Petr Hanáček - Academia.edu (original) (raw)

Papers by Petr Hanáček

Information Security Applications, 2017

IEEE Access

ICT security in the banking area is going through rapid changes. It is ten years since we covered... more ICT security in the banking area is going through rapid changes. It is ten years since we covered the state of e-banking security, and both authentication schemes and legislation has evolved. With the Payment Services Directive (PSD2) for European Union coming into force, we believe it is a good time to update our findings. PSD2 brings new requirements for multi-factor authentication, thus it is necessary to revise compliance of currently used schemes. This work's main contribution is an overview of current authentication methods, their properties with respect to international standards, and their resistance against attacks. We further discuss the multi-factor authentication schemes composed of those methods and their compliance with the PSD2 requirements. In order to present the overview, we introduced the e-banking attacks taxonomy, which is compatible with authenticator threats from NIST Digital Identity Guidelines but has an increased level of detail with respect to the e-banking area. The available sources in this area are usually either very broad, targeted on the business executive, or focus on one particular issue or attack in greater detail. We believe our article can bridge such diverse sources by providing a comprehensive and complex tool to help with orientation in the area.

In this paper, we discuss privacy issues in modern networks for Internet of Things. We focus on a... more In this paper, we discuss privacy issues in modern networks for Internet of Things. We focus on anonymization of both devices and users in the context of both IP and non-IP networks. We take a closer look on two current non-IP technologies -- LoRaWan and ZigBee. Those represent two distinct groups of Internet of Things (IoT) networks -- Low Power WANs covering large areas and providing connectivity as a service, and Wireless PANs following traditional scheme with a local network interconnecting IoT devices. For both IP and non-IP networks we analyze possible approaches to preserve privacy of connected devices and identify open problems for future investigation. We propose strategies for ensuring privacy for IoT devices in IP, LPWAN and PAN networks based on their specific features and analyze possible problems of suggested strategies.

In this paper we propose a method for the extraction of data from network flow and a contextual s... more In this paper we propose a method for the extraction of data from network flow and a contextual separation of partial connections using a set of network metrics that create a signature defining the connection behavior. We begin with the definition of the input dataset of captured communication and the process of extraction metrics from separated connections. Then we define the set of metrics included in the final behavioral signature. The second part of the article describes experiments performed with a stateof-the-art set of network metrics with comparison to our proposed experimental set. The paper concludes with the results of our experiments.

International Journal of Engineering and Technology, 2013

In this paper we introduce the second generation of the experimental detection framework of AIPS ... more In this paper we introduce the second generation of the experimental detection framework of AIPS system which is used for experimentation with detection models and with their combinations. Our research aims mainly on detection of attacks that abuse vulnerabilities of buffer overflow type, but the final goal is to extend detection techniques to cover various types of vulnerabilities. This article describes the concept of detection framework, updated set of network metrics, provides a design of model architecture and shows an experimental results with draft of framework on the set of laboratory simulated attacks.

2014 International Carnahan Conference on Security Technology (ICCST), 2014

ABSTRACT The purpose of this article is to describe characteristics of obfuscated network buffer ... more ABSTRACT The purpose of this article is to describe characteristics of obfuscated network buffer overflow attacks in contrast with characteristics of directly simulated attacks. The obfuscation was performed by tunneling of malicious traffic in HTTP and HTTPS protocols. These protocols wrap a malicious communication between an attacker situated outside of an intranet and a callback located inside of an intranet. The detection analysis which we perform is based on features extraction from network packets dumps and it employs a behavioral and statistical analysis of communications' progress in time and packet index domain. There were performed experiments in four scenarios simulating traffic shaping, traffic policing and transmission on unreliable network channel to make properties of direct attacks and obfuscated attacks as various as possible. Next part of this article is comparison of obfuscated and direct attacks classification by our previously designed ASNM network features with state-of-the-art features set of A. Moore, both representing statistical and behavioral based experimental academic kernels for NBA. Presented results show better classification accuracy of ASNM features in all kinds of experiments.

