Computer Network Security Research Papers (original) (raw)

Summary form only given. It is well known that despite all of its advantages the digital revolution also leads to large variety of new risks. One principal issue in this context is the growing dependence of our modern information society... more

Summary form only given. It is well known that despite all of its advantages the digital revolution also leads to large variety of new risks. One principal issue in this context is the growing dependence of our modern information society from the availability and correct (proved) function of modern communication services. First, I'll give a short overview on threats in communication networks (grids, clouds, etc), protocols and secure personal devices. Then I'll discuss current network security approaches based on anonymous message exchanges within communicating systems. Cryptography was first used to ensure data confidentiality, it has been “democratized” by ensuring the safety of telecommunications services, thereby extending its scope to authentication of a person or device, or a message, non-repudiation, integrity but also the anonymity of transactions. The anonymity is sometimes quite important in the new telecommunication and mobile networks services, much more than just message confidentiality. The talk will focus on some examples and new approaches developed in our research laboratory to deal with anonymity in routing protocols for mobile communicating systems.

This paper presents an extension of MOVICAB-IDS, a Hybrid Intelligent Intrusion Detection System characterized by incorporating temporal control to enable real-time processing and response. The original formulation of MOVICAB-IDS combines... more

This paper presents an extension of MOVICAB-IDS, a Hybrid Intelligent Intrusion Detection System characterized by incorporating temporal control to enable real-time processing and response. The original formulation of MOVICAB-IDS combines artificial neural networks and case-based reasoning within a multiagent system to perform Intrusion Detection in dynamic computer networks. The contribution of the anytime algorithm, one of the most promising to adapt Artificial Intelligent techniques to real-time requirements; is comprehensively presented in this work.

Abstract. Distributed denial of service (DDoS) attacks are a serious problem in the present-day Internet. We consider the design of a scalable agent-based system for collecting information about the structure and dynamics of DDoS attacks.... more

Abstract. Distributed denial of service (DDoS) attacks are a serious problem in the present-day Internet. We consider the design of a scalable agent-based system for collecting information about the structure and dynamics of DDoS attacks. Our system requires ...

Abstract-Today's computer systems are under relentless attack from cyber attackers armed with sophisticated vulnerability search and exploit development toolkits. To protect against such threats, we are developing FUZZBUSTER, an... more

Abstract-Today's computer systems are under relentless attack from cyber attackers armed with sophisticated vulnerability search and exploit development toolkits. To protect against such threats, we are developing FUZZBUSTER, an automated system that provides adaptive immunity against a wide variety of cyber threats. FUZZBUSTER reacts to observed attacks and proactively searches for never-before-seen vulnerabilities. FUZZBUSTER uses a suite of fuzz testing and vulnerability assessment tools to find or verify the existence of vulnerabilities. Then FUZZBUSTER conducts additional tests to characterize the extent of the vulnerability, identifying ways it can be triggered. After characterizing a vulnerability, FUZZBUSTER synthesizes and applies an adaptation to prevent future exploits.

Cybersecurity of the substations in a power system is a major issue as the substations become increasingly dependent on computer and communication networks. This paper is concerned with anomaly detection in the computer network... more

Cybersecurity of the substations in a power system is a major issue as the substations become increasingly dependent on computer and communication networks. This paper is concerned with anomaly detection in the computer network environment of a substation. An anomaly inference algorithm is proposed for early detection of cyber-intrusions at the substations. The potential scenario of simultaneous intrusions launched over multiple substations is considered. The proposed detection method considers temporal anomalies. Potential intrusion events are ranked based on the credibility impact on the power system. Snapshots of anomaly entities at substations are described. Simulation results using the modified IEEE 118-bus system have shown the effectiveness of the proposed method for systematic identification. The result of this research is a tool to detect cyber-intrusions that are likely to cause significant damages to the power grid.

ABSTRACT Intrusion Prevention Systems (IPS) is the most important solution for providing a high level of security all over the networks today. IPS is evolving recently in a way that is expected eventually to replace other security... more

ABSTRACT Intrusion Prevention Systems (IPS) is the most important solution for providing a high level of security all over the networks today. IPS is evolving recently in a way that is expected eventually to replace other security solutions such as firewalls and anti-viruses. To over come the static signature detecting mechanism to identify intruders that exists in all host based IPSs which in turn needs to be updated from time to time to insure the most accurate detection. In this paper we introduce a four tier host based IPS that uses data mining technique, namely decision tree, as a detecting mechanism. The input parameters for the prior decision tree algorithm are the most infected or targeted computer resources by intruders, instead of a static signature database. Three test scenarios were performed to investigate the ability of the proposed IPS to classify intruders correctly.

