Network traffic anomaly prediction using Artificial Neural Network

NASA Astrophysics Data System (ADS)

Ciptaningtyas, Hening Titi; Fatichah, Chastine; Sabila, Altea

2017-03-01

As the excessive increase of internet usage, the malicious software (malware) has also increase significantly. Malware is software developed by hacker for illegal purpose(s), such as stealing data and identity, causing computer damage, or denying service to other user[1]. Malware which attack computer or server often triggers network traffic anomaly phenomena. Based on Sophos's report[2], Indonesia is the riskiest country of malware attack and it also has high network traffic anomaly. This research uses Artificial Neural Network (ANN) to predict network traffic anomaly based on malware attack in Indonesia which is recorded by Id-SIRTII/CC (Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center). The case study is the highest malware attack (SQL injection) which has happened in three consecutive years: 2012, 2013, and 2014[4]. The data series is preprocessed first, then the network traffic anomaly is predicted using Artificial Neural Network and using two weight update algorithms: Gradient Descent and Momentum. Error of prediction is calculated using Mean Squared Error (MSE) [7]. The experimental result shows that MSE for SQL Injection is 0.03856. So, this approach can be used to predict network traffic anomaly.

Passive Fingerprinting Of Computer Network Reconnaissance Tools

DTIC Science & Technology

2009-09-01

v6 for version 6 MITM : Man-In-The-Middle Attack MSS: Maximum Segment Size NOP: No Operation Performed NPS: Naval Postgraduate School OS...specific, or man-in-the- middle ( MITM ) attacks. Depending on the attacker’s position to access the targeted network, the attacker may be able to...identification numbers. Both are ordinarily supposed to be initialized as a random number to make it difficult for an attacker to perform an injection MITM

Design of Provider-Provisioned Website Protection Scheme against Malware Distribution

NASA Astrophysics Data System (ADS)

Yagi, Takeshi; Tanimoto, Naoto; Hariu, Takeo; Itoh, Mitsutaka

Vulnerabilities in web applications expose computer networks to security threats, and many websites are used by attackers as hopping sites to attack other websites and user terminals. These incidents prevent service providers from constructing secure networking environments. To protect websites from attacks exploiting vulnerabilities in web applications, service providers use web application firewalls (WAFs). WAFs filter accesses from attackers by using signatures, which are generated based on the exploit codes of previous attacks. However, WAFs cannot filter unknown attacks because the signatures cannot reflect new types of attacks. In service provider environments, the number of exploit codes has recently increased rapidly because of the spread of vulnerable web applications that have been developed through cloud computing. Thus, generating signatures for all exploit codes is difficult. To solve these problems, our proposed scheme detects and filters malware downloads that are sent from websites which have already received exploit codes. In addition, to collect information for detecting malware downloads, web honeypots, which automatically extract the communication records of exploit codes, are used. According to the results of experiments using a prototype, our scheme can filter attacks automatically so that service providers can provide secure and cost-effective network environments.

Computer Network Attack: An Operational Tool?

DTIC Science & Technology

2003-01-17

Spectrum of Conflict, Cyber Warfare , Preemptive Strike, Effects Based Targeting. 15. Abstract: Computer Network Attack (CNA) is defined as...great deal of attention as the world’s capabilities in cyber - warfare grow. 11 Although addressing the wide ranging legal aspects of CNA is beyond the...the notion of cyber - warfare has not yet developed to the point that international norms have been established.15 These norms will be developed in

Modeling, Evaluation and Detection of Jamming Attacks in Time-Critical Wireless Applications

DTIC Science & Technology

2014-08-01

computing, modeling and analysis of wireless networks , network topol- ogy, and architecture design. Dr. Wang has been a Member of the Association for...important, yet open research question is how to model and detect jamming attacks in such wireless networks , where communication traffic is more time...against time-critical wireless networks with applications to the smart grid. In contrast to communication networks where packets-oriented metrics

The framework for simulation of bioinspired security mechanisms against network infrastructure attacks.

PubMed

Shorov, Andrey; Kotenko, Igor

2014-01-01

The paper outlines a bioinspired approach named "network nervous system" and methods of simulation of infrastructure attacks and protection mechanisms based on this approach. The protection mechanisms based on this approach consist of distributed procedures of information collection and processing, which coordinate the activities of the main devices of a computer network, identify attacks, and determine necessary countermeasures. Attacks and protection mechanisms are specified as structural models using a set-theoretic approach. An environment for simulation of protection mechanisms based on the biological metaphor is considered; the experiments demonstrating the effectiveness of the protection mechanisms are described.

Develop a solution for protecting and securing enterprise networks from malicious attacks

NASA Astrophysics Data System (ADS)

Kamuru, Harshitha; Nijim, Mais

2014-05-01

In the world of computer and network security, there are myriad ways to launch an attack, which, from the perspective of a network, can usually be defined as "traffic that has huge malicious intent." Firewall acts as one of the measure in order to secure the device from incoming unauthorized data. There are infinite number of computer attacks that no firewall can prevent, such as those executed locally on the machine by a malicious user. From the network's perspective, there are numerous types of attack. All the attacks that degrade the effectiveness of data can be grouped into two types: brute force and precision. The Firewall that belongs to Juniper has the capability to protect against both types of attack. Denial of Service (DoS) attacks are one of the most well-known network security threats under brute force attacks, which is largely due to the high-profile way in which they can affect networks. Over the years, some of the largest, most respected Internet sites have been effectively taken offline by Denial of Service (DOS) attacks. A DoS attack typically has a singular focus, namely, to cause the services running on a particular host or network to become unavailable. Some DoS attacks exploit vulnerabilities in an operating system and cause it to crash, such as the infamous Win nuke attack. Others submerge a network or device with traffic so that there are no more resources to handle legitimate traffic. Precision attacks typically involve multiple phases and often involves a bit more thought than brute force attacks, all the way from reconnaissance to machine ownership. Before a precision attack is launched, information about the victim needs to be gathered. This information gathering typically takes the form of various types of scans to determine available hosts, networks, and ports. The hosts available on a network can be determined by ping sweeps. The available ports on a machine can be located by port scans. Screens cover a wide variety of attack traffic as they are configured on a per-zone basis. Depending on the type of screen being configured, there may be additional settings beyond simply blocking the traffic. Attack prevention is also a native function of any firewall. Juniper Firewall handles traffic on a per-flow basis. We can use flows or sessions as a way to determine whether traffic attempting to traverse the firewall is legitimate. We control the state-checking components resident in Juniper Firewall by configuring "flow" settings. These settings allow you to configure state checking for various conditions on the device. You can use flow settings to protect against TCP hijacking, and to generally ensure that the fire-wall is performing full state processing when desired. We take a case study of attack on a network and perform study of the detection of the malicious packets on a Net screen Firewall. A new solution for securing enterprise networks will be developed here.

Some scale-free networks could be robust under selective node attacks

NASA Astrophysics Data System (ADS)

Zheng, Bojin; Huang, Dan; Li, Deyi; Chen, Guisheng; Lan, Wenfei

2011-04-01

It is a mainstream idea that scale-free network would be fragile under the selective attacks. Internet is a typical scale-free network in the real world, but it never collapses under the selective attacks of computer viruses and hackers. This phenomenon is different from the deduction of the idea above because this idea assumes the same cost to delete an arbitrary node. Hence this paper discusses the behaviors of the scale-free network under the selective node attack with different cost. Through the experiments on five complex networks, we show that the scale-free network is possibly robust under the selective node attacks; furthermore, the more compact the network is, and the larger the average degree is, then the more robust the network is; with the same average degrees, the more compact the network is, the more robust the network is. This result would enrich the theory of the invulnerability of the network, and can be used to build robust social, technological and biological networks, and also has the potential to find the target of drugs.

A New Privacy-Preserving Handover Authentication Scheme for Wireless Networks

PubMed Central

Wang, Changji; Yuan, Yuan; Wu, Jiayuan

2017-01-01

Handover authentication is a critical issue in wireless networks, which is being used to ensure mobile nodes wander over multiple access points securely and seamlessly. A variety of handover authentication schemes for wireless networks have been proposed in the literature. Unfortunately, existing handover authentication schemes are vulnerable to a few security attacks, or incur high communication and computation costs. Recently, He et al. proposed a handover authentication scheme PairHand and claimed it can resist various attacks without rigorous security proofs. In this paper, we show that PairHand does not meet forward secrecy and strong anonymity. More seriously, it is vulnerable to key compromise attack, where an adversary can recover the private key of any mobile node. Then, we propose a new efficient and provably secure handover authentication scheme for wireless networks based on elliptic curve cryptography. Compared with existing schemes, our proposed scheme can resist key compromise attack, and achieves forward secrecy and strong anonymity. Moreover, it is more efficient in terms of computation and communication. PMID:28632171

A New Privacy-Preserving Handover Authentication Scheme for Wireless Networks.

PubMed

Wang, Changji; Yuan, Yuan; Wu, Jiayuan

2017-06-20

Handover authentication is a critical issue in wireless networks, which is being used to ensure mobile nodes wander over multiple access points securely and seamlessly. A variety of handover authentication schemes for wireless networks have been proposed in the literature. Unfortunately, existing handover authentication schemes are vulnerable to a few security attacks, or incur high communication and computation costs. Recently, He et al. proposed a handover authentication scheme PairHand and claimed it can resist various attacks without rigorous security proofs. In this paper, we show that PairHand does not meet forward secrecy and strong anonymity. More seriously, it is vulnerable to key compromise attack, where an adversary can recover the private key of any mobile node. Then, we propose a new efficient and provably secure handover authentication scheme for wireless networks based on elliptic curve cryptography. Compared with existing schemes, our proposed scheme can resist key compromise attack, and achieves forward secrecy and strong anonymity. Moreover, it is more efficient in terms of computation and communication.

DS-ARP: a new detection scheme for ARP spoofing attacks based on routing trace for ubiquitous environments.

PubMed

Song, Min Su; Lee, Jae Dong; Jeong, Young-Sik; Jeong, Hwa-Young; Park, Jong Hyuk

2014-01-01

Despite the convenience, ubiquitous computing suffers from many threats and security risks. Security considerations in the ubiquitous network are required to create enriched and more secure ubiquitous environments. The address resolution protocol (ARP) is a protocol used to identify the IP address and the physical address of the associated network card. ARP is designed to work without problems in general environments. However, since it does not include security measures against malicious attacks, in its design, an attacker can impersonate another host using ARP spoofing or access important information. In this paper, we propose a new detection scheme for ARP spoofing attacks using a routing trace, which can be used to protect the internal network. Tracing routing can find the change of network movement path. The proposed scheme provides high constancy and compatibility because it does not alter the ARP protocol. In addition, it is simple and stable, as it does not use a complex algorithm or impose extra load on the computer system.

DS-ARP: A New Detection Scheme for ARP Spoofing Attacks Based on Routing Trace for Ubiquitous Environments

PubMed Central

Song, Min Su; Lee, Jae Dong; Jeong, Hwa-Young; Park, Jong Hyuk

2014-01-01

Despite the convenience, ubiquitous computing suffers from many threats and security risks. Security considerations in the ubiquitous network are required to create enriched and more secure ubiquitous environments. The address resolution protocol (ARP) is a protocol used to identify the IP address and the physical address of the associated network card. ARP is designed to work without problems in general environments. However, since it does not include security measures against malicious attacks, in its design, an attacker can impersonate another host using ARP spoofing or access important information. In this paper, we propose a new detection scheme for ARP spoofing attacks using a routing trace, which can be used to protect the internal network. Tracing routing can find the change of network movement path. The proposed scheme provides high constancy and compatibility because it does not alter the ARP protocol. In addition, it is simple and stable, as it does not use a complex algorithm or impose extra load on the computer system. PMID:25243205

Including Internet insurance as part of a hospital computer network security plan.

PubMed

Riccardi, Ken

2002-01-01

Cyber attacks on a hospital's computer network is a new crime to be reckoned with. Should your hospital consider internet insurance? The author explains this new phenomenon and presents a risk assessment for determining network vulnerabilities.

Security in MANETs using reputation-adjusted routing

NASA Astrophysics Data System (ADS)

Ondi, Attila; Hoffman, Katherine; Perez, Carlos; Ford, Richard; Carvalho, Marco; Allen, William

2009-04-01

Mobile Ad-Hoc Networks enable communication in various dynamic environments, including military combat operations. Their open and shared communication medium enables new forms of attack that are not applicable for traditional wired networks. Traditional security mechanisms and defense techniques are not prepared to cope with the new attacks and the lack of central authorities make identity verifications difficult. This work extends our previous work in the Biologically Inspired Tactical Security Infrastructure to provide a reputation-based weighing mechanism for linkstate routing protocols to protect the network from attackers that are corrupting legitimate network traffic. Our results indicate that the approach is successful in routing network traffic around compromised computers.

Defeating Insider Attacks via Autonomic Self-Protective Networks

ERIC Educational Resources Information Center

Sibai, Faisal M.

2012-01-01

There has been a constant growing security concern with insider attacks on network accessible computer systems. Users with power credentials can do almost anything they want with the systems they own with very little control or oversight. Most breaches occurring nowadays by power users are considered legitimate access and not necessarily…

The Framework for Simulation of Bioinspired Security Mechanisms against Network Infrastructure Attacks

PubMed Central

Kotenko, Igor

2014-01-01

The paper outlines a bioinspired approach named “network nervous system" and methods of simulation of infrastructure attacks and protection mechanisms based on this approach. The protection mechanisms based on this approach consist of distributed prosedures of information collection and processing, which coordinate the activities of the main devices of a computer network, identify attacks, and determine nessesary countermeasures. Attacks and protection mechanisms are specified as structural models using a set-theoretic approach. An environment for simulation of protection mechanisms based on the biological metaphor is considered; the experiments demonstrating the effectiveness of the protection mechanisms are described. PMID:25254229

Prevention of Malicious Nodes Communication in MANETs by Using Authorized Tokens

NASA Astrophysics Data System (ADS)

Chandrakant, N.; Shenoy, P. Deepa; Venugopal, K. R.; Patnaik, L. M.

