression and SEM. Results showed a significant impact of ‘Security’,
‘Networking’, ‘Software Development’ and ‘Regulations’ on ‘readiness to IOT applications. Thus, the
readiness acceptance level is high‘Security’ and ‘User Intention’ were proven to mediate the relationship
between research variables and readiness to IOT applications, and only a partial moderation role was
proven for ‘Efficiency’. The study contributes to increasing literature on IOT applications in general, and
fills a gap on the Egyptian banking context in particular. Finally, it provides decision makers at banks with
useful guidelines on how to optimally promote IOT applications among employees.
EFFECTIVELY CONNECT ACQUIRED TECHNOLOGY TO INNOVATION OVER A LONG PERIODIJMIT JOURNAL
IT (Information and Communication Technology) companies are facing the dilemma of decreasing
productivity despite increasing research and development efforts. M&A (Merger and Acquisition) is being
considered as a breakthrough solution. From existing research, it has been pointed out that M&A leads to
the emergence of new innovations. Purpose of this study was to discuss the efficient ways of acquisition and
to resolve the dilemma of productivity decline by clarifying how the technology obtained through M&A
leads to the creation of new innovations. Hypothesis 1 was that the technology acquired through M&A is
utilized for innovation creation, Hypothesis 2 was that the acquired technology is utilized over a long
period of time, and Hypothesis 3 was that a long-term utilization has a positive impact on corporate
performance. The results, using sports prosthetics as a case study and using patents as a proxy variable,
confirmed all the hypotheses set. We have revealed that long-term utilization of technology obtained
through M&A is effective for creating new innovations.
International Journal of Managing Information Technology (IJMIT) ** WJCI IndexedIJMIT JOURNAL
The International Journal of Managing Information Technology (IJMIT) is a quarterly open access peer-reviewed journal that publishes articles that contribute new results in all areas of the strategic application of information technology (IT) in organizations. The journal focuses on innovative ideas and best practices in using IT to advance organizations – for-profit, non-profit, and governmental. The goal of this journal is to bring together researchers and practitioners from academia, government, and industry to focus on understanding both how to use IT to support the strategy and goals of the organization and to employ IT in new ways to foster greater collaboration, communication, and information sharing both within the organization and with its stakeholders. The International Journal of Managing Information Technology seeks to establish new collaborations, new best practices, and new theories in these areas.
Authors are solicited to contribute to the journal by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in the areas of information technology and management
4th International Conference on Cloud, Big Data and IoT (CBIoT 2023)IJMIT JOURNAL
4th International Conference on Cloud, Big Data and IoT (CBIoT 2023) will act as a major forum for the presentation of innovative ideas, approaches, developments, and research projects in the areas of Cloud, Big Data and IoT. It will also serve to facilitate the exchange of information between researchers and industry professionals to discuss the latest issues and advancement in the area of Cloud, Big Data and IoT.
Authors are solicited to contribute to the conference by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in Cloud, Big Data and IoT.
TRANSFORMING SERVICE OPERATIONS WITH AI: A CASE FOR BUSINESS VALUEIJMIT JOURNAL
Artificial Intelligence (AI) has rapidly become a critical technology for businesses seeking to improve
efficiency and profitability. One area where AI is proving particularly impactful is in service operations
management, where it is used to create AI-powered service operations (AIServiceOps) that deliver highvalue services to customers. AIServiceOps involve the use of AI to automate and optimize various business
processes, such as customer service, sales, marketing, and supply chain management. The rapid
development of Artificial Intelligence has prompted many changes in the field of Information Technology
(IT) Service Operations. IT Service Operations are driven by AI, i.e., AIServiceOps. AI has empowered
new vitality and addressed many challenges in IT Service Operations. However, there is a literature gap on
the Business Value Impact of Artificial intelligence (AI) Powered IT Service Operations. It can help IT
build optimized business resilience by creating value in complex and ever-changing environments as
product organizations move faster than IT can handle. So, this research paper examines how AIServiceOps
creates business value and sustainability, basically how AIServiceOps makes the IT staff liberation from a
low-level, repetitive workout and traditional IT practices for a continuously optimized process. One of the
research objectives is to compare Traditional IT Service Operations with AIServiceOPs. This paper
provides the basis for how enterprises can evaluate AIServiceOps and consider it a digital transformation
tool. The paper presents a case study of a company that implemented AI-powered service operations
(AIServiceOps) and analyzes the resulting business outcomes. The study shows that AIServiceOps can
significantly improve service delivery, reduce response times, and increase customer satisfaction.
Furthermore, it demonstrates how AIServiceOps can deliver substantial cost savings, such as reducing
labor costs and minimizing downtime.
DESIGNING A FRAMEWORK FOR ENHANCING THE ONLINE KNOWLEDGE-SHARING BEHAVIOR OF ...IJMIT JOURNAL
The main objective of this paper is to identify the factors that influence academic staff's digital knowledgesharing behaviors in Ethiopian higher education. A structural equation model was used to validate the
research framework using survey data from 210 respondents. The collected data has been analyzed using
Smart PLS software. The results of the study show that trust, self-motivation, and altruism are positively
related to attitude. Contrary to our expectations, knowledge technology negatively affects attitude.