The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications .The journal... more

The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications .The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.

A power grid is a critical infrastructure that relies on supervisory control and data acquisition (SCADA) systems for monitoring, control, and operation. On top of the power infrastructure reside layers of information and communications... more

A power grid is a critical infrastructure that relies on supervisory control and data acquisition (SCADA) systems for monitoring, control, and operation. On top of the power infrastructure reside layers of information and communications technology (ICT) that are interconnected with electric grids. The cyber and power infrastructures together constitute a large, complex cyberphysical system. ICTs on the power grids have evolved from isolated structures into open and networked environments based on TCP/IP and Ethernet. The technology is known to be vulnerable with respect to cyberintrusions. As ICTs of the power infrastructure have evolved into highly connected network environments, the use of firewalls has become a widely adopted access control method against intruders. Firewalls do not guarantee cybersecurity, however. The misconfiguration of company firewalls has been reported. Even if the configuration of a firewall is correct, it is still vulnerable because firewalls are not able to detect insider attacks and connections from the trusted side. Hence, solutions based solely on firewalls can be inadequate.

Real deployments of the IoT require security. CoAP is being standardized as an application layer protocol for the Internet of Things (IoT). CoAP proposes to use DTLS to provide end-to-end security to protect the IoT. DTLS is a heavyweight... more

Real deployments of the IoT require security. CoAP is being standardized as an application layer protocol for the Internet of Things (IoT). CoAP proposes to use DTLS to provide end-to-end security to protect the IoT. DTLS is a heavyweight protocol and its headers are too long to fit in a single IEEE802.15.4 MTU. 6LoWPAN provides header compression mechanisms to reduce the size of upper layer headers. 6LoWPAN header compression mechanisms can be used to compress the security headers as well. In this paper we propose 6LoWPAN header compression for DTLS. We link our compressed DTLS with the 6LoWPAN standard using standardized mechanisms. We show that our proposed DTLS compression significantly reduces the number of additional security bits. For example, only for the DTLS Record header that is added in every DTLS packet, the number of additional security bits can be reduced by 62%. Our compressed-DTLS is the first lightweight 6LoWPAN extension for DTLS.

On 28 December 2011, the US Department of Homeland Security, Science and Technology, Cyber Security Division released "The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research" to the... more

On 28 December 2011, the US Department of Homeland Security, Science and Technology, Cyber Security Division released "The Menlo Report: Ethical Principles Guiding Information and Communication Technology Research" to the Federal Register to elicit the public's feedback. In this article, the authors briefly describe the road to this milestone, summarize the report and its companion document, and describe the next

Real deployments of the IoT require security. CoAP is being standardized as an application layer protocol for the Internet of Things (IoT). CoAP proposes to use DTLS to provide end-to-end security to protect the IoT. DTLS is a heavyweight... more

Real deployments of the IoT require security. CoAP is being standardized as an application layer protocol for the Internet of Things (IoT). CoAP proposes to use DTLS to provide end-to-end security to protect the IoT. DTLS is a heavyweight protocol and its headers are too long to fit in a single IEEE802.15.4 MTU. 6LoWPAN provides header compression mechanisms to reduce the size of upper layer headers. 6LoWPAN header compression mechanisms can be used to compress the security headers as well. In this paper we propose 6LoWPAN header compression for DTLS. We link our compressed DTLS with the 6LoWPAN standard using standardized mechanisms. We show that our proposed DTLS compression significantly reduces the number of additional security bits. For example, only for the DTLS Record header that is added in every DTLS packet, the number of additional security bits can be reduced by 62%. Our compressed-DTLS is the first lightweight 6LoWPAN extension for DTLS.

RFID is one of the enabling technologies of the Internet of Things. RFID has the potential to enable machines to identify objects, understand their status, and communicate and take action if necessary, to create "real time awareness." The... more

RFID is one of the enabling technologies of the Internet of Things. RFID has the potential to enable machines to identify objects, understand their status, and communicate and take action if necessary, to create "real time awareness." The pervasiveness of RFID technology has given rise to a number of serious issues including security and privacy concerns. This paper will discuss current RFID usage issues and conduct a threat analysis of the RFID system components then identify issues/risks and elucidate how these issues can be resolved or risks can be mitigated.