A rapid increase of wireless networks and mobile computing applications has changed the landscape of network security. A MANET is more susceptible to the attacks than wired network. As a result, attacks with malicious intent have been and will be devised to take advantage of these vulnerabilities and to cripple the MANET operation. Hence we need to search for new architecture and mechanisms to protect the wireless networks and mobile computing applications. In this paper, we examine the nodes that come under the vicinity of base node and members of the network and communication is provided to genuine nodes only. It is found that the proposed algorithm is a effective algorithm for security in MANETs.

Computer network security for the radiology enterprise.

PubMed

Eng, J

2001-08-01

As computer networks become an integral part of the radiology practice, it is appropriate to raise concerns regarding their security. The purpose of this article is to present an overview of computer network security risks and preventive strategies as they pertain to the radiology enterprise. A number of technologies are available that provide strong deterrence against attacks on networks and networked computer systems in the radiology enterprise. While effective, these technologies must be supplemented with vigilant user and system management.

Main control computer security model of closed network systems protection against cyber attacks

NASA Astrophysics Data System (ADS)

Seymen, Bilal

2014-06-01

The model that brings the data input/output under control in closed network systems, that maintains the system securely, and that controls the flow of information through the Main Control Computer which also brings the network traffic under control against cyber-attacks. The network, which can be controlled single-handedly thanks to the system designed to enable the network users to make data entry into the system or to extract data from the system securely, intends to minimize the security gaps. Moreover, data input/output record can be kept by means of the user account assigned for each user, and it is also possible to carry out retroactive tracking, if requested. Because the measures that need to be taken for each computer on the network regarding cyber security, do require high cost; it has been intended to provide a cost-effective working environment with this model, only if the Main Control Computer has the updated hardware.

Network Penetration Testing and Research

NASA Technical Reports Server (NTRS)

Murphy, Brandon F.

2013-01-01

This paper will focus the on research and testing done on penetrating a network for security purposes. This research will provide the IT security office new methods of attacks across and against a company's network as well as introduce them to new platforms and software that can be used to better assist with protecting against such attacks. Throughout this paper testing and research has been done on two different Linux based operating systems, for attacking and compromising a Windows based host computer. Backtrack 5 and BlackBuntu (Linux based penetration testing operating systems) are two different "attacker'' computers that will attempt to plant viruses and or NASA USRP - Internship Final Report exploits on a host Windows 7 operating system, as well as try to retrieve information from the host. On each Linux OS (Backtrack 5 and BlackBuntu) there is penetration testing software which provides the necessary tools to create exploits that can compromise a windows system as well as other operating systems. This paper will focus on two main methods of deploying exploits 1 onto a host computer in order to retrieve information from a compromised system. One method of deployment for an exploit that was tested is known as a "social engineering" exploit. This type of method requires interaction from unsuspecting user. With this user interaction, a deployed exploit may allow a malicious user to gain access to the unsuspecting user's computer as well as the network that such computer is connected to. Due to more advance security setting and antivirus protection and detection, this method is easily identified and defended against. The second method of exploit deployment is the method mainly focused upon within this paper. This method required extensive research on the best way to compromise a security enabled protected network. Once a network has been compromised, then any and all devices connected to such network has the potential to be compromised as well. With a compromised network, computers and devices can be penetrated through deployed exploits. This paper will illustrate the research done to test ability to penetrate a network without user interaction, in order to retrieve personal information from a targeted host.

Finite Energy and Bounded Attacks on Control System Sensor Signals

DOE Office of Scientific and Technical Information (OSTI.GOV)

Djouadi, Seddik M; Melin, Alexander M; Ferragut, Erik M

Control system networks are increasingly being connected to enterprise level networks. These connections leave critical industrial controls systems vulnerable to cyber-attacks. Most of the effort in protecting these cyber-physical systems (CPS) has been in securing the networks using information security techniques and protection and reliability concerns at the control system level against random hardware and software failures. However, besides these failures the inability of information security techniques to protect against all intrusions means that the control system must be resilient to various signal attacks for which new analysis and detection methods need to be developed. In this paper, sensor signalmore » attacks are analyzed for observer-based controlled systems. The threat surface for sensor signal attacks is subdivided into denial of service, finite energy, and bounded attacks. In particular, the error signals between states of attack free systems and systems subject to these attacks are quantified. Optimal sensor and actuator signal attacks for the finite and infinite horizon linear quadratic (LQ) control in terms of maximizing the corresponding cost functions are computed. The closed-loop system under optimal signal attacks are provided. Illustrative numerical examples are provided together with an application to a power network with distributed LQ controllers.« less

Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models

DOE PAGES

Rao, Nageswara S. V.; Poole, Stephen W.; Ma, Chris Y. T.; ...

2015-04-06

The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical sub-infrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein theirmore » components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. In conclusion, the analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures.« less

Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rao, Nageswara S. V.; Poole, Stephen W.; Ma, Chris Y. T.

The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical sub-infrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein theirmore » components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. In conclusion, the analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures.« less

Defense of Cyber Infrastructures Against Cyber-Physical Attacks Using Game-Theoretic Models.

PubMed

Rao, Nageswara S V; Poole, Stephen W; Ma, Chris Y T; He, Fei; Zhuang, Jun; Yau, David K Y

2016-04-01

The operation of cyber infrastructures relies on both cyber and physical components, which are subject to incidental and intentional degradations of different kinds. Within the context of network and computing infrastructures, we study the strategic interactions between an attacker and a defender using game-theoretic models that take into account both cyber and physical components. The attacker and defender optimize their individual utilities, expressed as sums of cost and system terms. First, we consider a Boolean attack-defense model, wherein the cyber and physical subinfrastructures may be attacked and reinforced as individual units. Second, we consider a component attack-defense model wherein their components may be attacked and defended, and the infrastructure requires minimum numbers of both to function. We show that the Nash equilibrium under uniform costs in both cases is computable in polynomial time, and it provides high-level deterministic conditions for the infrastructure survival. When probabilities of successful attack and defense, and of incidental failures, are incorporated into the models, the results favor the attacker but otherwise remain qualitatively similar. This approach has been motivated and validated by our experiences with UltraScience Net infrastructure, which was built to support high-performance network experiments. The analytical results, however, are more general, and we apply them to simplified models of cloud and high-performance computing infrastructures. © 2015 Society for Risk Analysis.

Active Computer Network Defense: An Assessment

DTIC Science & Technology

2001-04-01

sufficient base of knowledge in information technology can be assumed to be working on some form of computer network warfare, even if only defensive in...the Defense Information Infrastructure (DII) to attack. Transmission Control Protocol/ Internet Protocol (TCP/IP) networks are inherently resistant to...aims to create this part of information superiority, and computer network defense is one of its fundamental components. Most of these efforts center

Engaging Cyber Communities

DTIC Science & Technology

2010-04-01

technology centric operations such as computer network attack and computer network defense. 3 This leads to the question of whether the US military is... information and infrastructure. For the purpose of military operations, CNO are divided into CNA, CND, and computer network exploitation (CNE) enabling...of a CNA if they take undesirable action,” 21 and from a defensive stance in CND, “providing information about non-military threat to computers in

Comparison of artificial intelligence classifiers for SIP attack data

NASA Astrophysics Data System (ADS)

Safarik, Jakub; Slachta, Jiri

2016-05-01

Honeypot application is a source of valuable data about attacks on the network. We run several SIP honeypots in various computer networks, which are separated geographically and logically. Each honeypot runs on public IP address and uses standard SIP PBX ports. All information gathered via honeypot is periodically sent to the centralized server. This server classifies all attack data by neural network algorithm. The paper describes optimizations of a neural network classifier, which lower the classification error. The article contains the comparison of two neural network algorithm used for the classification of validation data. The first is the original implementation of the neural network described in recent work; the second neural network uses further optimizations like input normalization or cross-entropy cost function. We also use other implementations of neural networks and machine learning classification algorithms. The comparison test their capabilities on validation data to find the optimal classifier. The article result shows promise for further development of an accurate SIP attack classification engine.

Modeling Network Interdiction Tasks

DTIC Science & Technology

2015-09-17

they may attack the flaw to cause widespread chaos. Attacks such as these are considered a form of network interdiction. Assessing the networks over...and forms a foundation for the techniques of the measures and models approaches of the research framework, which is depicted in Figure 2. The...ensures the distance of the shortest (i, j) path is computed. This insight is attributed to Warshall [62]. The algorithm’s present form is attributed

Analysis of an algorithm for distributed recognition and accountability

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ko, C.; Frincke, D.A.; Goan, T. Jr.

1993-08-01

Computer and network systems are available to attacks. Abandoning the existing huge infrastructure of possibly-insecure computer and network systems is impossible, and replacing them by totally secure systems may not be feasible or cost effective. A common element in many attacks is that a single user will often attempt to intrude upon multiple resources throughout a network. Detecting the attack can become significantly easier by compiling and integrating evidence of such intrusion attempts across the network rather than attempting to assess the situation from the vantage point of only a single host. To solve this problem, we suggest an approachmore » for distributed recognition and accountability (DRA), which consists of algorithms which ``process,`` at a central location, distributed and asynchronous ``reports`` generated by computers (or a subset thereof) throughout the network. Our highest-priority objectives are to observe ways by which an individual moves around in a network of computers, including changing user names to possibly hide his/her true identity, and to associate all activities of multiple instance of the same individual to the same network-wide user. We present the DRA algorithm and a sketch of its proof under an initial set of simplifying albeit realistic assumptions. Later, we relax these assumptions to accommodate pragmatic aspects such as missing or delayed ``reports,`` clock slew, tampered ``reports,`` etc. We believe that such algorithms will have widespread applications in the future, particularly in intrusion-detection system.« less

Localization-Free Detection of Replica Node Attacks in Wireless Sensor Networks Using Similarity Estimation with Group Deployment Knowledge

PubMed Central

Ding, Chao; Yang, Lijun; Wu, Meng

2017-01-01

Due to the unattended nature and poor security guarantee of the wireless sensor networks (WSNs), adversaries can easily make replicas of compromised nodes, and place them throughout the network to launch various types of attacks. Such an attack is dangerous because it enables the adversaries to control large numbers of nodes and extend the damage of attacks to most of the network with quite limited cost. To stop the node replica attack, we propose a location similarity-based detection scheme using deployment knowledge. Compared with prior solutions, our scheme provides extra functionalities that prevent replicas from generating false location claims without deploying resource-consuming localization techniques on the resource-constraint sensor nodes. We evaluate the security performance of our proposal under different attack strategies through heuristic analysis, and show that our scheme achieves secure and robust replica detection by increasing the cost of node replication. Additionally, we evaluate the impact of network environment on the proposed scheme through theoretic analysis and simulation experiments, and indicate that our scheme achieves effectiveness and efficiency with substantially lower communication, computational, and storage overhead than prior works under different situations and attack strategies. PMID:28098846

Localization-Free Detection of Replica Node Attacks in Wireless Sensor Networks Using Similarity Estimation with Group Deployment Knowledge.

PubMed

Ding, Chao; Yang, Lijun; Wu, Meng

2017-01-15

Due to the unattended nature and poor security guarantee of the wireless sensor networks (WSNs), adversaries can easily make replicas of compromised nodes, and place them throughout the network to launch various types of attacks. Such an attack is dangerous because it enables the adversaries to control large numbers of nodes and extend the damage of attacks to most of the network with quite limited cost. To stop the node replica attack, we propose a location similarity-based detection scheme using deployment knowledge. Compared with prior solutions, our scheme provides extra functionalities that prevent replicas from generating false location claims without deploying resource-consuming localization techniques on the resource-constraint sensor nodes. We evaluate the security performance of our proposal under different attack strategies through heuristic analysis, and show that our scheme achieves secure and robust replica detection by increasing the cost of node replication. Additionally, we evaluate the impact of network environment on the proposed scheme through theoretic analysis and simulation experiments, and indicate that our scheme achieves effectiveness and efficiency with substantially lower communication, computational, and storage overhead than prior works under different situations and attack strategies.

First-Strike Advantage: The United States’ Counter to China’s Preemptive Integrated Network Electronic Warfare Strategy

DTIC Science & Technology

2013-06-01

Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage,” 9. 57 Lolita C. Baldor, “Chinese Cyber Attacks On U.S. Continue...the Secretary of Defense, 2009. Baldor, Lolita C. “Chinese Cyber Attacks on U.S. Continue Totally Unabated, Leon Panetta.” Huffington Post (2012

Stopping computer crimes

NASA Technical Reports Server (NTRS)

Denning, Peter J.

1989-01-01

Two new books about intrusions and computer viruses remind us that attacks against our computers on networks are the actions of human beings. Cliff Stoll's book about the hacker who spent a year, beginning in Aug. 1986, attempting to use the Lawrence Berkeley Computer as a stepping-stone for access to military secrets is a spy thriller that illustrates the weaknesses of our password systems and the difficulties in compiling evidence against a hacker engaged in espionage. Pamela Kane's book about viruses that attack IBM PC's shows that viruses are the modern version of the old problem of a Trojan horse attack. It discusses the most famous viruses and their countermeasures, and it comes with a floppy disk of utility programs that will disinfect your PC and thwart future attack.

Graph Coarsening for Path Finding in Cybersecurity Graphs

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hogan, Emilie A.; Johnson, John R.; Halappanavar, Mahantesh

2013-01-01

n the pass-the-hash attack, hackers repeatedly steal password hashes and move through a computer network with the goal of reaching a computer with high level administrative privileges. In this paper we apply graph coarsening in network graphs for the purpose of detecting hackers using this attack or assessing the risk level of the network's current state. We repeatedly take graph minors, which preserve the existence of paths in the graph, and take powers of the adjacency matrix to count the paths. This allows us to detect the existence of paths as well as find paths that have high risk ofmore » being used by adversaries.« less

A security mechanism based on evolutionary game in fog computing.