However, reward systems and empowerment by leaders are significantly associated with knowledgesharing intentions.Knowledge-sharing intention, in turn, was significantly related to digital knowledgesharing behavior. The contributions of this study are twofold. The framework may serve as a roadmap for
future researchers and managers considering their strategy to enhance digital knowledge sharing in HEI.
The findings will benefit academic staff and university administrations.The study will also help academic
staff enhance their knowledge-sharing practices.
BUILDING RELIABLE CLOUD SYSTEMS THROUGH CHAOS ENGINEERINGIJMIT JOURNAL
Cloud computing systems need to be reliable so that they can be accessed and used for computing at any
given point in time. The complex nature of cloud systems is the motivation to conduct research in novel
ways of ensuring that cloud systems are built with reliability in mind. In building cloud systems, it is
expected that the cloud system will be able to deal with high demands and unexpected events that affect the
reliability and performance of the system.
In this paper, chaos engineering is considered a heuristic method that can be used to build reliable cloud
systems. Chaos engineering is aimed at exposing weaknesses in systems that are in production. Chaos
engineering will help identify system weaknesses and strengths when a system is exposed to unexpected
knocks and shocks while it is in production.
Chaos engineering allows system developers and administrators to get insights into how the cloud system
will behave when it is exposed to unexpected occurrences.
A REVIEW OF STOCK TREND PREDICTION WITH COMBINATION OF EFFECTIVE MULTI TECHNI...IJMIT JOURNAL
It is important for investors to understand stock trends and market conditions before trading stocks. Both
these capabilities are very important for an investor in order to obtain maximized profit and minimized
losses. Without this capability, investors will suffer losses due to their ignorance regarding stock trends
and market conditions. Technical analysis helps to understand stock prices behavior with regards to past
trends, the signals given by indicators and the major turning points of the market price. This paper reviews
the stock trend predictions with a combination of the effective multi technical indicator strategy to increase
investment performance by taking into account the global performance and the proposed combination of
effective multi technical indicator strategy model.
NETWORK MEDIA ATTENTION AND GREEN TECHNOLOGY INNOVATIONIJMIT JOURNAL
This paper will provide a novel empirical study for the relationship between network media attention and
green technology innovation and examine how network media attention can ease financing constraints. It
collected data from listed companies in China's heavy pollution industry and performed rigorous
regression analysis, in order to innovatively explore the environmental governance functions of the media.
It found that network media attention significantly promotes green technology innovation. By analyzing the
inner mechanism further, it found that network media attention can promote green innovation by easing
financing constraints. Besides, network media attention has a significant positive impact on green invention
patents while not affecting green utility model patents.
INCLUSIVE ENTREPRENEURSHIP IN HANDLING COMPETING INSTITUTIONAL LOGICS FOR DHI...IJMIT JOURNAL
Information System (IS) research advocates employing collaborative and loose coupling strategies to address contradictory issues to address diversified actors’ interests than the prescriptive and unilateral Information Technology (IT) governance mechanisms’, yet it is rarely depicting how managers employ these strategies in Health Information System (HIS) implementation, particularly in a resource-constrained setting where IS implementation activities have highly relied on multiple international organizations resources. This study explored how managers in resource-constrained settings employ collaborative IT governance mechanisms in the case of District Health Information System 2 (DHIS2) adoption with an interpretative case study approach and the institutional logic concept. The institutional logic concept was used to identify the major actors’ logics underpinning the DHIS2 adoption. The study depicted the importance of high-level officials' distance from the dominant systemic logic to consider new alternative, and to employ inclusive IT governance mechanisms which separated resource from the system that facilitated stakeholders’ collaboration in DHIS2 adoption based on their capacity and interest.
DEEP LEARNING APPROACH FOR EVENT MONITORING SYSTEMIJMIT JOURNAL
With an increasing number of extreme events and complexity, more alarms are being used to monitor
control rooms. Operators in the control rooms need to monitor and analyze these alarms to take suitable
actions to ensure the system’s stability and security. Security is the biggest concern in the modern world. It
is important to have a rigid surveillance that should guarantee protection from any sought of hazard.