ICST Transactions on Security and Safety

Machine-learning based intrusion detection classifiers are able to detect unknown attacks, but at... more Machine-learning based intrusion detection classifiers are able to detect unknown attacks, but at the same time they may be susceptible to evasion by obfuscation techniques. An adversary intruder which possesses a crucial knowledge about a protection system can easily bypass the detection module. The main objective of our work is to improve the performance capabilities of intrusion detection classifiers against such adversaries. To this end, we firstly propose several obfuscation techniques of remote attacks that are based on the modification of various properties of network connections; then we conduct a set of comprehensive experiments to evaluate the effectiveness of intrusion detection classifiers against obfuscated attacks. We instantiate our approach by means of a tool, based on NetEm and Metasploit, which implements our obfuscation operators on any TCP communication. This allows us to generate modified network traffic for machine learning experiments employing features for assessing network statistics and behavior of TCP connections. We perform evaluation on five classifiers: Gaussian Naïve Bayes, Gaussian Naïve Bayes with kernel density estimation, Logistic Regression, Decision Tree, and Support Vector Machines. Our experiments confirm the assumption that it is possible to evade the intrusion detection capability of all classifiers trained without prior knowledge about obfuscated attacks, causing an exacerbation of the TPR ranging from 7.8% to 66.8%. Further, when widening the training knowledge of the classifiers by a subset of obfuscated attacks, we achieve a significant improvement of the TPR by 4.21%-73.3%, while the FPR is deteriorated only slightly (0.1%-1.48%). Finally, we test the capability of an obfuscations-aware classifier to detect unknown obfuscated attacks, where we achieve over 90% detection rate on average for most of the obfuscations.

This paper deals with methods and approaches of heterogeneous modelling and its application in ri... more This paper deals with methods and approaches of heterogeneous modelling and its application in risk analysis and modelling. Risk analysis is one of many tools for security improvement. The main idea of that is based on analysis of gathered information about observed company and following searching for some group of countermeasures which can reduce a risk. We start this paper by describing modern aspects of heterogeneity in computer modelling and we continue with an overview of risk analysis in heterogeneous manner.

Lecture Notes in Computer Science, 1998

Datenschutz und Datensicherheit - DuD, 2010

doi.ieeecomputersociety.org

Imad Abbadi, A&N Media, United Kingdom Sheikh Iqbal Ahamed, Marquette University - Milwaukee USA ... more Imad Abbadi, A&N Media, United Kingdom Sheikh Iqbal Ahamed, Marquette University - Milwaukee USA Hasan Ibne Akram, Technische Universität München, Germany Nuno Amálio, University of Luxembourg, Luxembourg Stamatios Arkoulis, National Technical University of Athens, Greece Ioannis Askoxylakis, FORTH-ICS/Heraklion, Greece Benjamin Aziz, e-Science Centre / Rutherford Appleton Laboratory, United Kingdom Catalin V. Birjoveanu, "Al.I.Cuza" University of Iasi, Romania Wolfgang Boehmer, Darmstadt University of Technology (TUD), Germany Jeremy Briffaut, ...

The purpose of this article is to describe characteristics of obfuscated network buffer overflow ... more The purpose of this article is to describe characteristics of obfuscated network buffer overflow attacks in contrast with characteristics of directly simulated attacks. The obfuscation was performed by tunneling of malicious traffic in HTTP and HTTPS protocols. These protocols wrap a malicious communication between an attacker situated outside of an intranet and a callback located inside of an intranet. The detection analysis which we perform is based on features extraction from network packets dumps and it employs a behavioral and statistical analysis of communications' progress in time and packet index domain. There were performed experiments in four scenarios simulating traffic shaping, traffic policing and transmission on unreliable network channel to make properties of direct attacks and ob-fuscated attacks as various as possible. Next part of this article is comparison of obfuscated and direct attacks classification by our previously designed ASNM network features with state-of-the-art features set of A. Moore, both representing statistical and behavioral based experimental academic kernels for NBA. Presented results show better classification accuracy of ASNM features in all kinds of experiments.

In this paper we propose a method for extraction of data from network flow and a contextual separ... more In this paper we propose a method for extraction of data from network flow and a contextual separation of partial connections using a set of network metrics that create a signature defining the connection behavior. We begin with the definition of the input dataset of captured communication and the process of extraction metrics from separated connections. Then we define the set of metrics included in the final behavioral signature. Second part of the article describes experiments performed with the state-of-the-art set of network metrics with comparison to our proposed experimental set. The paper concludes with results of experiments.