PubMed

Sun, Yan; Lin, Fuhong; Zhang, Nan

2018-02-01

Fog computing is a distributed computing paradigm at the edge of the network and requires cooperation of users and sharing of resources. When users in fog computing open their resources, their devices are easily intercepted and attacked because they are accessed through wireless network and present an extensive geographical distribution. In this study, a credible third party was introduced to supervise the behavior of users and protect the security of user cooperation. A fog computing security mechanism based on human nervous system is proposed, and the strategy for a stable system evolution is calculated. The MATLAB simulation results show that the proposed mechanism can reduce the number of attack behaviors effectively and stimulate users to cooperate in application tasks positively.

On resilience studies of system detection and recovery techniques against stealthy insider attacks

NASA Astrophysics Data System (ADS)

Wei, Sixiao; Zhang, Hanlin; Chen, Genshe; Shen, Dan; Yu, Wei; Pham, Khanh D.; Blasch, Erik P.; Cruz, Jose B.

2016-05-01

With the explosive growth of network technologies, insider attacks have become a major concern to business operations that largely rely on computer networks. To better detect insider attacks that marginally manipulate network traffic over time, and to recover the system from attacks, in this paper we implement a temporal-based detection scheme using the sequential hypothesis testing technique. Two hypothetical states are considered: the null hypothesis that the collected information is from benign historical traffic and the alternative hypothesis that the network is under attack. The objective of such a detection scheme is to recognize the change within the shortest time by comparing the two defined hypotheses. In addition, once the attack is detected, a server migration-based system recovery scheme can be triggered to recover the system to the state prior to the attack. To understand mitigation of insider attacks, a multi-functional web display of the detection analysis was developed for real-time analytic. Experiments using real-world traffic traces evaluate the effectiveness of Detection System and Recovery (DeSyAR) scheme. The evaluation data validates the detection scheme based on sequential hypothesis testing and the server migration-based system recovery scheme can perform well in effectively detecting insider attacks and recovering the system under attack.

Protecting against cyber threats in networked information systems

NASA Astrophysics Data System (ADS)

Ertoz, Levent; Lazarevic, Aleksandar; Eilertson, Eric; Tan, Pang-Ning; Dokas, Paul; Kumar, Vipin; Srivastava, Jaideep

2003-07-01

This paper provides an overview of our efforts in detecting cyber attacks in networked information systems. Traditional signature based techniques for detecting cyber attacks can only detect previously known intrusions and are useless against novel attacks and emerging threats. Our current research at the University of Minnesota is focused on developing data mining techniques to automatically detect attacks against computer networks and systems. This research is being conducted as a part of MINDS (Minnesota Intrusion Detection System) project at the University of Minnesota. Experimental results on live network traffic at the University of Minnesota show that the new techniques show great promise in detecting novel intrusions. In particular, during the past few months our techniques have been successful in automatically identifying several novel intrusions that could not be detected using state-of-the-art tools such as SNORT.

Jamming Attack in Wireless Sensor Network: From Time to Space

NASA Astrophysics Data System (ADS)

Sun, Yanqiang; Wang, Xiaodong; Zhou, Xingming

Classical jamming attack models in the time domain have been proposed, such as constant jammer, random jammer, and reactive jammer. In this letter, we consider a new problem: given k jammers, how does the attacker minimize the pair-wise connectivity among the nodes in a Wireless Sensor Network (WSN)? We call this problem k-Jammer Deployment Problem (k-JDP). To the best of our knowledge, this is the first attempt at considering the position-critical jamming attack against wireless sensor network. We mainly make three contributions. First, we prove that the decision version of k-JDP is NP-complete even in the ideal situation where the attacker has full knowledge of the topology information of sensor network. Second, we propose a mathematical formulation based on Integer Programming (IP) model which yields an optimal solution. Third, we present a heuristic algorithm HAJDP, and compare it with the IP model. Numerical results show that our heuristic algorithm is computationally efficient.

A Novel Centrality Measure for Network-wide Cyber Vulnerability Assessment

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sathanur, Arun V.; Haglin, David J.

In this work we propose a novel formulation that models the attack and compromise on a cyber network as a combination of two parts - direct compromise of a host and the compromise occurring through the spread of the attack on the network from a compromised host. The model parameters for the nodes are a concise representation of the host profiles that can include the risky behaviors of the associated human users while the model parameters for the edges are based on the existence of vulnerabilities between each pair of connected hosts. The edge models relate to the summary representationsmore » of the corresponding attack-graphs. This results in a formulation based on Random Walk with Restart (RWR) and the resulting centrality metric can be solved for in an efficient manner through the use of sparse linear solvers. Thus the formulation goes beyond mere topological considerations in centrality computations by summarizing the host profiles and the attack graphs into the model parameters. The computational efficiency of the method also allows us to also quantify the uncertainty in the centrality measure through Monte Carlo analysis.« less

Proactive Alleviation Procedure to Handle Black Hole Attack and Its Version

PubMed Central

Babu, M. Rajesh; Dian, S. Moses; Chelladurai, Siva; Palaniappan, Mathiyalagan

2015-01-01

The world is moving towards a new realm of computing such as Internet of Things. The Internet of Things, however, envisions connecting almost all objects within the world to the Internet by recognizing them as smart objects. In doing so, the existing networks which include wired, wireless, and ad hoc networks should be utilized. Moreover, apart from other networks, the ad hoc network is full of security challenges. For instance, the MANET (mobile ad hoc network) is susceptible to various attacks in which the black hole attacks and its versions do serious damage to the entire MANET infrastructure. The severity of this attack increases, when the compromised MANET nodes work in cooperation with each other to make a cooperative black hole attack. Therefore this paper proposes an alleviation procedure which consists of timely mandate procedure, hole detection algorithm, and sensitive guard procedure to detect the maliciously behaving nodes. It has been observed that the proposed procedure is cost-effective and ensures QoS guarantee by assuring resource availability thus making the MANET appropriate for Internet of Things. PMID:26495430

Proactive Alleviation Procedure to Handle Black Hole Attack and Its Version.

PubMed

Babu, M Rajesh; Dian, S Moses; Chelladurai, Siva; Palaniappan, Mathiyalagan

2015-01-01

The world is moving towards a new realm of computing such as Internet of Things. The Internet of Things, however, envisions connecting almost all objects within the world to the Internet by recognizing them as smart objects. In doing so, the existing networks which include wired, wireless, and ad hoc networks should be utilized. Moreover, apart from other networks, the ad hoc network is full of security challenges. For instance, the MANET (mobile ad hoc network) is susceptible to various attacks in which the black hole attacks and its versions do serious damage to the entire MANET infrastructure. The severity of this attack increases, when the compromised MANET nodes work in cooperation with each other to make a cooperative black hole attack. Therefore this paper proposes an alleviation procedure which consists of timely mandate procedure, hole detection algorithm, and sensitive guard procedure to detect the maliciously behaving nodes. It has been observed that the proposed procedure is cost-effective and ensures QoS guarantee by assuring resource availability thus making the MANET appropriate for Internet of Things.

Computer Intrusions and Attacks.

ERIC Educational Resources Information Center

Falk, Howard

1999-01-01

Examines some frequently encountered unsolicited computer intrusions, including computer viruses, worms, Java applications, trojan horses or vandals, e-mail spamming, hoaxes, and cookies. Also discusses virus-protection software, both for networks and for individual users. (LRW)

Bio-inspired diversity for increasing attacker workload

NASA Astrophysics Data System (ADS)

Kuhn, Stephen

2014-05-01

Much of the traffic in modern computer networks is conducted between clients and servers, rather than client-toclient. As a result, servers represent a high-value target for collection and analysis of network traffic. As they reside at a single network location (i.e. IP/MAC address) for long periods of time. Servers present a static target for surveillance, and a unique opportunity to observe the network traffic. Although servers present a heightened value for attackers, the security community as a whole has shifted more towards protecting clients in recent years leaving a gap in coverage. In addition, servers typically remain active on networks for years, potentially decades. This paper builds on previous work that demonstrated a proof of concept leveraging existing technology for increasing attacker workload. Here we present our clean slate approach to increasing attacker workload through a novel hypervisor and micro-kernel, utilizing next generation virtualization technology to create synthetic diversity of the server's presence including the hardware components.

A Socio-Technical Approach to Preventing, Mitigating, and Recovering from Ransomware Attacks.

PubMed

Sittig, Dean F; Singh, Hardeep

2016-01-01

Recently there have been several high-profile ransomware attacks involving hospitals around the world. Ransomware is intended to damage or disable a user's computer unless the user makes a payment. Once the attack has been launched, users have three options: 1) try to restore their data from backup; 2) pay the ransom; or 3) lose their data. In this manuscript, we discuss a socio-technical approach to address ransomware and outline four overarching steps that organizations can undertake to secure an electronic health record (EHR) system and the underlying computing infrastructure. First, health IT professionals need to ensure adequate system protection by correctly installing and configuring computers and networks that connect them. Next, the health care organizations need to ensure more reliable system defense by implementing user-focused strategies, including simulation and training on correct and complete use of computers and network applications. Concomitantly, the organization needs to monitor computer and application use continuously in an effort to detect suspicious activities and identify and address security problems before they cause harm. Finally, organizations need to respond adequately to and recover quickly from ransomware attacks and take actions to prevent them in future. We also elaborate on recommendations from other authoritative sources, including the National Institute of Standards and Technology (NIST). Similar to approaches to address other complex socio-technical health IT challenges, the responsibility of preventing, mitigating, and recovering from these attacks is shared between health IT professionals and end-users.

A Socio-Technical Approach to Preventing, Mitigating, and Recovering from Ransomware Attacks

PubMed Central

Singh, Hardeep

2016-01-01

Summary Recently there have been several high-profile ransomware attacks involving hospitals around the world. Ransomware is intended to damage or disable a user’s computer unless the user makes a payment. Once the attack has been launched, users have three options: 1) try to restore their data from backup; 2) pay the ransom; or 3) lose their data. In this manuscript, we discuss a socio-technical approach to address ransomware and outline four overarching steps that organizations can undertake to secure an electronic health record (EHR) system and the underlying computing infrastructure. First, health IT professionals need to ensure adequate system protection by correctly installing and configuring computers and networks that connect them. Next, the health care organizations need to ensure more reliable system defense by implementing user-focused strategies, including simulation and training on correct and complete use of computers and network applications. Concomitantly, the organization needs to monitor computer and application use continuously in an effort to detect suspicious activities and identify and address security problems before they cause harm. Finally, organizations need to respond adequately to and recover quickly from ransomware attacks and take actions to prevent them in future. We also elaborate on recommendations from other authoritative sources, including the National Institute of Standards and Technology (NIST). Similar to approaches to address other complex socio-technical health IT challenges, the responsibility of preventing, mitigating, and recovering from these attacks is shared between health IT professionals and end-users. PMID:27437066

Netwar

NASA Astrophysics Data System (ADS)

Keen, Arthur A.

2006-04-01

This paper describes technology being developed at 21st Century Technologies to automate Computer Network Operations (CNO). CNO refers to DoD activities related to Attacking and Defending Computer Networks (CNA & CND). Next generation cyber threats are emerging in the form of powerful Internet services and tools that automate intelligence gathering, planning, testing, and surveillance. We will focus on "Search-Engine Hacks", queries that can retrieve lists of router/switch/server passwords, control panels, accessible cameras, software keys, VPN connection files, and vulnerable web applications. Examples include "Titan Rain" attacks against DoD facilities and the Santy worm, which identifies vulnerable sites by searching Google for URLs containing application-specific strings. This trend will result in increasingly sophisticated and automated intelligence-driven cyber attacks coordinated across multiple domains that are difficult to defeat or even understand with current technology. One traditional method of CNO relies on surveillance detection as an attack predictor. Unfortunately, surveillance detection is difficult because attackers can perform search engine-driven surveillance such as with Google Hacks, and avoid touching the target site. Therefore, attack observables represent only about 5% of the attacker's total attack time, and are inadequate to provide warning. In order to predict attacks and defend against them, CNO must also employ more sophisticated techniques and work to understand the attacker's Motives, Means and Opportunities (MMO). CNO must use automated reconnaissance tools, such as Google, to identify information vulnerabilities, and then utilize Internet tools to observe the intelligence gathering, planning, testing, and collaboration activities that represent 95% of the attacker's effort.

Cyber attacks against state estimation in power systems: Vulnerability analysis and protection strategies

NASA Astrophysics Data System (ADS)

Liu, Xuan

Power grid is one of the most critical infrastructures in a nation and could suffer a variety of cyber attacks. With the development of Smart Grid, false data injection attack has recently attracted wide research interest. This thesis proposes a false data attack model with incomplete network information and develops optimal attack strategies for attacking load measurements and the real-time topology of a power grid. The impacts of false data on the economic and reliable operations of power systems are quantitatively analyzed in this thesis. To mitigate the risk of cyber attacks, a distributed protection strategies are also developed. It has been shown that an attacker can design false data to avoid being detected by the control center if the network information of a power grid is known to the attacker. In practice, however, it is very hard or even impossible for an attacker to obtain all network information of a power grid. In this thesis, we propose a local load redistribution attacking model based on incomplete network information and show that an attacker only needs to obtain the network information of the local attacking region to inject false data into smart meters in the local region without being detected by the state estimator. A heuristic algorithm is developed to determine a feasible attacking region by obtaining reduced network information. This thesis investigates the impacts of false data on the operations of power systems. It has been shown that false data can be designed by an attacker to: 1) mask the real-time topology of a power grid; 2) overload a transmission line; 3) disturb the line outage detection based on PMU data. To mitigate the risk of cyber attacks, this thesis proposes a new protection strategy, which intends to mitigate the damage effects of false data injection attacks by protecting a small set of critical measurements. To further reduce the computation complexity, a mixed integer linear programming approach is also proposed to separate the power grid into several subnetworks, then distributed protection strategy is applied to each subnetwork.