Considering security, Closed Circuit TV (CCTV) cameras are being utilized for reconnaissance, but these
CCTV cameras require a person for supervision. As a human being, there can be a possibility to be tired
off in supervision at any point of time. So, we need a system to detect automatically. Thus, we came up with
a solution using YOLO V5. We have taken a data set and used robo-flow framework to enhance the existing
images into numerous variations where it will create a copy of grey scale image, a copy of its rotation and
a copy of its blurred version which will be used to get an enlarged data set. This work mainly focuses on
providing a secure environment using CCTV live footage as a source to detect the weapons. Using YOLO
algorithm, it divides an image from the video into grid system and each grid detects an object within itself
MULTIMODAL COURSE DESIGN AND IMPLEMENTATION USING LEML AND LMS FOR INSTRUCTIO...IJMIT JOURNAL
Traditionally, teaching has been centered around classroom delivery. However, the onslaught of the
COVID-19 pandemic has cultivated usage of technology, teaching, and learning methodologies for course
delivery. We investigate and describe different modes of course delivery that maintain the integrity of
teaching and learning. This paper answers to the research questions: 1) What course delivery method our
academic institutions use and why? 2) How can instructors validate the guidelines of the institutions? 3)
How courses should be taught to provide student learning outcomes? Using the Learning Environment
Modeling Language (LEML), we investigate the design and implementation of courses for delivery in the
following environments: face-to-face, online synchronous, asynchronous, hybrid, and hyflex. A good
course design and implementation are key components of instructional alignment. Furthermore, we
demonstrate how to design, implement, and deliver courses in synchronous, asynchronous, and hybrid
modes and describe our proposed enhancements to LEML.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
USE OF NETWORK FORENSIC MECHANISMS TO FORMULATE NETWORK SECURITY
1. International Journal of Managing Information Technology (IJMIT) Vol.7, No.4, November 2015
DOI : 10.5121/ijmit.2015.7402 21
USE OF NETWORK FORENSIC MECHANISMS
TO FORMULATE NETWORK SECURITY
Dhishan Dhammearatchi
Sri Lanka Institute of Information Technology Computing (Pvt) Ltd
ABSTRACT
Network Forensics is fairly a new area of research which would be used after an intrusion in various
organizations ranging from small, mid-size private companies and government corporations to the defence
secretariat of a country. At the point of an investigation valuable information may be mishandled which
leads to difficulties in the examination and time wastage. Additionally the intruder could obliterate tracks
such as intrusion entry, vulnerabilities used in an entry, destruction caused, and most importantly the
identity of the intruder. The aim of this research was to map the correlation between network security and
network forensic mechanisms. There are three sub research questions that had been studied. Those have
identified Network Security issues, Network Forensic investigations used in an incident, and the use of
network forensics mechanisms to eliminate network security issues. Literature review has been the
research strategy used in order study the sub research questions discussed. Literature such as research
papers published in Journals, PhD Theses, ISO standards, and other official research papers have been
evaluated and have been the base of this research. The deliverables or the output of this research was
produced as a report on how network forensics has assisted in aligning network security in case of an
intrusion. This research has not been specific to an organization but has given a general overview about
the industry. Embedding Digital Forensics Framework, Network Forensic Development Life Cycle, and
Enhanced Network Forensic Cycle could be used to develop a secure network. Through the mentioned
framework, and cycles the author has recommended implementing the 4R Strategy (Resistance,
Recognition, Recovery, Redress) with the assistance of a number of tools. This research would be of
interest to Network Administrators, Network Managers, Network Security personnel, and other personnel
interested in obtaining knowledge in securing communication devices/infrastructure. This research
provides a framework that can be used in an organization to eliminate digital anomalies through network
forensics, helps the above mentioned persons to prepare infrastructure readiness for threats and also
enables further research to be carried on in the fields of computer, database, mobile, video, and audio.
Keywords
Network Security, Network Forensics, Issues and attacks, Network forensic mechanisms, Set of Guidelines,
and Recommendation.
1. BACKGROUND
Network security is a component implemented in early 1980’s. However, with the sophisticated
mechanisms used by the intruders’ sensitive information is at risk. The Computer Emergency
Response Team (CERT) Coordination Centre has shown an increase of Internet-related
vulnerabilities and incidents reported to CERT over a 10-year period [1]. Supporting it, the
CSI/FBI (Crime Scene Investigation/ Federal Bureau of Investigation) Computer Crime and
security survey for 2006 explains the losses experienced in various types of security incidents
2. International Journal of Managing Information Technology (IJMIT) Vol.7, No.4, November 2015
22
[13]. Case studies of anomalies in New Zealand and Russia has explained the damages done with
exploit [2].
Network forensics first emerged when computer crimes grew rapidly due to the growth of the
communication media. Forensic Investigation normally comes into action when an incident has
happened, as a post event response. It has been supported that there are technologies that could be
helped in an investigation as mechanisms that would be useful in presenting to the court as
evidence. Benefits of network forensics in eliminating network security issues should be
considered. Processes and procedures that need to be implemented in order to gather evidence as
well as being ready for a network forensic analysis[3] [4] [5].
Confidentiality, Integrity, and Assurance (CIA) among the communication with users and
applications which are involved in delivering particular services. Application layer, Transmission
Control Protocol/ Internet Protocol (TCP/IP) layers, and network layer need to have separate
policies to protect information crossing from one layer to another [6].
As indicated above, a study in network security which has been an active component in the past
needs to be reviewed for an enhanced version. There are a number of studies conducted by many
researchers in affiliating network forensics into network security which does not fulfil in targeting
as a set of guidelines. Therefore a study in affiliating mechanisms used in network forensics to
network security as a complete solution would be a timely study.
2. AIM
The aim of this research is to correlate mechanisms of network forensics into network security.
Along with the assistance of network forensic elements it would assist to protect not only devices
and users but also confidential information in an organization. It would assist the strategic,
tactical, and operational managers to create guidelines in the perspective of network security.
2.1 Research Questions
Main research question
How would network forensic mechanisms be used to eradicate network security attacks?
Sub research questions
a) What are the network security issues and attacks?
b) What are the network forensic investigation mechanisms used in a network
security incident?
c) How to use network forensic mechanisms to eliminate the above network
security issues and attacks?
2.2Deliverables
The deliverables or the output of this research would be a report on how network forensics would
be helpful in aligning network security in case of an intrusion. The main purpose of this report is
to cover the scope of the project aim as shown below:
3. International Journal of Managing Information Technology (IJMIT) Vol.7, No.4, November 2015
23
• Identify the main security issues and attacks that could be commonly seen in an
organizational network security.
• Investigate the available network forensic mechanisms to investigate an incident as
digital evidence.