In this paper, an efficient and scalable technique for computer network security is presented. On one hand, the decryption scheme and the public key creation used in this work are based on a multi-layer neural network that is trained by... more

In this paper, an efficient and scalable technique for computer network security is presented. On one hand, the decryption scheme and the public key creation used in this work are based on a multi-layer neural network that is trained by backpropagation learning algorithm. On the other hand, the encryption scheme and the private key creation process are based on Boolean

A novel improved VPN (Virtual Private Network) system based on SSL (Secure Socket Layer) protocol is discussed to overwhelm the defect of traditional SSL VPN. The concept, critical technique and working process of the geo-secured SSL... more

A novel improved VPN (Virtual Private Network) system based on SSL (Secure Socket Layer) protocol is discussed to overwhelm the defect of traditional SSL VPN. The concept, critical technique and working process of the geo-secured SSL based VPN are presented in details because they are very important to meet enhanced security requirement which is originally a traditional SSL VPN. Based on the GPS (Global Position System) technology a new scheme to improve the security of SSL VPN is proposed. This scheme enhances current security applications granting access to sensible information and privileges to execute orders only to entities that are in a trusted location. Moreover this system authenticate authorized user but also location of the authorized user.

Embedded electronic components, so-called ECU (Electronic Controls Units), are nowadays a prominent part of a car's architecture. These ECUs, monitoring and controlling the different subsystems of a car, are interconnected through... more

Embedded electronic components, so-called ECU (Electronic Controls Units), are nowadays a prominent part of a car's architecture. These ECUs, monitoring and controlling the different subsystems of a car, are interconnected through several gateways and compose the global internal network of the car. Moreover, modern cars are now able to communicate with other devices through wired or wireless interfaces such as USB, Bluetooth, WiFi or even 3G. Such interfaces may expose the internal network to the outside world and can be seen as entry points for cyber attacks. In this paper, we present a survey on security threats and protection mechanisms in embedded automotive networks. After introducing the different protocols being used in the embedded networks of current vehicles, we then analyze the potential threats targeting these networks and describe how the attackers' opportunities can be enhanced by the new communication abilities of modern cars. Finally, we present the security ...

A Mobile agent is " a program that is self-governing enough to act separately, even when the user or application that launched it is not available to provide guidance and handle errors ". In general terms, it is a program that acts in... more

A Mobile agent is " a program that is self-governing enough to act separately, even when the user or application that launched it is not available to provide guidance and handle errors ". In general terms, it is a program that acts in behalf of its owner. A mobile agent is an object that migrates through many nodes of a assorted network of computers, under its own control, in order to perform tasks using resources of these nodes. The mobility trait of a mobile agent implies operation thereof in untrustworthy environments, which introduces malicious host threats. Available literature have been studied, analyzed and discussed. The salient characteristics as well as the drawbacks of current solutions were isolated. Through this knowledge a dynamic mobile agent security framework was defined. The framework is based on the definition of multiple security levels, depending on type of deployment environment and type of application. A prototype was constructed and tested and it was found to be lightweight and efficient, giving developers. Insight into possible security threats as well as tools for maximum protection against malicious hosts. The framework outperformed other frameworks / models as it provides dynamic solutions without burdening a system with unnecessary security gadgets and hence paying for it in system cost and performance.

Network intrusion detection has remained a field of rigorous research over the past few years. Advances in computing performance, in terms of processing power and storage, have allowed the use of resource-intensive intelligent algorithms,... more

Network intrusion detection has remained a field of rigorous research over the past few years. Advances in computing performance, in terms of processing power and storage, have allowed the use of resource-intensive intelligent algorithms, to detect intrusive activities, in a timely manner. Genetic Algorithms have emerged as a powerful domain-independent technique to facilitate searching of the most effective set of rules, to differentiate between normal and anomalous network traffic. The scope of research for developing cutting-edge and effective GA-based intrusion detection systems, has rapidly expanded to keep pace with variant attack types, increasingly witnessed from the adversary class. In this paper, we propose a GA-based technique for effectively identifying network intrusion attempts, and clearly differentiating these from normal network traffic. The performance of the proposed scheme is studied and analyzed on the KDD-99 intrusion benchmark data set. We performed a simulation-based analysis of the proposed scheme, with results strengthening our findings, and providing us directions for future work.