Defense strategies for cloud computing multi-site server infrastructures

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rao, Nageswara S.; Ma, Chris Y. T.; He, Fei

We consider cloud computing server infrastructures for big data applications, which consist of multiple server sites connected over a wide-area network. The sites house a number of servers, network elements and local-area connections, and the wide-area network plays a critical, asymmetric role of providing vital connectivity between them. We model this infrastructure as a system of systems, wherein the sites and wide-area network are represented by their cyber and physical components. These components can be disabled by cyber and physical attacks, and also can be protected against them using component reinforcements. The effects of attacks propagate within the systems, andmore » also beyond them via the wide-area network.We characterize these effects using correlations at two levels using: (a) aggregate failure correlation function that specifies the infrastructure failure probability given the failure of an individual site or network, and (b) first-order differential conditions on system survival probabilities that characterize the component-level correlations within individual systems. We formulate a game between an attacker and a provider using utility functions composed of survival probability and cost terms. At Nash Equilibrium, we derive expressions for the expected capacity of the infrastructure given by the number of operational servers connected to the network for sum-form, product-form and composite utility functions.« less

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

NASA Astrophysics Data System (ADS)

Mohammadi, Hadi

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to create and design a Security and Critical Patch Management Process (SCPMP) framework based on Systems Engineering (SE) principles. This framework will assist Information Technology Department Staff (ITDS) to reduce IT operating time and costs and mitigate the risk of security and vulnerability attacks. Further, this study evaluates implementation of the SCPMP in the networked computing systems of an academic environment in order to: 1. Meet patch management requirements by applying SE principles. 2. Reduce the cost of IT operations and PVM cycles. 3. Improve the current PVM methodologies to prevent networked computing systems from becoming the targets of security vulnerability attacks. 4. Embed a Maintenance Optimization Tool (MOT) in the proposed framework. The MOT allows IT managers to make the most practicable choice of methods for deploying and installing released patches and vulnerability remediation. In recent years, there has been a variety of frameworks for security practices in every networked computing system to protect computer workstations from becoming compromised or vulnerable to security attacks, which can expose important information and critical data. I have developed a new mechanism for implementing PVM for maximizing security-vulnerability maintenance, protecting OS and software packages, and minimizing SCPMP cost. To increase computing system security in any diverse environment, particularly in academia, one must apply SCPMP. I propose an optimal maintenance policy that will allow ITDS to measure and estimate the variation of PVM cycles based on their department's requirements. My results demonstrate that MOT optimizes the process of implementing SCPMP in academic workstations.

A Dynamic Three-Dimensional Network Visualization Program for Integration into CyberCIEGE and Other Network Visualization Scenarios

DTIC Science & Technology

2007-06-01

information flow involved in network attacks. This kind of information can be invaluable in learning how to best setup and defend computer networks...administrators, and those interested in learning about securing networks a way to conceptualize this complex system of computing. NTAV3D will provide a three...teaching with visual and other components can make learning more effective” (Baxley et al, 2006). A hyperbox (Alpern and Carter, 1991) is

Change Detection Algorithms for Information Assurance of Computer Networks

DTIC Science & Technology

2002-01-01

original document contains color images. 14. ABSTRACT see report 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT 18...number of computer attacks increases steadily per year. At the time of this writing the Internet Security Systems’ baseline assessment is that a new...across a network by exploiting security flaws in widely-used services offered by vulnerable computers. In order to locate the vulnerable computers, the

A network security monitor

DOE Office of Scientific and Technical Information (OSTI.GOV)

Heberlein, L.T.; Dias, G.V.; Levitt, K.N.

1989-11-01

The study of security in computer networks is a rapidly growing area of interest because of the proliferation of networks and the paucity of security measures in most current networks. Since most networks consist of a collection of inter-connected local area networks (LANs), this paper concentrates on the security-related issues in a single broadcast LAN such as Ethernet. Specifically, we formalize various possible network attacks and outline methods of detecting them. Our basic strategy is to develop profiles of usage of network resources and then compare current usage patterns with the historical profile to determine possible security violations. Thus, ourmore » work is similar to the host-based intrusion-detection systems such as SRI's IDES. Different from such systems, however, is our use of a hierarchical model to refine the focus of the intrusion-detection mechanism. We also report on the development of our experimental LAN monitor currently under implementation. Several network attacks have been simulated and results on how the monitor has been able to detect these attacks are also analyzed. Initial results demonstrate that many network attacks are detectable with our monitor, although it can surely be defeated. Current work is focusing on the integration of network monitoring with host-based techniques. 20 refs., 2 figs.« less

An Efficient and Adaptive Mutual Authentication Framework for Heterogeneous Wireless Sensor Network-Based Applications

PubMed Central

Kumar, Pardeep; Ylianttila, Mika; Gurtov, Andrei; Lee, Sang-Gon; Lee, Hoon-Jae

2014-01-01

Robust security is highly coveted in real wireless sensor network (WSN) applications since wireless sensors' sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring). The proposed framework offers: (i) key initialization; (ii) secure network (cluster) formation (i.e., mutual authentication and dynamic key establishment); (iii) key revocation; and (iv) new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications. PMID:24521942

An efficient and adaptive mutual authentication framework for heterogeneous wireless sensor network-based applications.

PubMed

Kumar, Pardeep; Ylianttila, Mika; Gurtov, Andrei; Lee, Sang-Gon; Lee, Hoon-Jae

2014-02-11

Robust security is highly coveted in real wireless sensor network (WSN) applications since wireless sensors' sense critical data from the application environment. This article presents an efficient and adaptive mutual authentication framework that suits real heterogeneous WSN-based applications (such as smart homes, industrial environments, smart grids, and healthcare monitoring). The proposed framework offers: (i) key initialization; (ii) secure network (cluster) formation (i.e., mutual authentication and dynamic key establishment); (iii) key revocation; and (iv) new node addition into the network. The correctness of the proposed scheme is formally verified. An extensive analysis shows the proposed scheme coupled with message confidentiality, mutual authentication and dynamic session key establishment, node privacy, and message freshness. Moreover, the preliminary study also reveals the proposed framework is secure against popular types of attacks, such as impersonation attacks, man-in-the-middle attacks, replay attacks, and information-leakage attacks. As a result, we believe the proposed framework achieves efficiency at reasonable computation and communication costs and it can be a safeguard to real heterogeneous WSN applications.

Detecting Targeted Malicious Email through Supervised Classification of Persistent Threat and Recipient Oriented Features

ERIC Educational Resources Information Center

Amin, Rohan Mahesh

2010-01-01

Targeted email attacks to enable computer network exploitation have become more prevalent, more insidious, and more widely documented in recent years. Beyond nuisance spam or phishing designed to trick users into revealing personal information, targeted malicious email (TME) facilitates computer network exploitation and the gathering of sensitive…

Detecting Distributed SQL Injection Attacks in a Eucalyptus Cloud Environment

NASA Technical Reports Server (NTRS)

Kebert, Alan; Barnejee, Bikramjit; Solano, Juan; Solano, Wanda

2013-01-01

The cloud computing environment offers malicious users the ability to spawn multiple instances of cloud nodes that are similar to virtual machines, except that they can have separate external IP addresses. In this paper we demonstrate how this ability can be exploited by an attacker to distribute his/her attack, in particular SQL injection attacks, in such a way that an intrusion detection system (IDS) could fail to identify this attack. To demonstrate this, we set up a small private cloud, established a vulnerable website in one instance, and placed an IDS within the cloud to monitor the network traffic. We found that an attacker could quite easily defeat the IDS by periodically altering its IP address. To detect such an attacker, we propose to use multi-agent plan recognition, where the multiple source IPs are considered as different agents who are mounting a collaborative attack. We show that such a formulation of this problem yields a more sophisticated approach to detecting SQL injection attacks within a cloud computing environment.

Identifying Vulnerabilities and Hardening Attack Graphs for Networked Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Saha, Sudip; Vullinati, Anil K.; Halappanavar, Mahantesh

We investigate efficient security control methods for protecting against vulnerabilities in networked systems. A large number of interdependent vulnerabilities typically exist in the computing nodes of a cyber-system; as vulnerabilities get exploited, starting from low level ones, they open up the doors to more critical vulnerabilities. These cannot be understood just by a topological analysis of the network, and we use the attack graph abstraction of Dewri et al. to study these problems. In contrast to earlier approaches based on heuristics and evolutionary algorithms, we study rigorous methods for quantifying the inherent vulnerability and hardening cost for the system. Wemore » develop algorithms with provable approximation guarantees, and evaluate them for real and synthetic attack graphs.« less

Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users.

PubMed

Veksler, Vladislav D; Buchler, Norbou; Hoffman, Blaine E; Cassenti, Daniel N; Sample, Char; Sugrim, Shridat

2018-01-01

Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b) human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c) dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d) training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior) via techniques such as model tracing and dynamic parameter fitting.

Exploring Factors That Affect Adoption of Computer Security Practices among College Students

ERIC Educational Resources Information Center

Alqarni, Amani

2017-01-01

Cyber-attacks threaten the security of computer users' information, networks, machines, and privacy. Studies of computer security education, awareness, and training among ordinary computer users, college students, non-IT-oriented user groups, and non-technically trained citizens are limited. Most research has focused on computer security standards…

Efficient and anonymous two-factor user authentication in wireless sensor networks: achieving user anonymity with lightweight sensor computation.

PubMed

Nam, Junghyun; Choo, Kim-Kwang Raymond; Han, Sangchul; Kim, Moonseong; Paik, Juryon; Won, Dongho

2015-01-01

A smart-card-based user authentication scheme for wireless sensor networks (hereafter referred to as a SCA-WSN scheme) is designed to ensure that only users who possess both a smart card and the corresponding password are allowed to gain access to sensor data and their transmissions. Despite many research efforts in recent years, it remains a challenging task to design an efficient SCA-WSN scheme that achieves user anonymity. The majority of published SCA-WSN schemes use only lightweight cryptographic techniques (rather than public-key cryptographic techniques) for the sake of efficiency, and have been demonstrated to suffer from the inability to provide user anonymity. Some schemes employ elliptic curve cryptography for better security but require sensors with strict resource constraints to perform computationally expensive scalar-point multiplications; despite the increased computational requirements, these schemes do not provide user anonymity. In this paper, we present a new SCA-WSN scheme that not only achieves user anonymity but also is efficient in terms of the computation loads for sensors. Our scheme employs elliptic curve cryptography but restricts its use only to anonymous user-to-gateway authentication, thereby allowing sensors to perform only lightweight cryptographic operations. Our scheme also enjoys provable security in a formal model extended from the widely accepted Bellare-Pointcheval-Rogaway (2000) model to capture the user anonymity property and various SCA-WSN specific attacks (e.g., stolen smart card attacks, node capture attacks, privileged insider attacks, and stolen verifier attacks).

Efficient and Anonymous Two-Factor User Authentication in Wireless Sensor Networks: Achieving User Anonymity with Lightweight Sensor Computation

PubMed Central

Nam, Junghyun; Choo, Kim-Kwang Raymond; Han, Sangchul; Kim, Moonseong; Paik, Juryon; Won, Dongho

2015-01-01

A smart-card-based user authentication scheme for wireless sensor networks (hereafter referred to as a SCA-WSN scheme) is designed to ensure that only users who possess both a smart card and the corresponding password are allowed to gain access to sensor data and their transmissions. Despite many research efforts in recent years, it remains a challenging task to design an efficient SCA-WSN scheme that achieves user anonymity. The majority of published SCA-WSN schemes use only lightweight cryptographic techniques (rather than public-key cryptographic techniques) for the sake of efficiency, and have been demonstrated to suffer from the inability to provide user anonymity. Some schemes employ elliptic curve cryptography for better security but require sensors with strict resource constraints to perform computationally expensive scalar-point multiplications; despite the increased computational requirements, these schemes do not provide user anonymity. In this paper, we present a new SCA-WSN scheme that not only achieves user anonymity but also is efficient in terms of the computation loads for sensors. Our scheme employs elliptic curve cryptography but restricts its use only to anonymous user-to-gateway authentication, thereby allowing sensors to perform only lightweight cryptographic operations. Our scheme also enjoys provable security in a formal model extended from the widely accepted Bellare-Pointcheval-Rogaway (2000) model to capture the user anonymity property and various SCA-WSN specific attacks (e.g., stolen smart card attacks, node capture attacks, privileged insider attacks, and stolen verifier attacks). PMID:25849359

A Comprehensive Review on Adaptability of Network Forensics Frameworks for Mobile Cloud Computing

PubMed Central

Abdul Wahab, Ainuddin Wahid; Han, Qi; Bin Abdul Rahman, Zulkanain

2014-01-01

Network forensics enables investigation and identification of network attacks through the retrieved digital content. The proliferation of smartphones and the cost-effective universal data access through cloud has made Mobile Cloud Computing (MCC) a congenital target for network attacks. However, confines in carrying out forensics in MCC is interrelated with the autonomous cloud hosting companies and their policies for restricted access to the digital content in the back-end cloud platforms. It implies that existing Network Forensic Frameworks (NFFs) have limited impact in the MCC paradigm. To this end, we qualitatively analyze the adaptability of existing NFFs when applied to the MCC. Explicitly, the fundamental mechanisms of NFFs are highlighted and then analyzed using the most relevant parameters. A classification is proposed to help understand the anatomy of existing NFFs. Subsequently, a comparison is given that explores the functional similarities and deviations among NFFs. The paper concludes by discussing research challenges for progressive network forensics in MCC. PMID:25097880

A comprehensive review on adaptability of network forensics frameworks for mobile cloud computing.

PubMed

Khan, Suleman; Shiraz, Muhammad; Wahab, Ainuddin Wahid Abdul; Gani, Abdullah; Han, Qi; Rahman, Zulkanain Bin Abdul

2014-01-01

Network forensics enables investigation and identification of network attacks through the retrieved digital content. The proliferation of smartphones and the cost-effective universal data access through cloud has made Mobile Cloud Computing (MCC) a congenital target for network attacks. However, confines in carrying out forensics in MCC is interrelated with the autonomous cloud hosting companies and their policies for restricted access to the digital content in the back-end cloud platforms. It implies that existing Network Forensic Frameworks (NFFs) have limited impact in the MCC paradigm. To this end, we qualitatively analyze the adaptability of existing NFFs when applied to the MCC. Explicitly, the fundamental mechanisms of NFFs are highlighted and then analyzed using the most relevant parameters. A classification is proposed to help understand the anatomy of existing NFFs. Subsequently, a comparison is given that explores the functional similarities and deviations among NFFs. The paper concludes by discussing research challenges for progressive network forensics in MCC.