• Map the above issues and attacks in relation to the available network forensic
methods.
• Build a set of guidelines that can be used for an organization to eliminate networks
security issues and attacks through network forensics.
3.0 LITERATUREREVIEWONNETWORK SECURITY AND
NETWORK FORENSICS
Network forensics is a post event activity in an incident or an anomaly. When an attack or an
intrusion is detected in an organization, a forensic investigator would be called upon to determine
the method of intrusion, the cost affiliated with the intrusion, and to investigate the existence of
any backdoor vulnerability [4]. However, it is extremely a difficult role in the real world [3]. It is
potentially important in revealing possible evidence that may be lost or hidden accidently or
deliberately through tools, processes, and procedures that would be timely and costly.
Globally, network security and network forensics have been managed as separate entities.
However, in the recent era a network forensic readiness has been the study interest of the
researchers in the field of network security and network forensics. Factors such as cost, time,
inaccuracy, and inefficiency of an investigation without a proper arrangement in network security
have interested the researchers in exploring this field. Separate modules of network forensic
readiness have been discussed without correlating among processes, procedures, policies, tools,
and standards.
3.1 Limitations and potential problems
The subject of digital forensics covers a spectrum of forensic science. Computer forensics,
database forensics, mobile device forensics, network forensics, forensic video, and forensic audio
would be a number of forensic sciences available. However in this research the author would only
cover network forensics but with a limited association of the other forensic areas that affiliates
with network forensics. The credibility of the documents reviewed was a complication that was
found. The insufficient amount of research being done in this subject area made doing a literature
survey difficult. Most of the researches done would only discuss one aspect of network security
or network forensics where the author had to use the data extraction sheet efficiently and
accurately to structure the raw data found into potential information.
3.2Network Security Issues and Attacks
Defence Advanced Research Project Agency (DARPA), USA carried out an intrusion detection
evaluation program in the year 1998 at the USA Air Force Local Area network (LAN) [7].
Furthermore, 494,021 data subsets were used for the analysis and the subsets were divided into 41
different quantitative and qualitative features. However 20% of the data was isolated as normal
traffic and the rest were differentiated as shown below:
4. International Journal of Managing Information Technology (IJMIT) Vol.7, No.4, November 2015
24
• Probing;
• DOS;
• U2SU (Unauthorized access to local super user);
• R2L (Unauthorized access from a remote machine).
Figure 01 illustrates the findings in a graphical view. It would assist the reader in determining the
80% of the illegitimate data set in a categorized format. The four sectors have been illustrated by
the above mentioned has shown below:
Figure 01: DARPA intrusion detection program.
(Source: https://www.utica.edu/academic/institutes/ecii/publications/articles/A04CCCB9-D778-
B3D4-3C9A98DB4B0F99D1.pdf)
14 different classifications which perform individually or simultaneously in an attack [9]. Attack
comprises of different activities as shown in Figure 02. An intruder needs to perform either one or
several activities in each category in the given 14 classifications. In an incident identifying the
attack and determining the attack structure would be essential for an organization to measure the
losses affiliated and to be protected from future anomalies. The classifications shown below in
figure 02 would assist the forensic investigators to conclude how, when, where, and why the
incident occurred and the proactive measurements that need to be in place.Further, information
has been illustrated in Appendix A.
5. International Journal of Managing Information Technology (IJMIT) Vol.7, No.4, November 2015
25
Figure 02: Computer System Attack Classification.
(Source: http://www.ee.ktu.lt/journal/2006/2/1392-1215-2006-02-66-84.pdf)
IPS (Intrusion Prevention System) is a proactive system that combines a firewall technique with
IDS [10]. It would not only detect inbound traffic but also check the outbound traffic. The system
examines various data records based on the pattern recognition sensor and if detected, blocks the
matched data records and keeps a log. According to the above mentioned authors 69% of the
enterprises use IPS to defend anomalies. IPS uses a signature technology to identify the different
network traffic.
3.3 Network Forensic Mechanisms used in an incident
As illustrated in section 3.1 network forensics is a part of digital forensics. The ultimate aim of
Computer Network Forensics (CNF) is to gather evidence that enables prosecution of a suspect
[3]. Furthermore, the duty of the law enforcement agencies to apprehend the suspect and impose
charges. However the present Network Forensic Investigation (NFI) comprises of a number of
mechanisms that assist in the investigation. It contains processes, procedures, methodologies, and
tools. Different researchers have different opinions on NFI but the methodology remains the same
with partial changes.
As per the findings there are two considerations that need to be achieved in an investigation [10].
Those are considerations limited to workstations and considerations of a workstation on a
network. Considerations limited to workstations would be applicable for the workstation on a
network. The outcomes have been categorised as policies. The findings of the above mentioned
description privacy protection of the user verses forensic investigation. For the relevance of the
6. International Journal of Managing Information Technology (IJMIT) Vol.7, No.4, November 2015
26
research the author would only discuss the perspectives that are important for NFI. Presented
below are the policies of the investigator's perspective:
• Build duplicate copies of the hard disk;
• Define a scope of the investigation meeting the goals of the examination;
• Acquire tokens of the packets transferred over the IP address;
• Secure the transaction logs;
• Secure event logs of the external nodes;
• Getting educated with the policies of the organization for specific action item;
• Secure backup data relevant to an investigation;
• Dispose data gathered securely.