This paper* will introduce the technology of wireless sensor networks with a special focus on its... more This paper* will introduce the technology of wireless sensor networks with a special focus on its security issues.
This relatively young technology started to evolve together with the advance in miniaturization of electronic
devices, decreasing costs and general spread of wireless communication. Data sensed by the miniature devices in
a target area (e.g., temperature, pressure, movement) are locally processed and then transmitted to end user who
obtains the possibility to continuously monitor target environment. The usage of the technology starts from
medical monitoring of the patients over agriculture and industrial monitoring or early warning emergency
systems, ending with uses for military purposes as well – that is where the technology originally started. We will
cover the issue of design of a key distribution and establishment protocols secure against the partial network
compromise in more details. Special focus will be given to possibility for its automated generation of protocols
for particular network scenario. Opposite direction will be covered as well – automated search for attacker's. We
will also cover possibility to introduce low-cost tamper resistant hardware to sensor nodes without increasing the
node cost and battery consumption significantly – the scenario usually not assumed in current research papers in
the field.

Communications in Computer and Information Science, 2009

This paper is devoted to accelerometer based image stabilization for video based security surveil... more This paper is devoted to accelerometer based image stabilization for video based security surveillance systems. At the beginning an introduction to the image stabilization is presented. Short description of the actual state of common algorithms for image stabilization follows, including our solution with some partial optimizations. At the end, we present a suitable hardware platform having a built-in accelerometer, which

Communications in Computer and Information Science, 2009

We proposed modification of Collection Tree Protocol suitable for wireless sensors with tamper re... more We proposed modification of Collection Tree Protocol suitable for wireless sensors with tamper resistant module. This platform provides better security, however ordinary protocols cannot utilize its features. Our goal was to offer secure routing protocol with similar behavior and efficiency to the original protocol. Both protocols were simulated to prove that adding security to protocols does not necessarily lead to

In this paper we introduce the second generation of the experimental detection framework of AIPS ... more In this paper we introduce the second generation of the experimental detection framework of AIPS system which is used for experimentation with detection models and with their combinations. Our research aims mainly on detection of attacks that abuse vulnerabilities of buffer overflow type, but the final goal is to extend detection techniques to cover
various types of vulnerabilities. This article describes the
concept of detection framework, updated set of network metrics, provides a design of model architecture and shows an experimental results with draft of framework on the set of
laboratory simulated attacks.

Information Security Applications, 2017

IEEE Access

ICT security in the banking area is going through rapid changes. It is ten years since we covered... more ICT security in the banking area is going through rapid changes. It is ten years since we covered the state of e-banking security, and both authentication schemes and legislation has evolved. With the Payment Services Directive (PSD2) for European Union coming into force, we believe it is a good time to update our findings. PSD2 brings new requirements for multi-factor authentication, thus it is necessary to revise compliance of currently used schemes. This work's main contribution is an overview of current authentication methods, their properties with respect to international standards, and their resistance against attacks. We further discuss the multi-factor authentication schemes composed of those methods and their compliance with the PSD2 requirements. In order to present the overview, we introduced the e-banking attacks taxonomy, which is compatible with authenticator threats from NIST Digital Identity Guidelines but has an increased level of detail with respect to the e-banking area. The available sources in this area are usually either very broad, targeted on the business executive, or focus on one particular issue or attack in greater detail. We believe our article can bridge such diverse sources by providing a comprehensive and complex tool to help with orientation in the area.

In this paper, we discuss privacy issues in modern networks for Internet of Things. We focus on a... more In this paper, we discuss privacy issues in modern networks for Internet of Things. We focus on anonymization of both devices and users in the context of both IP and non-IP networks. We take a closer look on two current non-IP technologies -- LoRaWan and ZigBee. Those represent two distinct groups of Internet of Things (IoT) networks -- Low Power WANs covering large areas and providing connectivity as a service, and Wireless PANs following traditional scheme with a local network interconnecting IoT devices. For both IP and non-IP networks we analyze possible approaches to preserve privacy of connected devices and identify open problems for future investigation. We propose strategies for ensuring privacy for IoT devices in IP, LPWAN and PAN networks based on their specific features and analyze possible problems of suggested strategies.

In this paper we propose a method for the extraction of data from network flow and a contextual s... more In this paper we propose a method for the extraction of data from network flow and a contextual separation of partial connections using a set of network metrics that create a signature defining the connection behavior. We begin with the definition of the input dataset of captured communication and the process of extraction metrics from separated connections. Then we define the set of metrics included in the final behavioral signature. The second part of the article describes experiments performed with a stateof-the-art set of network metrics with comparison to our proposed experimental set. The paper concludes with the results of our experiments.