Comparison between genetic algorithm and self organizing map to detect botnet network traffic

NASA Astrophysics Data System (ADS)

Yugandhara Prabhakar, Shinde; Parganiha, Pratishtha; Madhu Viswanatham, V.; Nirmala, M.

2017-11-01

In Cyber Security world the botnet attacks are increasing. To detect botnet is a challenging task. Botnet is a group of computers connected in a coordinated fashion to do malicious activities. Many techniques have been developed and used to detect and prevent botnet traffic and the attacks. In this paper, a comparative study is done on Genetic Algorithm (GA) and Self Organizing Map (SOM) to detect the botnet network traffic. Both are soft computing techniques and used in this paper as data analytics system. GA is based on natural evolution process and SOM is an Artificial Neural Network type, uses unsupervised learning techniques. SOM uses neurons and classifies the data according to the neurons. Sample of KDD99 dataset is used as input to GA and SOM.

A FORCEnet Framework for Analysis of Existing Naval C4I Architectures

DTIC Science & Technology

2003-06-01

best qualities of humans and computers. f. Information Weapons Information weapons integrate the use of military deception, psychological ...operations, to include electronic warfare, psychological operations, computer network attack, computer network defense, operations security, and military...F/A-18 ( ATARS /SHARP), S-3B (SSU), SH-60 LAMPS (HAWKLINK) and P-3C (AIP, Special Projects). CDL-N consists of two antennas (one meter diameter

SCODE: A Secure Coordination-Based Data Dissemination to Mobile Sinks in Sensor Networks

NASA Astrophysics Data System (ADS)

Hung, Lexuan; Lee, Sungyoung; Lee, Young-Koo; Lee, Heejo

For many sensor network applications such as military, homeland security, it is necessary for users (sinks) to access sensor networks while they are moving. However, sink mobility brings new challenges to secure routing in large-scale sensor networks. Mobile sinks have to constantly propagate their current location to all nodes, and these nodes need to exchange messages with each other so that the sensor network can establish and maintain a secure multi-hop path between a source node and a mobile sink. This causes significant computation and communication overhead for sensor nodes. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. In this paper, we propose a secure and energy-efficient data dissemination protocol — Secure COodination-based Data dissEmination (SCODE) — for mobile sinks in sensor networks. We take advantages of coordination networks (grid structure) based on Geographical Adaptive Fidelity (GAF) protocol to construct a secure and efficient routing path between sources and sinks. Our security analysis demonstrates that the proposed protocol can defend against common attacks in sensor network routing such as replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Our performance evaluation both in mathematical analysis and simulation shows that the SCODE significantly reduces communication overhead and energy consumption while the latency is similar compared with the existing routing protocols, and it always delivers more than 90 percentage of packets successfully.

On securing wireless sensor network--novel authentication scheme against DOS attacks.

PubMed

Raja, K Nirmal; Beno, M Marsaline

2014-10-01

Wireless sensor networks are generally deployed for collecting data from various environments. Several applications specific sensor network cryptography algorithms have been proposed in research. However WSN's has many constrictions, including low computation capability, less memory, limited energy resources, vulnerability to physical capture, which enforce unique security challenges needs to make a lot of improvements. This paper presents a novel security mechanism and algorithm for wireless sensor network security and also an application of this algorithm. The proposed scheme is given to strong authentication against Denial of Service Attacks (DOS). The scheme is simulated using network simulator2 (NS2). Then this scheme is analyzed based on the network packet delivery ratio and found that throughput has improved.

Identifying the Key Weaknesses in Network Security at Colleges.

ERIC Educational Resources Information Center

Olsen, Florence

2000-01-01

A new study identifies and ranks the 10 security gaps responsible for most outsider attacks on college computer networks. The list is intended to help campus system administrators establish priorities as they work to increase security. One network security expert urges that institutions utilize multiple security layers. (DB)

Defense Strategies for Asymmetric Networked Systems with Discrete Components.

PubMed

Rao, Nageswara S V; Ma, Chris Y T; Hausken, Kjell; He, Fei; Yau, David K Y; Zhuang, Jun

2018-05-03

We consider infrastructures consisting of a network of systems, each composed of discrete components. The network provides the vital connectivity between the systems and hence plays a critical, asymmetric role in the infrastructure operations. The individual components of the systems can be attacked by cyber and physical means and can be appropriately reinforced to withstand these attacks. We formulate the problem of ensuring the infrastructure performance as a game between an attacker and a provider, who choose the numbers of the components of the systems and network to attack and reinforce, respectively. The costs and benefits of attacks and reinforcements are characterized using the sum-form, product-form and composite utility functions, each composed of a survival probability term and a component cost term. We present a two-level characterization of the correlations within the infrastructure: (i) the aggregate failure correlation function specifies the infrastructure failure probability given the failure of an individual system or network, and (ii) the survival probabilities of the systems and network satisfy first-order differential conditions that capture the component-level correlations using multiplier functions. We derive Nash equilibrium conditions that provide expressions for individual system survival probabilities and also the expected infrastructure capacity specified by the total number of operational components. We apply these results to derive and analyze defense strategies for distributed cloud computing infrastructures using cyber-physical models.

Defense Strategies for Asymmetric Networked Systems with Discrete Components

PubMed Central

Rao, Nageswara S. V.; Ma, Chris Y. T.; Hausken, Kjell; He, Fei; Yau, David K. Y.

2018-01-01

We consider infrastructures consisting of a network of systems, each composed of discrete components. The network provides the vital connectivity between the systems and hence plays a critical, asymmetric role in the infrastructure operations. The individual components of the systems can be attacked by cyber and physical means and can be appropriately reinforced to withstand these attacks. We formulate the problem of ensuring the infrastructure performance as a game between an attacker and a provider, who choose the numbers of the components of the systems and network to attack and reinforce, respectively. The costs and benefits of attacks and reinforcements are characterized using the sum-form, product-form and composite utility functions, each composed of a survival probability term and a component cost term. We present a two-level characterization of the correlations within the infrastructure: (i) the aggregate failure correlation function specifies the infrastructure failure probability given the failure of an individual system or network, and (ii) the survival probabilities of the systems and network satisfy first-order differential conditions that capture the component-level correlations using multiplier functions. We derive Nash equilibrium conditions that provide expressions for individual system survival probabilities and also the expected infrastructure capacity specified by the total number of operational components. We apply these results to derive and analyze defense strategies for distributed cloud computing infrastructures using cyber-physical models. PMID:29751588

Simulations in Cyber-Security: A Review of Cognitive Modeling of Network Attackers, Defenders, and Users

PubMed Central

Veksler, Vladislav D.; Buchler, Norbou; Hoffman, Blaine E.; Cassenti, Daniel N.; Sample, Char; Sugrim, Shridat

2018-01-01

Computational models of cognitive processes may be employed in cyber-security tools, experiments, and simulations to address human agency and effective decision-making in keeping computational networks secure. Cognitive modeling can addresses multi-disciplinary cyber-security challenges requiring cross-cutting approaches over the human and computational sciences such as the following: (a) adversarial reasoning and behavioral game theory to predict attacker subjective utilities and decision likelihood distributions, (b) human factors of cyber tools to address human system integration challenges, estimation of defender cognitive states, and opportunities for automation, (c) dynamic simulations involving attacker, defender, and user models to enhance studies of cyber epidemiology and cyber hygiene, and (d) training effectiveness research and training scenarios to address human cyber-security performance, maturation of cyber-security skill sets, and effective decision-making. Models may be initially constructed at the group-level based on mean tendencies of each subject's subgroup, based on known statistics such as specific skill proficiencies, demographic characteristics, and cultural factors. For more precise and accurate predictions, cognitive models may be fine-tuned to each individual attacker, defender, or user profile, and updated over time (based on recorded behavior) via techniques such as model tracing and dynamic parameter fitting. PMID:29867661

Achieving network level privacy in Wireless Sensor Networks.

PubMed

Shaikh, Riaz Ahmed; Jameel, Hassan; d'Auriol, Brian J; Lee, Heejo; Lee, Sungyoung; Song, Young-Jae

2010-01-01

Full network level privacy has often been categorized into four sub-categories: Identity, Route, Location and Data privacy. Achieving full network level privacy is a critical and challenging problem due to the constraints imposed by the sensor nodes (e.g., energy, memory and computation power), sensor networks (e.g., mobility and topology) and QoS issues (e.g., packet reach-ability and timeliness). In this paper, we proposed two new identity, route and location privacy algorithms and data privacy mechanism that addresses this problem. The proposed solutions provide additional trustworthiness and reliability at modest cost of memory and energy. Also, we proved that our proposed solutions provide protection against various privacy disclosure attacks, such as eavesdropping and hop-by-hop trace back attacks.

Adaptive cyber-attack modeling system

NASA Astrophysics Data System (ADS)

Gonsalves, Paul G.; Dougherty, Edward T.

2006-05-01

The pervasiveness of software and networked information systems is evident across a broad spectrum of business and government sectors. Such reliance provides an ample opportunity not only for the nefarious exploits of lone wolf computer hackers, but for more systematic software attacks from organized entities. Much effort and focus has been placed on preventing and ameliorating network and OS attacks, a concomitant emphasis is required to address protection of mission critical software. Typical software protection technique and methodology evaluation and verification and validation (V&V) involves the use of a team of subject matter experts (SMEs) to mimic potential attackers or hackers. This manpower intensive, time-consuming, and potentially cost-prohibitive approach is not amenable to performing the necessary multiple non-subjective analyses required to support quantifying software protection levels. To facilitate the evaluation and V&V of software protection solutions, we have designed and developed a prototype adaptive cyber attack modeling system. Our approach integrates an off-line mechanism for rapid construction of Bayesian belief network (BN) attack models with an on-line model instantiation, adaptation and knowledge acquisition scheme. Off-line model construction is supported via a knowledge elicitation approach for identifying key domain requirements and a process for translating these requirements into a library of BN-based cyber-attack models. On-line attack modeling and knowledge acquisition is supported via BN evidence propagation and model parameter learning.

Optimal Resource Allocation in Electrical Network Defense

DOE Office of Scientific and Technical Information (OSTI.GOV)

Yao, Y; Edmunds, T; Papageorgiou, D

2004-01-15

Infrastructure networks supplying electricity, natural gas, water, and other commodities are at risk of disruption due to well-engineered and coordinated terrorist attacks. Countermeasures such as hardening targets, acquisition of spare critical components, and surveillance can be undertaken to detect and deter these attacks. Allocation of available countermeasures resources to sites or activities in a manner that maximizes their effectiveness is a challenging problem. This allocation must take into account the adversary's response after the countermeasure assets are in place and consequence mitigation measures the infrastructure operation can undertake after the attack. The adversary may simply switch strategies to avoid countermeasuresmore » when executing the attack. Stockpiling spares of critical energy infrastructure components has been identified as a key element of a grid infrastructure defense strategy in a recent National Academy of Sciences report [1]. Consider a scenario where an attacker attempts to interrupt the service of an electrical network by disabling some of its facilities while a defender wants to prevent or minimize the effectiveness of any attack. The interaction between the attacker and the defender can be described in three stages: (1) The defender deploys countermeasures, (2) The attacker disrupts the network, and (3) The defender responds to the attack by rerouting power to maintain service while trying to repair damage. In the first stage, the defender considers all possible attack scenarios and deploys countermeasures to defend against the worst scenarios. Countermeasures can include hardening targets, acquiring spare critical components, and installing surveillance devices. In the second stage, the attacker, with full knowledge of the deployed countermeasures, attempts to disable some nodes or links in the network to inflict the greatest loss on the defender. In the third stage, the defender re-dispatches power and restores disabled nodes or links to minimize the loss. The loss can be measured in costs, including the costs of using more expensive generators and the economic losses that can be attributed to loss of load. The defender's goal is to minimize the loss while the attacker wants to maximize it. Assuming some level of budget constraint, each side can only defend or attack a limited number of network elements. When an element is attacked, it is assumed that it will be totally disabled. It is assumed that when an element is defended it cannot be disabled, which may mean that it will be restored in a very short time after being attacked. The rest of the paper is organized as follows. Section 2 will briefly review literature related to multilevel programming and network defense. Section 3 presents a mathematical formulation of the electrical network defense problem. Section 4 describes the solution algorithms. Section 5 discusses computational results. Finally, Sec. 6 explores future research directions.« less

Research and application of ARP protocol vulnerability attack and defense technology based on trusted network

NASA Astrophysics Data System (ADS)

Xi, Huixing

2017-03-01

With the continuous development of network technology and the rapid spread of the Internet, computer networks have been around the world every corner. However, the network attacks frequently occur. The ARP protocol vulnerability is one of the most common vulnerabilities in the TCP / IP four-layer architecture. The network protocol vulnerabilities can lead to the intrusion and attack of the information system, and disable or disable the normal defense function of the system [1]. At present, ARP spoofing Trojans spread widely in the LAN, the network security to run a huge hidden danger, is the primary threat to LAN security. In this paper, the author summarizes the research status and the key technologies involved in ARP protocol, analyzes the formation mechanism of ARP protocol vulnerability, and analyzes the feasibility of the attack technique. Based on the summary of the common defensive methods, the advantages and disadvantages of each defense method. At the same time, the current defense method is improved, and the advantage of the improved defense algorithm is given. At the end of this paper, the appropriate test method is selected and the test environment is set up. Experiment and test are carried out for each proposed improved defense algorithm.

Security analysis and improvements of two-factor mutual authentication with key agreement in wireless sensor networks.