More information has been illustrated in Appendix B.
A framework that assists in an investigation has been discussed. The framework contains a multi-
tier approach to guide the investigation. As per the authors the framework combines and
improves both the theoretical and practical aspects of digital investigation. Furthermore, the
usability and the acceptability of the framework has been mentioned. To achieve those two
components, the framework needs to incorporate phases, sub-phases, principles, and objectives.
The authors mentioned above describe phases and sub-phases as steps which separate one another
and are repeatable. The Principles are procedures that overlap with some or all phases and sub-
phases. Objects are the goals of a process. Figure 03 illustrates a generic model of the framework
that was developed. As per figure 03 there are a number of phases associated with the framework.
Sub-phases can be seen inside a phase which indicates tasks of the investigation [11].
Figure 03: Generic Model of the framework
(Source: Beebe and Clark., 2005)
Data analysis sub phases to demonstrate as a framework. A data analysis sub phase could be
derived as first and second tier phases. Figure 04 illustrates the first tier of the data analysis sub
phase. It contains preparation, incident response, data collection, data analysis, findings, and
incident closure.There are different responsibilities in different phases in the illustration of the
data analysis done. Shown below are those responsibilities:
• Preparation;
• Incident Response;
• Data Collection;
7. International Journal of Managing Information Technology (IJMIT) Vol.7, No.4, November 2015
27
• Data Analysis;
• Presenting the Findings;
• Incident Closure.
Figure 04: First-tier phase of the framework
(Source: Beebe and Clark., 2005)
Preparation is an important phase that needs better planning. Better planning improves the
quality and availability of the evidence gathered minimizing costs affiliated with the
investigation. Incident response consists of detection and pre-investigation response to an
incident. Data and information collection which would assist in the response strategy could be
positioned at the data collection in figure 04. Data analysis has been defined as a complex and
time consuming phase. The data collected would be surveyed, extracted, and reconstructed during
the data analysis. Findings would be evaluated repeatedly by the Data Collection, Data Analysis
and Findings Presentation steps until a final outcome is reached. Communicating the findings to
the management, technical personnel, legal personnel, and law enforcement would be the
associated with the presentation of findings. The closure is important for almost all the
stakeholders equally. It contains not only closure of the investigation but in preserving the
knowledge gathered.
3.4Baseline guides used to formulate a set of guidelines
As illustrated above the outcome of the NFI is to construct evidences for the purpose of
presenting it to the required personnels. Construction of the evidence, enables the appropriate
entity to learn about the anomaly as well as in succeeding in decision making to either in the
perspective of law or in the perspective of the organization.
According to figure 05, a framework needs to be implemented in an organization which consist a
number of policies, procedures, practices, mechanisms, and awareness which bridge the goals of
the systems.
8. International Journal of Managing Information Technology (IJMIT) Vol.7, No.4, November 2015
28
Figure 05: Embedding digital forensics framework into an organization
(Source: http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.119.846&rep=rep1&type=pdf)
Development of a framework would not only assist in a NFI but in increasing the effects of
network security. The framework would assist in gathering evidence as well as in providing a
base to the security awareness of the organization [2]. As a result of the policies created with
procedures and practices with mechanisms enables in spreading awareness about information
sources throughout the organization to build network forensic ready environment. Audit feedback
would contribute in evaluating whether the end outcome meets the organizational expectations of
implementing the systems.
Furthermore, a life cycle which would assist in developing the framework mentioned [2].
Network Forensics Development Life Cycle (NFDLC) is based on the Information Systems
Development Life Cycle (ISDLC). The NFDLC has been shown in the figure 06. There are five
phases that need to be accomplish gain the benefit of NFDLC. Those are as initiation, acquisition
or development, implementation, operation or maintenance, and disposition. In the initiation
phase determining the aspects of the network for Digital Forensic Protection (DFP) would be
evaluated. Acquisition or development would contain rules of evidence in a system developing a
baseline test, performing verifications, and calibration of the test would be associated with the
implementation phase. Operation or maintenance phase would cover the conduct of verification
and the measurements taken based on audits. Evidence preservation and a discard mechanism
would be covered under the disposition procedure. Additionally the above mentioned authors
have discussed mechanisms that would assist in developing the phases of NFDLC. Risk
assessment, checklists, calibration of tests, audits, and chain of custody would assist the five
procedures mentioned above subsequently after the initiation procedure.
9. International Journal of Managing Information Technology (IJMIT) Vol.7, No.4, November 2015
29
Figure 06: Network Forensic Development Life Cycle
(Source:http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.119.846&rep=rep1&type=pdf >)
An enhanced cycle that assists gathering evidence before an incident [3]. The cycle has been
shown in the figure 07. The stages of the cycle are as start of data gathering before an incident,
attack underway situation, analysis stage, and completion of the investigation. As mentioned
before data gathering would be in process when an attack occurs. It would be more beneficial in
the analysis stage rather than performing data mining after the attack. Present network monitoring
tools enable in detecting anomalies based on the data gathered and in alerting the authorities
while an attack is occurring rather than being discovered about an incident. The model which was
discussed gives competitive advantage of the initial stage of an attack. It would enhance the
accuracy and the efficiency of the investigation.