International Journal of Engineering and Technology, 2013

In this paper we introduce the second generation of the experimental detection framework of AIPS ... more In this paper we introduce the second generation of the experimental detection framework of AIPS system which is used for experimentation with detection models and with their combinations. Our research aims mainly on detection of attacks that abuse vulnerabilities of buffer overflow type, but the final goal is to extend detection techniques to cover various types of vulnerabilities. This article describes the concept of detection framework, updated set of network metrics, provides a design of model architecture and shows an experimental results with draft of framework on the set of laboratory simulated attacks.

2014 International Carnahan Conference on Security Technology (ICCST), 2014

ABSTRACT The purpose of this article is to describe characteristics of obfuscated network buffer ... more ABSTRACT The purpose of this article is to describe characteristics of obfuscated network buffer overflow attacks in contrast with characteristics of directly simulated attacks. The obfuscation was performed by tunneling of malicious traffic in HTTP and HTTPS protocols. These protocols wrap a malicious communication between an attacker situated outside of an intranet and a callback located inside of an intranet. The detection analysis which we perform is based on features extraction from network packets dumps and it employs a behavioral and statistical analysis of communications' progress in time and packet index domain. There were performed experiments in four scenarios simulating traffic shaping, traffic policing and transmission on unreliable network channel to make properties of direct attacks and obfuscated attacks as various as possible. Next part of this article is comparison of obfuscated and direct attacks classification by our previously designed ASNM network features with state-of-the-art features set of A. Moore, both representing statistical and behavioral based experimental academic kernels for NBA. Presented results show better classification accuracy of ASNM features in all kinds of experiments.

ICST Transactions on Security and Safety

Machine-learning based intrusion detection classifiers are able to detect unknown attacks, but at... more Machine-learning based intrusion detection classifiers are able to detect unknown attacks, but at the same time they may be susceptible to evasion by obfuscation techniques. An adversary intruder which possesses a crucial knowledge about a protection system can easily bypass the detection module. The main objective of our work is to improve the performance capabilities of intrusion detection classifiers against such adversaries. To this end, we firstly propose several obfuscation techniques of remote attacks that are based on the modification of various properties of network connections; then we conduct a set of comprehensive experiments to evaluate the effectiveness of intrusion detection classifiers against obfuscated attacks. We instantiate our approach by means of a tool, based on NetEm and Metasploit, which implements our obfuscation operators on any TCP communication. This allows us to generate modified network traffic for machine learning experiments employing features for assessing network statistics and behavior of TCP connections. We perform evaluation on five classifiers: Gaussian Naïve Bayes, Gaussian Naïve Bayes with kernel density estimation, Logistic Regression, Decision Tree, and Support Vector Machines. Our experiments confirm the assumption that it is possible to evade the intrusion detection capability of all classifiers trained without prior knowledge about obfuscated attacks, causing an exacerbation of the TPR ranging from 7.8% to 66.8%. Further, when widening the training knowledge of the classifiers by a subset of obfuscated attacks, we achieve a significant improvement of the TPR by 4.21%-73.3%, while the FPR is deteriorated only slightly (0.1%-1.48%). Finally, we test the capability of an obfuscations-aware classifier to detect unknown obfuscated attacks, where we achieve over 90% detection rate on average for most of the obfuscations.

This paper deals with methods and approaches of heterogeneous modelling and its application in ri... more This paper deals with methods and approaches of heterogeneous modelling and its application in risk analysis and modelling. Risk analysis is one of many tools for security improvement. The main idea of that is based on analysis of gathered information about observed company and following searching for some group of countermeasures which can reduce a risk. We start this paper by describing modern aspects of heterogeneity in computer modelling and we continue with an overview of risk analysis in heterogeneous manner.