PubMed

Kim, Jiye; Lee, Donghoon; Jeon, Woongryul; Lee, Youngsook; Won, Dongho

2014-04-09

User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks). In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker's own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes.

Security Analysis and Improvements of Two-Factor Mutual Authentication with Key Agreement in Wireless Sensor Networks

PubMed Central

Kim, Jiye; Lee, Donghoon; Jeon, Woongryul; Lee, Youngsook; Won, Dongho

2014-01-01

User authentication and key management are two important security issues in WSNs (Wireless Sensor Networks). In WSNs, for some applications, the user needs to obtain real-time data directly from sensors and several user authentication schemes have been recently proposed for this case. We found that a two-factor mutual authentication scheme with key agreement in WSNs is vulnerable to gateway node bypassing attacks and user impersonation attacks using secret data stored in sensor nodes or an attacker's own smart card. In this paper, we propose an improved scheme to overcome these security weaknesses by storing secret data in unique ciphertext form in each node. In addition, our proposed scheme should provide not only security, but also efficiency since sensors in a WSN operate with resource constraints such as limited power, computation, and storage space. Therefore, we also analyze the performance of the proposed scheme by comparing its computation and communication costs with those of other schemes. PMID:24721764

Percolation and Reinforcement on Complex Networks

NASA Astrophysics Data System (ADS)

Yuan, Xin

Complex networks appear in almost every aspect of our daily life and are widely studied in the fields of physics, mathematics, finance, biology and computer science. This work utilizes percolation theory in statistical physics to explore the percolation properties of complex networks and develops a reinforcement scheme on improving network resilience. This dissertation covers two major parts of my Ph.D. research on complex networks: i) probe--in the context of both traditional percolation and k-core percolation--the resilience of complex networks with tunable degree distributions or directed dependency links under random, localized or targeted attacks; ii) develop and propose a reinforcement scheme to eradicate catastrophic collapses that occur very often in interdependent networks. We first use generating function and probabilistic methods to obtain analytical solutions to percolation properties of interest, such as the giant component size and the critical occupation probability. We study uncorrelated random networks with Poisson, bi-Poisson, power-law, and Kronecker-delta degree distributions and construct those networks which are based on the configuration model. The computer simulation results show remarkable agreement with theoretical predictions. We discover an increase of network robustness as the degree distribution broadens and a decrease of network robustness as directed dependency links come into play under random attacks. We also find that targeted attacks exert the biggest damage to the structure of both single and interdependent networks in k-core percolation. To strengthen the resilience of interdependent networks, we develop and propose a reinforcement strategy and obtain the critical amount of reinforced nodes analytically for interdependent Erdḧs-Renyi networks and numerically for scale-free and for random regular networks. Our mechanism leads to improvement of network stability of the West U.S. power grid. This dissertation provides us with a deeper understanding of the effects of structural features on network stability and fresher insights into designing resilient interdependent infrastructure networks.

Soft computing methods in design of superalloys

NASA Technical Reports Server (NTRS)

Cios, K. J.; Berke, L.; Vary, A.; Sharma, S.

1995-01-01

Soft computing techniques of neural networks and genetic algorithms are used in the design of superalloys. The cyclic oxidation attack parameter K(sub a), generated from tests at NASA Lewis Research Center, is modeled as a function of the superalloy chemistry and test temperature using a neural network. This model is then used in conjunction with a genetic algorithm to obtain an optimized superalloy composition resulting in low K(sub a) values.

Soft Computing Methods in Design of Superalloys

NASA Technical Reports Server (NTRS)

Cios, K. J.; Berke, L.; Vary, A.; Sharma, S.

1996-01-01

Soft computing techniques of neural networks and genetic algorithms are used in the design of superalloys. The cyclic oxidation attack parameter K(sub a), generated from tests at NASA Lewis Research Center, is modelled as a function of the superalloy chemistry and test temperature using a neural network. This model is then used in conjunction with a genetic algorithm to obtain an optimized superalloy composition resulting in low K(sub a) values.

Stuxnet, Schmitt Analysis, and the Cyber Use-of-Force Debate

DTIC Science & Technology

2012-01-01

demonstration during exercise Bold Alligator 2012 U . S . N av y (J os hu a J. W ah l) 46 JFQ / issue 67, 4 th quarter 2012 ndupress .ndu.edu...language; and Article 51’ s “armed attack ” threshold for self-defense actions. 18 Schmitt, “Computer Network Attack and the Use of Force,” 920. 19...sponsored cyber coercion. More importantly, the prospect of cyber attacks causing physical damage was largely theoretical.4 Beginning Stuxnet, Schmitt

Achieving Network Level Privacy in Wireless Sensor Networks†

PubMed Central

Shaikh, Riaz Ahmed; Jameel, Hassan; d’Auriol, Brian J.; Lee, Heejo; Lee, Sungyoung; Song, Young-Jae

2010-01-01

Full network level privacy has often been categorized into four sub-categories: Identity, Route, Location and Data privacy. Achieving full network level privacy is a critical and challenging problem due to the constraints imposed by the sensor nodes (e.g., energy, memory and computation power), sensor networks (e.g., mobility and topology) and QoS issues (e.g., packet reach-ability and timeliness). In this paper, we proposed two new identity, route and location privacy algorithms and data privacy mechanism that addresses this problem. The proposed solutions provide additional trustworthiness and reliability at modest cost of memory and energy. Also, we proved that our proposed solutions provide protection against various privacy disclosure attacks, such as eavesdropping and hop-by-hop trace back attacks. PMID:22294881

Multivariate analysis: A statistical approach for computations

NASA Astrophysics Data System (ADS)

Michu, Sachin; Kaushik, Vandana

2014-10-01

Multivariate analysis is a type of multivariate statistical approach commonly used in, automotive diagnosis, education evaluating clusters in finance etc and more recently in the health-related professions. The objective of the paper is to provide a detailed exploratory discussion about factor analysis (FA) in image retrieval method and correlation analysis (CA) of network traffic. Image retrieval methods aim to retrieve relevant images from a collected database, based on their content. The problem is made more difficult due to the high dimension of the variable space in which the images are represented. Multivariate correlation analysis proposes an anomaly detection and analysis method based on the correlation coefficient matrix. Anomaly behaviors in the network include the various attacks on the network like DDOs attacks and network scanning.

Defense strategies for asymmetric networked systems under composite utilities

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rao, Nageswara S.; Ma, Chris Y. T.; Hausken, Kjell

We consider an infrastructure of networked systems with discrete components that can be reinforced at certain costs to guard against attacks. The communications network plays a critical, asymmetric role of providing the vital connectivity between the systems. We characterize the correlations within this infrastructure at two levels using (a) aggregate failure correlation function that specifies the infrastructure failure probability giventhe failure of an individual system or network, and (b) first order differential conditions on system survival probabilities that characterize component-level correlations. We formulate an infrastructure survival game between an attacker and a provider, who attacks and reinforces individual components, respectively.more » They use the composite utility functions composed of a survival probability term and a cost term, and the previously studiedsum-form and product-form utility functions are their special cases. At Nash Equilibrium, we derive expressions for individual system survival probabilities and the expected total number of operational components. We apply and discuss these estimates for a simplified model of distributed cloud computing infrastructure« less

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing

PubMed Central

Měsíček, Libor; Choi, Jongsun

2018-01-01

Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients' biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely. PMID:29796233

A Study on Secure Medical-Contents Strategies with DRM Based on Cloud Computing.

PubMed

Ko, Hoon; Měsíček, Libor; Choi, Jongsun; Hwang, Seogchan

2018-01-01

Many hospitals and medical clinics have been using a wearable sensor in its health care system because the wearable sensor, which is able to measure the patients' biometric information, has been developed to analyze their patients remotely. The measured information is saved to a server in a medical center, and the server keeps the medical information, which also involves personal information, on a cloud system. The server and network devices are used by connecting each other, and sensitive medical records are dealt with remotely. However, these days, the attackers, who try to attack the server or the network systems, are increasing. In addition, the server and the network system have a weak protection and security policy against the attackers. In this paper, it is suggested that security compliance of medical contents should be followed to improve the level of security. As a result, the medical contents are kept safely.

Enhanced Two-Factor Authentication and Key Agreement Using Dynamic Identities in Wireless Sensor Networks.

PubMed

Chang, I-Pin; Lee, Tian-Fu; Lin, Tsung-Hung; Liu, Chuan-Ming

2015-11-30

Key agreements that use only password authentication are convenient in communication networks, but these key agreement schemes often fail to resist possible attacks, and therefore provide poor security compared with some other authentication schemes. To increase security, many authentication and key agreement schemes use smartcard authentication in addition to passwords. Thus, two-factor authentication and key agreement schemes using smartcards and passwords are widely adopted in many applications. Vaidya et al. recently presented a two-factor authentication and key agreement scheme for wireless sensor networks (WSNs). Kim et al. observed that the Vaidya et al. scheme fails to resist gateway node bypassing and user impersonation attacks, and then proposed an improved scheme for WSNs. This study analyzes the weaknesses of the two-factor authentication and key agreement scheme of Kim et al., which include vulnerability to impersonation attacks, lost smartcard attacks and man-in-the-middle attacks, violation of session key security, and failure to protect user privacy. An efficient and secure authentication and key agreement scheme for WSNs based on the scheme of Kim et al. is then proposed. The proposed scheme not only solves the weaknesses of previous approaches, but also increases security requirements while maintaining low computational cost.

Laboratory Experiments for Network Security Instruction

ERIC Educational Resources Information Center

Brustoloni, Jose Carlos

2006-01-01

We describe a sequence of five experiments on network security that cast students successively in the roles of computer user, programmer, and system administrator. Unlike experiments described in several previous papers, these experiments avoid placing students in the role of attacker. Each experiment starts with an in-class demonstration of an…

Realistic computer network simulation for network intrusion detection dataset generation

NASA Astrophysics Data System (ADS)

Payer, Garrett

2015-05-01

The KDD-99 Cup dataset is dead. While it can continue to be used as a toy example, the age of this dataset makes it all but useless for intrusion detection research and data mining. Many of the attacks used within the dataset are obsolete and do not reflect the features important for intrusion detection in today's networks. Creating a new dataset encompassing a large cross section of the attacks found on the Internet today could be useful, but would eventually fall to the same problem as the KDD-99 Cup; its usefulness would diminish after a period of time. To continue research into intrusion detection, the generation of new datasets needs to be as dynamic and as quick as the attacker. Simply examining existing network traffic and using domain experts such as intrusion analysts to label traffic is inefficient, expensive, and not scalable. The only viable methodology is simulation using technologies including virtualization, attack-toolsets such as Metasploit and Armitage, and sophisticated emulation of threat and user behavior. Simulating actual user behavior and network intrusion events dynamically not only allows researchers to vary scenarios quickly, but enables online testing of intrusion detection mechanisms by interacting with data as it is generated. As new threat behaviors are identified, they can be added to the simulation to make quicker determinations as to the effectiveness of existing and ongoing network intrusion technology, methodology and models.

Entering the Dragon’s Lair: Chinese Antiaccess Strategies and Their Implications for the United States

DTIC Science & Technology

2007-01-01

possible expansion of electronic warfare into outer space in future conflicts (Peng and Yao, 2001, p. 363): As a result of the continuous development of...information warfare units to develop viruses to attack enemy computer systems and networks .” Potential Effects of Chinese Antiaccess Measures 87...computers, enhanced user identi- fication measures, and monitoring of network activity. Given the possibility that China could nonetheless succeed in

Addressing Software Security

NASA Technical Reports Server (NTRS)

Bailey, Brandon

2015-01-01

Historically security within organizations was thought of as an IT function (web sites/servers, email, workstation patching, etc.) Threat landscape has evolved (Script Kiddies, Hackers, Advanced Persistent Threat (APT), Nation States, etc.) Attack surface has expanded -Networks interconnected!! Some security posture factors Network Layer (Routers, Firewalls, etc.) Computer Network Defense (IPS/IDS, Sensors, Continuous Monitoring, etc.) Industrial Control Systems (ICS) Software Security (COTS, FOSS, Custom, etc.)

Can the Analytical Hierarchy Process Model Be Effectively Applied in the Prioritization of Information Assurance Defense In-Depth Measures? --A Quantitative Study

ERIC Educational Resources Information Center

Alexander, Rodney T.

2017-01-01

Organizational computing devices are increasingly becoming targets of cyber-attacks, and organizations have become dependent on the safety and security of their computer networks and their organizational computing devices. Business and government often use defense in-depth information assurance measures such as firewalls, intrusion detection…

Have No PHEAR: Networks Without Identifiers

DTIC Science & Technology

2015-12-07

packet processing, cryptography , or other computationally intensive func- tionality is present. This prevents, e.g., SDN-based onion routing from being...client registration protocol uses public key cryptography in its identity verification handshake. An attacker could exploit this by continually...and M. K. Wright. Timing Attacks in Low-Latency Mix-Based Systems. In A. Juels, editor, Proceedings of Financial Cryptography (FC ’04), pages 251–265

Space War Meets Info War: The Integration of Space and Information Operations

DTIC Science & Technology

2000-04-01

spacelift, command and control of satellites, and surveillance and deconfliction of systems in space.” (4, xi) These operations provide the physical ...PSYOPS), electronic warfare (EW), physical attack/destruction, special information operations (SIO), and may include computer network attack. (3, viii... physical security, counter-deception, counter- propaganda, counter-intelligence, EW, and SIO. (3, viii) Information operations employ both lethal and non

Percolation of localized attack on isolated and interdependent random networks

NASA Astrophysics Data System (ADS)

Shao, Shuai; Huang, Xuqing; Stanley, H. Eugene; Havlin, Shlomo

2014-03-01

Percolation properties of isolated and interdependent random networks have been investigated extensively. The focus of these studies has been on random attacks where each node in network is attacked with the same probability or targeted attack where each node is attacked with a probability being a function of its centrality, such as degree. Here we discuss a new type of realistic attacks which we call a localized attack where a group of neighboring nodes in the networks are attacked. We attack a randomly chosen node, its neighbors, and its neighbor of neighbors and so on, until removing a fraction (1 - p) of the network. This type of attack reflects damages due to localized disasters, such as earthquakes, floods and war zones in real-world networks. We study, both analytically and by simulations the impact of localized attack on percolation properties of random networks with arbitrary degree distributions and discuss in detail random regular (RR) networks, Erdős-Rényi (ER) networks and scale-free (SF) networks. We extend and generalize our theoretical and simulation results of single isolated networks to networks formed of interdependent networks.