Figure 07: Enhance Network Forensic Cycle
(Source: http://home.eng.iastate.edu/~guan/course/backup/CprE-536-Fall-
2004/paperreadinglist/manzano_ieee2001-westpoint.pdf)
10. International Journal of Managing Information Technology (IJMIT) Vol.7, No.4, November 2015
30
Illustrate about retaining information that has been gathered [3]. The logs that have been gathered
from devices are the key of an investigation. The logs would assist the investigators in rebuilding
the scenario and in providing essential points to establish a potential case. Planning the response
is a key factor that the authors have discussed. The plan contains in establishing a forensic team,
an intrusion response procedure, and a formalizing investigation procedure. A CNF team should
contain members of upper management, human resource, technical staff, and outside members.
Furthermore, a balanced network forensic team containing the above mentioned members would
cover aspects that are crucial not only in an investigation but in the daily work that needs to be
done. In an incident a step by step guideline is necessary for the employees to follow. It has been
covered in the intrusion response procedure. In an incident a minor mistake could remove the
evidence. It would be time consuming as well as not recoverable occasionally. Through
formalizing the investigation procedure would assist investigators in obtaining necessary
information without been misplaced of damaged by an employee. Performing disk images of the
affected, chopping logs, and limiting access to the affected system would be the activities that
would be performed in the above mentioned procedure. Training the response and investigation
teams would enable in gaining advantage of an analysis of a case [3].
Certifications such as ISO/IEC 27001 would assist in ensuring the CIA of the information in an
organization. The certification assists an organization to build a Plan-Do-Check-Act (PDCA)
which enhances the network forensic cycle. The ISO standard would evaluate risks of security
breaches, the impact of security breaches, reactivity measurements towards legal action, and
international acceptance. It would not only be beneficial towards protecting vital information it
also gives a high credibility for the stakeholders. The ISO standard would look into topology,
processes, procedure, policies, and the tool used by the organization and would support the
organization to meet the industry accepted standardized method [12].
4.0 Discussion of Findings
Network security issues and attack, Network forensic mechanisms used in an incident has been
analysed in the above sections. The outcome of this analysis is to further discuss to draw
conclusions and recommendations as given below.
4.1Formulate a set of guidelines
It would not be possible in implementing a set of guidelines without the knowledge of the
policies, procedures, processes, mechanisms, tools, and standard of the management entities and
the technical entities. This research would be enhancing network security with the use of network
forensics in order to take counter measures to an attack. A set of guidelines would be discussed as
shown below.
As discussed in the subsection3.4implementation of embedding digital forensic framework
enables in building a set of policies, procedures, practices, mechanisms, and awareness. This
framework would enable in performing preparation, incident response, data collection, data
analysis, presenting the findings, and incident closure.
In order to be successfully implemented the framework, NFDLC is necessary. It has been
discussed in the subsection 3.3. NFDLC consists of a number of entities comprising initiation,
11. International Journal of Managing Information Technology (IJMIT) Vol.7, No.4, November 2015
31
acquisition/development, implementation, operations/maintenance, and. The life cycle would
enable in developing an enhanced network forensic cycle as discussed which would assist in
gathering evidence as studied.
IPS system is a proactive system with artificial intelligence to capture known anomalies. It has
been discussed in the subsection 3.2. The system would assist in delaying any intrusion that
would be passing through to access the internal network. It would not only delay the intrusion but
in logging the evidences and alerting the authorized would be additional components affiliated
with IPS. The traffic that would be passing through would be examined using pre-built algorithm
called signatures.
Certifications such as ISO/IEC 27001 would assist in ensuring the CIA of the information in an
organization. The certification would assist an organization to build a PDCA which would assist
the enhances network forensic cycle. Risks of security breaches, the impact of security breaches,
reactivity measurements towards legal action, and international acceptance would be evaluated by
the ISO standard. It would not only be beneficial towards protecting vital information it also gives
a high credibility for the stakeholders. The ISO standard would look into topology, processes,
procedure, policies, and the tool used by the organization and would advise in developing the
organization in meeting the industry accepted standardized method.
4.2 Benefit of associating Network Forensic Mechanisms to Network Security
4R strategy could be implemented in managing a network. It has been shown in table 01. As
explained resistance would prevent an attack, recognition would detect and react to an intrusion,
recovery would deliver services and to restore the services, and redress would bring the
responsible in a court of law.
Table 01: 4R Strategies
(Source:http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.119.846&rep=rep1&type=pdf)
The 4R strategy would be beneficial in enhancing network security with network forensic
mechanisms in establishing network forensic readiness. Tools that could be used with the
12. International Journal of Managing Information Technology (IJMIT) Vol.7, No.4, November 2015
32
strategies have been illustrated in table 02. The strategy enables a network to be robust, accurate,
efficient, effective, and ready to defend against an anomaly.
5.0 Conclusion
Based on the discussed, and the findings, legacy network security is obsoleting around the globe
and most of the organizations are in search of a number of enhanced solutions to defend against
anomalies. This research would assist managers, technical officers, and other researchers gain
knowledge in converting an organization in a secure environment with less concern regarding
intruders.
The author has indicated that Embedding Digital Forensics Framework, Network Forensic
Development Life Cycle, Enhanced Network Forensic Cycle are a number of portfolios which
would assist in developing a secure network. Through the above mentioned strategy an
organization would be able to achieve the 4R Strategies. Tools such as IPS, honeypots, network
management tools, firewalls would assist in achieving the 4R strategy. Furthermore the author
discusses that the methodologies that would be used should comply with the industry
recommendations, such as ISO/IEC 27001.