Lecture Notes in Computer Science, 1998

Datenschutz und Datensicherheit - DuD, 2010

doi.ieeecomputersociety.org

Imad Abbadi, A&N Media, United Kingdom Sheikh Iqbal Ahamed, Marquette University - Milwaukee USA ... more Imad Abbadi, A&N Media, United Kingdom Sheikh Iqbal Ahamed, Marquette University - Milwaukee USA Hasan Ibne Akram, Technische Universität München, Germany Nuno Amálio, University of Luxembourg, Luxembourg Stamatios Arkoulis, National Technical University of Athens, Greece Ioannis Askoxylakis, FORTH-ICS/Heraklion, Greece Benjamin Aziz, e-Science Centre / Rutherford Appleton Laboratory, United Kingdom Catalin V. Birjoveanu, "Al.I.Cuza" University of Iasi, Romania Wolfgang Boehmer, Darmstadt University of Technology (TUD), Germany Jeremy Briffaut, ...

The purpose of this article is to describe characteristics of obfuscated network buffer overflow ... more The purpose of this article is to describe characteristics of obfuscated network buffer overflow attacks in contrast with characteristics of directly simulated attacks. The obfuscation was performed by tunneling of malicious traffic in HTTP and HTTPS protocols. These protocols wrap a malicious communication between an attacker situated outside of an intranet and a callback located inside of an intranet. The detection analysis which we perform is based on features extraction from network packets dumps and it employs a behavioral and statistical analysis of communications' progress in time and packet index domain. There were performed experiments in four scenarios simulating traffic shaping, traffic policing and transmission on unreliable network channel to make properties of direct attacks and ob-fuscated attacks as various as possible. Next part of this article is comparison of obfuscated and direct attacks classification by our previously designed ASNM network features with state-of-the-art features set of A. Moore, both representing statistical and behavioral based experimental academic kernels for NBA. Presented results show better classification accuracy of ASNM features in all kinds of experiments.

In this paper we propose a method for extraction of data from network flow and a contextual separ... more In this paper we propose a method for extraction of data from network flow and a contextual separation of partial connections using a set of network metrics that create a signature defining the connection behavior. We begin with the definition of the input dataset of captured communication and the process of extraction metrics from separated connections. Then we define the set of metrics included in the final behavioral signature. Second part of the article describes experiments performed with the state-of-the-art set of network metrics with comparison to our proposed experimental set. The paper concludes with results of experiments.

This paper* will introduce the technology of wireless sensor networks with a special focus on its... more This paper* will introduce the technology of wireless sensor networks with a special focus on its security issues.
This relatively young technology started to evolve together with the advance in miniaturization of electronic
devices, decreasing costs and general spread of wireless communication. Data sensed by the miniature devices in
a target area (e.g., temperature, pressure, movement) are locally processed and then transmitted to end user who
obtains the possibility to continuously monitor target environment. The usage of the technology starts from
medical monitoring of the patients over agriculture and industrial monitoring or early warning emergency
systems, ending with uses for military purposes as well – that is where the technology originally started. We will
cover the issue of design of a key distribution and establishment protocols secure against the partial network
compromise in more details. Special focus will be given to possibility for its automated generation of protocols
for particular network scenario. Opposite direction will be covered as well – automated search for attacker's. We
will also cover possibility to introduce low-cost tamper resistant hardware to sensor nodes without increasing the
node cost and battery consumption significantly – the scenario usually not assumed in current research papers in
the field.

Communications in Computer and Information Science, 2009

This paper is devoted to accelerometer based image stabilization for video based security surveil... more This paper is devoted to accelerometer based image stabilization for video based security surveillance systems. At the beginning an introduction to the image stabilization is presented. Short description of the actual state of common algorithms for image stabilization follows, including our solution with some partial optimizations. At the end, we present a suitable hardware platform having a built-in accelerometer, which

Communications in Computer and Information Science, 2009

We proposed modification of Collection Tree Protocol suitable for wireless sensors with tamper re... more We proposed modification of Collection Tree Protocol suitable for wireless sensors with tamper resistant module. This platform provides better security, however ordinary protocols cannot utilize its features. Our goal was to offer secure routing protocol with similar behavior and efficiency to the original protocol. Both protocols were simulated to prove that adding security to protocols does not necessarily lead to

In this paper we introduce the second generation of the experimental detection framework of AIPS ... more In this paper we introduce the second generation of the experimental detection framework of AIPS system which is used for experimentation with detection models and with their combinations. Our research aims mainly on detection of attacks that abuse vulnerabilities of buffer overflow type, but the final goal is to extend detection techniques to cover
various types of vulnerabilities. This article describes the
concept of detection framework, updated set of network metrics, provides a design of model architecture and shows an experimental results with draft of framework on the set of
laboratory simulated attacks.