Game Theory for Proactive Dynamic Defense and Attack Mitigation in Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Letchford, Joshua

While there has been a great deal of security research focused on preventing attacks, there has been less work on how one should balance security and resilience investments. In this work we developed and evaluated models that captured both explicit defenses and other mitigations that reduce the impact of attacks. We examined these issues both in more broadly applicable general Stackelberg models and in more specific network and power grid settings. Finally, we compared these solutions to existing work in terms of both solution quality and computational overhead.

A Bitslice Implementation of Anderson's Attack on A5/1

NASA Astrophysics Data System (ADS)

Bulavintsev, Vadim; Semenov, Alexander; Zaikin, Oleg; Kochemazov, Stepan

2018-03-01

The A5/1 keystream generator is a part of Global System for Mobile Communications (GSM) protocol, employed in cellular networks all over the world. Its cryptographic resistance was extensively analyzed in dozens of papers. However, almost all corresponding methods either employ a specific hardware or require an extensive preprocessing stage and significant amounts of memory. In the present study, a bitslice variant of Anderson's Attack on A5/1 is implemented. It requires very little computer memory and no preprocessing. Moreover, the attack can be made even more efficient by harnessing the computing power of modern Graphics Processing Units (GPUs). As a result, using commonly available GPUs this method can quite efficiently recover the secret key using only 64 bits of keystream. To test the performance of the implementation, a volunteer computing project was launched. 10 instances of A5/1 cryptanalysis have been successfully solved in this project in a single week.

Novel mechanism of network protection against the new generation of cyber attacks

NASA Astrophysics Data System (ADS)

Milovanov, Alexander; Bukshpun, Leonid; Pradhan, Ranjit

2012-06-01

A new intelligent mechanism is presented to protect networks against the new generation of cyber attacks. This mechanism integrates TCP/UDP/IP protocol stack protection and attacker/intruder deception to eliminate existing TCP/UDP/IP protocol stack vulnerabilities. It allows to detect currently undetectable, highly distributed, low-frequency attacks such as distributed denial-of-service (DDoS) attacks, coordinated attacks, botnet, and stealth network reconnaissance. The mechanism also allows insulating attacker/intruder from the network and redirecting the attack to a simulated network acting as a decoy. As a result, network security personnel gain sufficient time to defend the network and collect the attack information. The presented approach can be incorporated into wireless or wired networks that require protection against known and the new generation of cyber attacks.

BaffleText: a Human Interactive Proof

NASA Astrophysics Data System (ADS)

Chew, Monica; Baird, Henry S.

2003-01-01

Internet services designed for human use are being abused by programs. We present a defense against such attacks in the form of a CAPTCHA (Completely Automatic Public Turing test to tell Computers and Humans Apart) that exploits the difference in ability between humans and machines in reading images of text. CAPTCHAs are a special case of 'human interactive proofs,' a broad class of security protocols that allow people to identify themselves over networks as members of given groups. We point out vulnerabilities of reading-based CAPTCHAs to dictionary and computer-vision attacks. We also draw on the literature on the psychophysics of human reading, which suggests fresh defenses available to CAPTCHAs. Motivated by these considerations, we propose BaffleText, a CAPTCHA which uses non-English pronounceable words to defend against dictionary attacks, and Gestalt-motivated image-masking degradations to defend against image restoration attacks. Experiments on human subjects confirm the human legibility and user acceptance of BaffleText images. We have found an image-complexity measure that correlates well with user acceptance and assists in engineering the generation of challenges to fit the ability gap. Recent computer-vision attacks, run independently by Mori and Jitendra, suggest that BaffleText is stronger than two existing CAPTCHAs.

Testing simple deceptive honeypot tools

NASA Astrophysics Data System (ADS)

Yahyaoui, Aymen; Rowe, Neil C.

2015-05-01

Deception can be a useful defensive technique against cyber-attacks; it has the advantage of unexpectedness to attackers and offers a variety of tactics. Honeypots are a good tool for deception. They act as decoy computers to confuse attackers and exhaust their time and resources. This work tested the effectiveness of two free honeypot tools in real networks by varying their location and virtualization, and the effects of adding more deception to them. We tested a Web honeypot tool, Glastopf and an SSH honeypot tool Kippo. We deployed the Web honeypot in both a residential network and our organization's network and as both real and virtual machines; the organization honeypot attracted more attackers starting in the third week. Results also showed that the virtual honeypots received attacks from more unique IP addresses. They also showed that adding deception to the Web honeypot, in the form of additional linked Web pages and interactive features, generated more interest by attackers. For the purpose of comparison, we used examined log files of a legitimate Web-site www.cmand.org. The traffic distributions for the Web honeypot and the legitimate Web site showed similarities (with much malicious traffic from Brazil), but the SSH honeypot was different (with much malicious traffic from China). Contrary to previous experiments where traffic to static honeypots decreased quickly, our honeypots received increasing traffic over a period of three months. It appears that both honeypot tools are useful for providing intelligence about cyber-attack methods, and that additional deception is helpful.

Identifying and tracking attacks on networks: C3I displays and related technologies

NASA Astrophysics Data System (ADS)

Manes, Gavin W.; Dawkins, J.; Shenoi, Sujeet; Hale, John C.

2003-09-01

Converged network security is extremely challenging for several reasons; expanded system and technology perimeters, unexpected feature interaction, and complex interfaces all conspire to provide hackers with greater opportunities for compromising large networks. Preventive security services and architectures are essential, but in and of themselves do not eliminate all threat of compromise. Attack management systems mitigate this residual risk by facilitating incident detection, analysis and response. There are a wealth of attack detection and response tools for IP networks, but a dearth of such tools for wireless and public telephone networks. Moreover, methodologies and formalisms have yet to be identified that can yield a common model for vulnerabilities and attacks in converged networks. A comprehensive attack management system must coordinate detection tools for converged networks, derive fully-integrated attack and network models, perform vulnerability and multi-stage attack analysis, support large-scale attack visualization, and orchestrate strategic responses to cyber attacks that cross network boundaries. We present an architecture that embodies these principles for attack management. The attack management system described engages a suite of detection tools for various networking domains, feeding real-time attack data to a comprehensive modeling, analysis and visualization subsystem. The resulting early warning system not only provides network administrators with a heads-up cockpit display of their entire network, it also supports guided response and predictive capabilities for multi-stage attacks in converged networks.

Enhanced Two-Factor Authentication and Key Agreement Using Dynamic Identities in Wireless Sensor Networks

PubMed Central

Chang, I-Pin; Lee, Tian-Fu; Lin, Tsung-Hung; Liu, Chuan-Ming

2015-01-01

Key agreements that use only password authentication are convenient in communication networks, but these key agreement schemes often fail to resist possible attacks, and therefore provide poor security compared with some other authentication schemes. To increase security, many authentication and key agreement schemes use smartcard authentication in addition to passwords. Thus, two-factor authentication and key agreement schemes using smartcards and passwords are widely adopted in many applications. Vaidya et al. recently presented a two-factor authentication and key agreement scheme for wireless sensor networks (WSNs). Kim et al. observed that the Vaidya et al. scheme fails to resist gateway node bypassing and user impersonation attacks, and then proposed an improved scheme for WSNs. This study analyzes the weaknesses of the two-factor authentication and key agreement scheme of Kim et al., which include vulnerability to impersonation attacks, lost smartcard attacks and man-in-the-middle attacks, violation of session key security, and failure to protect user privacy. An efficient and secure authentication and key agreement scheme for WSNs based on the scheme of Kim et al. is then proposed. The proposed scheme not only solves the weaknesses of previous approaches, but also increases security requirements while maintaining low computational cost. PMID:26633396

2008 Defense Industrial Base Critical Infrastructure Protection Conference (DIB-CBIP)

DTIC Science & Technology

2008-04-09

a cloak -and- dagger thing. It’s about computer architecture and the soundness of electronic systems." Joel Brenner, ODNI Counterintelligence Office...to support advanced network exploitation and launch attacks on the informational and physical elements of our cyber infrastructure. In order to...entities and is vulnerable to attacks and manipulation. Operations in the cyber domain have the ability to impact operations in other war-fighting

Integrated situational awareness for cyber attack detection, analysis, and mitigation

NASA Astrophysics Data System (ADS)

Cheng, Yi; Sagduyu, Yalin; Deng, Julia; Li, Jason; Liu, Peng

2012-06-01

Real-time cyberspace situational awareness is critical for securing and protecting today's enterprise networks from various cyber threats. When a security incident occurs, network administrators and security analysts need to know what exactly has happened in the network, why it happened, and what actions or countermeasures should be taken to quickly mitigate the potential impacts. In this paper, we propose an integrated cyberspace situational awareness system for efficient cyber attack detection, analysis and mitigation in large-scale enterprise networks. Essentially, a cyberspace common operational picture will be developed, which is a multi-layer graphical model and can efficiently capture and represent the statuses, relationships, and interdependencies of various entities and elements within and among different levels of a network. Once shared among authorized users, this cyberspace common operational picture can provide an integrated view of the logical, physical, and cyber domains, and a unique visualization of disparate data sets to support decision makers. In addition, advanced analyses, such as Bayesian Network analysis, will be explored to address the information uncertainty, dynamic and complex cyber attack detection, and optimal impact mitigation issues. All the developed technologies will be further integrated into an automatic software toolkit to achieve near real-time cyberspace situational awareness and impact mitigation in large-scale computer networks.

A Mutual Authentication Framework for Wireless Medical Sensor Networks.

PubMed

Srinivas, Jangirala; Mishra, Dheerendra; Mukhopadhyay, Sourav

2017-05-01

Wireless medical sensor networks (WMSN) comprise of distributed sensors, which can sense human physiological signs and monitor the health condition of the patient. It is observed that providing privacy to the patient's data is an important issue and can be challenging. The information passing is done via the public channel in WMSN. Thus, the patient, sensitive information can be obtained by eavesdropping or by unauthorized use of handheld devices which the health professionals use in monitoring the patient. Therefore, there is an essential need of restricting the unauthorized access to the patient's medical information. Hence, the efficient authentication scheme for the healthcare applications is needed to preserve the privacy of the patients' vital signs. To ensure secure and authorized communication in WMSN, we design a symmetric key based authentication protocol for WMSN environment. The proposed protocol uses only computationally efficient operations to achieve lightweight attribute. We analyze the security of the proposed protocol. We use a formal security proof algorithm to show the scheme security against known attacks. We also use the Automated Validation of Internet Security Protocols and Applications (AVISPA) simulator to show protocol secure against man-in-the-middle attack and replay attack. Additionally, we adopt an informal analysis to discuss the key attributes of the proposed scheme. From the formal proof of security, we can see that an attacker has a negligible probability of breaking the protocol security. AVISPA simulator also demonstrates the proposed scheme security against active attacks, namely, man-in-the-middle attack and replay attack. Additionally, through the comparison of computational efficiency and security attributes with several recent results, proposed scheme seems to be battered.

Computer network defense through radial wave functions

NASA Astrophysics Data System (ADS)

Malloy, Ian J.

The purpose of this research is to synthesize basic and fundamental findings in quantum computing, as applied to the attack and defense of conventional computer networks. The concept focuses on uses of radio waves as a shield for, and attack against traditional computers. A logic bomb is analogous to a landmine in a computer network, and if one was to implement it as non-trivial mitigation, it will aid computer network defense. As has been seen in kinetic warfare, the use of landmines has been devastating to geopolitical regions in that they are severely difficult for a civilian to avoid triggering given the unknown position of a landmine. Thus, the importance of understanding a logic bomb is relevant and has corollaries to quantum mechanics as well. The research synthesizes quantum logic phase shifts in certain respects using the Dynamic Data Exchange protocol in software written for this work, as well as a C-NOT gate applied to a virtual quantum circuit environment by implementing a Quantum Fourier Transform. The research focus applies the principles of coherence and entanglement from quantum physics, the concept of expert systems in artificial intelligence, principles of prime number based cryptography with trapdoor functions, and modeling radio wave propagation against an event from unknown parameters. This comes as a program relying on the artificial intelligence concept of an expert system in conjunction with trigger events for a trapdoor function relying on infinite recursion, as well as system mechanics for elliptic curve cryptography along orbital angular momenta. Here trapdoor both denotes the form of cipher, as well as the implied relationship to logic bombs.