ACKNOWLEDGEMENT
My sincere thanks goes to the staff members of Sri Lanka Institute of Information Technology
Computing (Pvt) Ltd as well as all the authors whom I have referred in this research paper.
Without their contribution to the field would have not been possible to be successful in this
research. At the same time I would like to thank University of Wolverhampton, UK in assisting
me compose this paper.
REFERENCES
[1] Riordan, B. (2012) IT Security. Lecture 01: Security Trends and IT Security Losses
[online].Available at <http://wolf.wlv.ac.uk>[Accessed 19 November 2012].
[2] Popovsky, B.E., Frincke, D.A., Taylor,C. A., (2007) A Theoretical Framework for Organizational
Network Forensic Readiness. Journal of Computers, 2 (3), pp. 1 –11.<Available
:http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.119.846&rep=rep1&type=pdf >[Accessed
10 November 2015].
[3] Yasinsac, A., Manzano, Y. (2001) Policies to Enhance Computer and Network Forensics: Workshop
on Information Assurance and Security Proceedings of the 2001 IEEE . United States Military
Academy, West Point 5-6 June.NY. pp. 289 –
295.<Available:http://home.eng.iastate.edu/~guan/course/backup/CprE-536-Fall-
2004/paperreadinglist/manzano_ieee2001-westpoint.pdf >[Accessed : 10 November 2015]
[4] Rowlingson, R., and QinetiQ (2004) A Ten Step Process for Forensic Readiness. International Journal
of Digital Evidence. 2 (3) pp. 1 – 28. <Available: http://www. ijde.org >[Accessed 28 November
2012]
[5] Garfinkel, S.L. (2010) Digital forensics research: The next 10 years, Journal of Digital Investigation,
pp. S64– S73.
[6] Buchanan, W. (2011), Introduction to Security and Network Forensics, CRC Press.
[7] Mukkamala, S., Sung, A.H. (2003) Identifying Significant Features for Network Forensic Analysis
Using Artificial Intelligent Techniques. International Journal of Digital Evidence [online]. 1 (4) pp. 1
13. International Journal of Managing Information Technology (IJMIT) Vol.7, No.4, November 2015
33
– 17. <Available: https://www.utica.edu/academic/institutes/ecii/publications/articles/A04CCCB9-
D778-B3D4-3C9A98DB4B0F99D1.pdf>[Accessed 10 November 2015].
[8] Paulauskas, N., Garsva,E. (2006) Computer System Attack Classification. Electronics and Electrical
Engineering [online]. Vilnius Gediminas Technical University, Lithuania 2 (66) pp. 84– 87. Available
at : <http://www.ee.ktu.lt/journal/2006/2/1392-1215-2006-02-66-84.pdf>[Accessed 10 November
2015].
[9] Stiawan, D., Abdullah, A.H., Idris, M.Y. (2010) The Prevention Threat Behaviour-based Signature
using Pitcher Flow Architecture. International Journal of Computer Science and Network Security
[online]. UniversitiTeknology, Malaysia 10 (40) pp. 289 – 294.
<Available:http://eprints.unsri.ac.id/77/1/Journal_IJCSNS_edit_utm.pdf>[Accessed 10 December
2012]
[10] Srinivasan, S. (2007) Security and Privacy vs. Computer Forensics Capabilities. Journal of ISACA. ,
pp. 1 – 2.
[11] Beebe, N.L., Clark, J.G. (2005) A Hierarchical, Objectives-Based Framework for the Digital
Investigations Process, Journal of Digital Investigation, 2 (2), pp. 146 – 166.
[12] Lambo, T. (2006) ISO/IEC 27001: The future of inforsec certification. Journal of ISSA, pp. 44–45.
[13] Internet Crime Complaint centre (2011) Internet Crime Report [online]. United States: Internet Crime
Complaint centre. <Available:https://www.ic3.gov/default.aspx>[Accessed 20 January 2013].
Author
I am a Lecturer / Network Engineer with over 08 years of hands on experience who
worked for Millennium Information Technologies, a subsidiary of the London Stock
Exchange as well as a lecturer in SLIIT Computing (Pvt) Ltd which is a leading private
university in Sri Lanka. I have been involved in many critical projects primarily in Sri
Lanka, United Kingdom, and the Maldives. I have also acquired a bachelors and a
masters degree with a number of professional examinations as well as being a
Toastmaster with Competent Communication Status.
APPENDIX A: Network Security Issues and Attacks
Defence Advanced Research Project Agency (DARPA) findings:
Probing
Through probing the intruder would be able to scan a set of computers to gather
information to build a network map as well as to identify the services available and to
find known vulnerabilities for an exploit. Ipsweep, MScan, Nmap, Saint, Satan are a
number of scan activities that could be seen commonly in a network.
Denial of Service Attack
DOS is an attack by an intruder in order to interrupt the services of either computers or
any other device that uses memory by intensifying the usage of resource through a
legitimate or unauthorized service attack. Apache2, Back, Land, Mail bomb, SYN Flood,
Ping of death, Process table, Smurf, Syslog, Teardrop, and Udstorm are a number of DOS
attacks that could be seen commonly in an organization.
U2SU
U2SU is an exploit done by an intruder in a system to gain a higher privilege level.
Gaining root access would be the prime goal towards a disruption. Firstly the intruder
would obtain a normal user account and would be manoeuvring towards the root level by
14. International Journal of Managing Information Technology (IJMIT) Vol.7, No.4, November 2015
34
exploiting the vulnerabilities in the system. Eject, Ffbconfig, Fdformat, Loadmodule,
Perl, Ps, and Xterm are a number of commonly seen attacks in this category.
R2L
R2L is a commonly seen attack in a network where the intruder gains access to a user
machine which he is not privileged to access. After gaining access the intruder would use
the machine for malicious act in a network. Dictionary, FTP_write, Guest, Imap, Named,
Phf, Sendmail, Xlock, and Xsnoop would be a number of commonly seen attacks in this
category.
For the benefit of the reader the author would explain the activities through an example as
shown below:
Brief explanation of the system attack
A number of confidential reports were leaked from an organization.
Possible point of leakage
A breach on the Chief Executive Officer’s (CEO) electronic mail.
Attack performed by the intruder
I. Probing and scanning the network
II. Identifying a list of devices, services, and types of operating systems
III. Making a map of the network
IV. Distinguish the attack methodology
V. Initialize a user account for the devices
VI. Performing the attack
The intruder would be probing and scanning a network in order to identify the devices
and the services in the organization. Through the above mentioned activity the intruder
would be able to recognize and gather information such as device types and operating
systems affiliated with the devices. It has been shown in the attack objective, effect type,
and ISO/OSI model level in the figure 02. Secondly the intruder would be able to identify
a map of devices in the network and segregate a pathway for the intrusion. It has been
shown in the type of operating system and location of attack subject in the figure 02. The
intruder would gain local access to the devices through a normal user and manoeuvre to a
super user. It has been shown in the type of object location, attacked services, attack
concentration, and feedback in figure 02. The intruder would be taking passive
measurements till initializing the attack. It has been shown in attack execution initial
conditions, by impact, attack automation, attack source, and the connection quality.
APPENDIX B: Network Forensic Investigation Mechnisms used in an Incident
The findings of Srinivasan (2007):
• Build duplicate copies of the hard disk
Important evidence needs to be stored with a hash signature in the ownership of the
possessor. The duplicate copies needs to be with the investigators where one copy
of left unchanged for the purpose of building new copies and the other to perform
investigations.
15. International Journal of Managing Information Technology (IJMIT) Vol.7, No.4, November 2015
35
• Define a scope of the investigation meeting the goals of the examination
Information that is not relevant to the investigation should not be associated with
the search of evidence. Decryption of sensitive information related to other
organizations and individuals should not be examined which would violate the
privacy right. The court would not accept data gathered by unauthorized mean.
• Acquire tokens of the packets transferred over the IP address
Hashed information of the tokens such as sender/receiver would be essential in
protecting the user privacy right. In case of an intruder the token would be
classified as unknown.
• Secure the transaction logs
Logs that were created relevant to a particular network status would be critical
information for the investigators. If the information been corrupted it would not be
possible in recreating the scenario.
• Secure event logs of the external nodes
If the intrusion occurs from outside the organization the logs that are created would
be vital information for the investigators. As specified in the above bullet point if
the information been corrupted it would not be possible in recreating them.
• Getting educated with the policies of the organization for specific action item
The policy implementation and the action taken should match in terms of an
intrusion. Policies and action taken should not violate the privacy right. The
investigators need to be educated if the policies do match with consistent action
taken.
• Secure backup data relevant to an investigation
Information that is in backup storages would be at high risk in an intrusion. An
intruder could retrieve information from backup storages violating privacy rights.
• Dispose data gathered securely
Data gathered in an investigation would be in a format that would indicate various
relationships. This information would assist in developing the scenario if placed on
the wrong hands.
Data analysis phases:
Preparation
• Measure risk considering vulnerabilities;
• Build an information preservation plan;
• Build an Incident Response Plan;
• Build technical capabilities;
• Educate personnel;
• Gather information about the hosts and the network devices;
• Build a framework to secure the evidence gathered;
• Build a legal activity plan.
Incident Response
• Detect the anomaly;
• Report the anomaly to the authorities;
• Verify the incident;
• Document the damage and review the logs and network topologies;
16. International Journal of Managing Information Technology (IJMIT) Vol.7, No.4, November 2015
36
• Build strategies regarding the spread of the intrusion, damage, recovery, and
investigation regarding the business, technical, political, legal, and other aspects;
• Coordinating with management, legal, human, and law enforcements;
• Build the investigation plan for data collection and analysis.
Data Collection
• Build a plan to obtain data from the incident response;
• Obtain evidence from applicable sources in the network;
• Acquire evidence from the applicable sources of hosts
• Acquire evidence from the applicable sources of removable media;
• Install network monitoring tools;
• Certify the integrity and authenticity of the digital evidence;
• Build a plan to package, transport, and store the evidence.
Data Analysis
• Manage the collect information relevant to the incident from the collected data;
• Assign personals based on the individual skill levels to recognize the evidence as
a data survey process;
• Build a data extraction technique;
• Build a report through an examination, analysis, and event reconstruction.
Presenting the Findings
• Reconstruct the findings of the data analysis.
Incident Closure
• Critical review of the investigation to identify the lessons learned;
• Manage and build an appropriate evidence disposable plan;
• Secure the information related to the incident.