Phase-Space Detection of Cyber Events

DOE Office of Scientific and Technical Information (OSTI.GOV)

Hernandez Jimenez, Jarilyn M; Ferber, Aaron E; Prowell, Stacy J

Energy Delivery Systems (EDS) are a network of processes that produce, transfer and distribute energy. EDS are increasingly dependent on networked computing assets, as are many Industrial Control Systems. Consequently, cyber-attacks pose a real and pertinent threat, as evidenced by Stuxnet, Shamoon and Dragonfly. Hence, there is a critical need for novel methods to detect, prevent, and mitigate effects of such attacks. To detect cyber-attacks in EDS, we developed a framework for gathering and analyzing timing data that involves establishing a baseline execution profile and then capturing the effect of perturbations in the state from injecting various malware. The datamore » analysis was based on nonlinear dynamics and graph theory to improve detection of anomalous events in cyber applications. The goal was the extraction of changing dynamics or anomalous activity in the underlying computer system. Takens' theorem in nonlinear dynamics allows reconstruction of topologically invariant, time-delay-embedding states from the computer data in a sufficiently high-dimensional space. The resultant dynamical states were nodes, and the state-to-state transitions were links in a mathematical graph. Alternatively, sequential tabulation of executing instructions provides the nodes with corresponding instruction-to-instruction links. Graph theorems guarantee graph-invariant measures to quantify the dynamical changes in the running applications. Results showed a successful detection of cyber events.« less

1-RAAP: An Efficient 1-Round Anonymous Authentication Protocol for Wireless Body Area Networks

PubMed Central

Liu, Jingwei; Zhang, Lihuan; Sun, Rong

2016-01-01

Thanks to the rapid technological convergence of wireless communications, medical sensors and cloud computing, Wireless Body Area Networks (WBANs) have emerged as a novel networking paradigm enabling ubiquitous Internet services, allowing people to receive medical care, monitor health status in real-time, analyze sports data and even enjoy online entertainment remotely. However, because of the mobility and openness of wireless communications, WBANs are inevitably exposed to a large set of potential attacks, significantly undermining their utility and impeding their widespread deployment. To prevent attackers from threatening legitimate WBAN users or abusing WBAN services, an efficient and secure authentication protocol termed 1-Round Anonymous Authentication Protocol (1-RAAP) is proposed in this paper. In particular, 1-RAAP preserves anonymity, mutual authentication, non-repudiation and some other desirable security properties, while only requiring users to perform several low cost computational operations. More importantly, 1-RAAP is provably secure thanks to its design basis, which is resistant to the anonymous in the random oracle model. To validate the computational efficiency of 1-RAAP, a set of comprehensive comparative studies between 1-RAAP and other authentication protocols is conducted, and the results clearly show that 1-RAAP achieves the best performance in terms of computational overhead. PMID:27213384

1-RAAP: An Efficient 1-Round Anonymous Authentication Protocol for Wireless Body Area Networks.

PubMed

Liu, Jingwei; Zhang, Lihuan; Sun, Rong

2016-05-19

Thanks to the rapid technological convergence of wireless communications, medical sensors and cloud computing, Wireless Body Area Networks (WBANs) have emerged as a novel networking paradigm enabling ubiquitous Internet services, allowing people to receive medical care, monitor health status in real-time, analyze sports data and even enjoy online entertainment remotely. However, because of the mobility and openness of wireless communications, WBANs are inevitably exposed to a large set of potential attacks, significantly undermining their utility and impeding their widespread deployment. To prevent attackers from threatening legitimate WBAN users or abusing WBAN services, an efficient and secure authentication protocol termed 1-Round Anonymous Authentication Protocol (1-RAAP) is proposed in this paper. In particular, 1-RAAP preserves anonymity, mutual authentication, non-repudiation and some other desirable security properties, while only requiring users to perform several low cost computational operations. More importantly, 1-RAAP is provably secure thanks to its design basis, which is resistant to the anonymous in the random oracle model. To validate the computational efficiency of 1-RAAP, a set of comprehensive comparative studies between 1-RAAP and other authentication protocols is conducted, and the results clearly show that 1-RAAP achieves the best performance in terms of computational overhead.

Robustness analysis of interdependent networks under multiple-attacking strategies

NASA Astrophysics Data System (ADS)

Gao, Yan-Li; Chen, Shi-Ming; Nie, Sen; Ma, Fei; Guan, Jun-Jie

2018-04-01

The robustness of complex networks under attacks largely depends on the structure of a network and the nature of the attacks. Previous research on interdependent networks has focused on two types of initial attack: random attack and degree-based targeted attack. In this paper, a deliberate attack function is proposed, where six kinds of deliberate attacking strategies can be derived by adjusting the tunable parameters. Moreover, the robustness of four types of interdependent networks (BA-BA, ER-ER, BA-ER and ER-BA) with different coupling modes (random, positive and negative correlation) is evaluated under different attacking strategies. Interesting conclusions could be obtained. It can be found that the positive coupling mode can make the vulnerability of the interdependent network to be absolutely dependent on the most vulnerable sub-network under deliberate attacks, whereas random and negative coupling modes make the vulnerability of interdependent network to be mainly dependent on the being attacked sub-network. The robustness of interdependent network will be enhanced with the degree-degree correlation coefficient varying from positive to negative. Therefore, The negative coupling mode is relatively more optimal than others, which can substantially improve the robustness of the ER-ER network and ER-BA network. In terms of the attacking strategies on interdependent networks, the degree information of node is more valuable than the betweenness. In addition, we found a more efficient attacking strategy for each coupled interdependent network and proposed the corresponding protection strategy for suppressing cascading failure. Our results can be very useful for safety design and protection of interdependent networks.

Sequential defense against random and intentional attacks in complex networks.

PubMed

Chen, Pin-Yu; Cheng, Shin-Ming

2015-02-01

Network robustness against attacks is one of the most fundamental researches in network science as it is closely associated with the reliability and functionality of various networking paradigms. However, despite the study on intrinsic topological vulnerabilities to node removals, little is known on the network robustness when network defense mechanisms are implemented, especially for networked engineering systems equipped with detection capabilities. In this paper, a sequential defense mechanism is first proposed in complex networks for attack inference and vulnerability assessment, where the data fusion center sequentially infers the presence of an attack based on the binary attack status reported from the nodes in the network. The network robustness is evaluated in terms of the ability to identify the attack prior to network disruption under two major attack schemes, i.e., random and intentional attacks. We provide a parametric plug-in model for performance evaluation on the proposed mechanism and validate its effectiveness and reliability via canonical complex network models and real-world large-scale network topology. The results show that the sequential defense mechanism greatly improves the network robustness and mitigates the possibility of network disruption by acquiring limited attack status information from a small subset of nodes in the network.

Coordinated Displays to Assist Cyber Defenders

DTIC Science & Technology

2016-09-23

suspicious activity, such as the occurrence of a network event that is similar to a known attack signature, the system generates an alert which is then...presented to a human computer network defense analyst, or more succinctly, a network analyst, who must evaluate the veracity of that alert . To...display and select an alert to investigate further. Though alerts generally include some information about the nature of a potential threat, the

Attacks on public telephone networks: technologies and challenges

NASA Astrophysics Data System (ADS)

Kosloff, T.; Moore, Tyler; Keller, J.; Manes, Gavin W.; Shenoi, Sujeet

2003-09-01

Signaling System 7 (SS7) is vital to signaling and control in America's public telephone networks. This paper describes a class of attacks on SS7 networks involving the insertion of malicious signaling messages via compromised SS7 network components. Three attacks are discussed in detail: IAM flood attacks, redirection attacks and point code spoofing attacks. Depending on their scale of execution, these attacks can produce effects ranging from network congestion to service disruption. Methods for detecting these denial-of-service attacks and mitigating their effects are also presented.

A graph-based network-vulnerability analysis system

DOE Office of Scientific and Technical Information (OSTI.GOV)

Swiler, L.P.; Phillips, C.; Gaylor, T.

1998-05-03

This paper presents a graph based approach to network vulnerability analysis. The method is flexible, allowing analysis of attacks from both outside and inside the network. It can analyze risks to a specific network asset, or examine the universe of possible consequences following a successful attack. The analysis system requires as input a database of common attacks, broken into atomic steps, specific network configuration and topology information, and an attacker profile. The attack information is matched with the network configuration information and an attacker profile to create a superset attack graph. Nodes identify a stage of attack, for example themore » class of machines the attacker has accessed and the user privilege level he or she has compromised. The arcs in the attack graph represent attacks or stages of attacks. By assigning probabilities of success on the arcs or costs representing level of effort for the attacker, various graph algorithms such as shortest path algorithms can identify the attack paths with the highest probability of success.« less

A graph-based network-vulnerability analysis system

DOE Office of Scientific and Technical Information (OSTI.GOV)

Swiler, L.P.; Phillips, C.; Gaylor, T.

1998-01-01

This report presents a graph-based approach to network vulnerability analysis. The method is flexible, allowing analysis of attacks from both outside and inside the network. It can analyze risks to a specific network asset, or examine the universe of possible consequences following a successful attack. The analysis system requires as input a database of common attacks, broken into atomic steps, specific network configuration and topology information, and an attacker profile. The attack information is matched with the network configuration information and an attacker profile to create a superset attack graph. Nodes identify a stage of attack, for example the classmore » of machines the attacker has accessed and the user privilege level he or she has compromised. The arcs in the attack graph represent attacks or stages of attacks. By assigning probabilities of success on the arcs or costs representing level-of-effort for the attacker, various graph algorithms such as shortest-path algorithms can identify the attack paths with the highest probability of success.« less

Distributed denial of service (DDoS) attack in cloud- assisted wireless body area networks: a systematic literature review.

PubMed

Latif, Rabia; Abbas, Haider; Assar, Saïd

2014-11-01

Wireless Body Area Networks (WBANs) have emerged as a promising technology that has shown enormous potential in improving the quality of healthcare, and has thus found a broad range of medical applications from ubiquitous health monitoring to emergency medical response systems. The huge amount of highly sensitive data collected and generated by WBAN nodes requires an ascendable and secure storage and processing infrastructure. Given the limited resources of WBAN nodes for storage and processing, the integration of WBANs and cloud computing may provide a powerful solution. However, despite the benefits of cloud-assisted WBAN, several security issues and challenges remain. Among these, data availability is the most nagging security issue. The most serious threat to data availability is a distributed denial of service (DDoS) attack that directly affects the all-time availability of a patient's data. The existing solutions for standalone WBANs and sensor networks are not applicable in the cloud. The purpose of this review paper is to identify the most threatening types of DDoS attacks affecting the availability of a cloud-assisted WBAN and review the state-of-the-art detection mechanisms for the identified DDoS attacks.

Information Systems at Enterprise. Design of Secure Network of Enterprise

NASA Astrophysics Data System (ADS)

Saigushev, N. Y.; Mikhailova, U. V.; Vedeneeva, O. A.; Tsaran, A. A.

2018-05-01

No enterprise and company can do without designing its own corporate network in today's information society. It accelerates and facilitates the work of employees at any level, but contains a big threat to confidential information of the company. In addition to the data theft attackers, there are plenty of information threats posed by modern malware effects. In this regard, the computational security of corporate networks is an important component of modern information technologies of computer security for any enterprise. This article says about the design of the protected corporate network of the enterprise that provides the computers on the network access to the Internet, as well interoperability with the branch. The access speed to the Internet at a high level is provided through the use of high-speed access channels and load balancing between devices. The security of the designed network is performed through the use of VLAN technology as well as access lists and AAA server.

Using parallel evolutionary development for a biologically-inspired computer vision system for mobile robots.

PubMed

Wright, Cameron H G; Barrett, Steven F; Pack, Daniel J

2005-01-01

We describe a new approach to attacking the problem of robust computer vision for mobile robots. The overall strategy is to mimic the biological evolution of animal vision systems. Our basic imaging sensor is based upon the eye of the common house fly, Musca domestica. The computational algorithms are a mix of traditional image processing, subspace techniques, and multilayer neural networks.

Engaging the Nation’s Critical Infrastructure Sector to Deter Cyber Threats

DTIC Science & Technology

2013-03-01

is the component of CyberOps that extends cyber power beyond the defensive boundaries of the GIG to detect, deter, deny, and defeat adversaries... economy .16 DDOS attacks are based on multiple, malware infected personal computers, organized into networks called botnets, and are directed by...not condemn the actions of those involved. Of the two attacks on Estonia and Georgia, it was Estonia that had the greatest damage to its economy

Ten Tales of Betrayal: The Threat to Corporate Infrastructure by Information Technology Insiders Analysis and Observations

DTIC Science & Technology

2005-09-01

for traditional social networks. Often the computer is used to mediate their social interactions at work. This lack of social skills tends to...substance of the case narratives. These issue areas are: Subject and Attack Characteristics, Screening, Attack Detection, Organizational and Social ...strong relationship between personal stress as well as adverse social climates and the level of risk for systems abuse in any organization that relies

Offensive Cybersecurity in the NIST Cybersecurity Framework

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bulyk, Mykhaylo; Evans, Dr. Nathaniel

Government and corporate computer systems are attacked, networks are penetrated by hackers, and enterprises are protected by demilitarized zones. Language that until recently was used to describe security and warfare in military settings has now become common-place in cybersecurity discussions. The concepts of pre-emptive attack, counterattack and offensive defense fit the linguistic cultural thread of security in cyberspace, at least in part due to the taxonomy adopted by cybersecurity as a discipline.

Analysis on the University’s Network Security Level System in the Big Data Era

NASA Astrophysics Data System (ADS)

Li, Tianli

2017-12-01

The rapid development of science and technology, the continuous expansion of the scope of computer network applications, has gradually improved the social productive forces, has had a positive impact on the increase production efficiency and industrial scale of China's different industries. Combined with the actual application of computer network in the era of large data, we can see the existence of influencing factors such as network virus, hacker and other attack modes, threatening network security and posing a potential threat to the safe use of computer network in colleges and universities. In view of this unfavorable development situation, universities need to pay attention to the analysis of the situation of large data age, combined with the requirements of network security use, to build a reliable network space security system from the equipment, systems, data and other different levels. To avoid the security risks exist in the network. Based on this, this paper will analyze the hierarchical security system of cyberspace security in the era of large data.

Attack Methodology Analysis: Emerging Trends in Computer-Based Attack Methodologies and Their Applicability to Control System Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bri Rolston

2005-06-01

Threat characterization is a key component in evaluating the threat faced by control systems. Without a thorough understanding of the threat faced by critical infrastructure networks, adequate resources cannot be allocated or directed effectively to the defense of these systems. Traditional methods of threat analysis focus on identifying the capabilities and motivations of a specific attacker, assessing the value the adversary would place on targeted systems, and deploying defenses according to the threat posed by the potential adversary. Too many effective exploits and tools exist and are easily accessible to anyone with access to an Internet connection, minimal technical skills,more » and a significantly reduced motivational threshold to be able to narrow the field of potential adversaries effectively. Understanding how hackers evaluate new IT security research and incorporate significant new ideas into their own tools provides a means of anticipating how IT systems are most likely to be attacked in the future. This research, Attack Methodology Analysis (AMA), could supply pertinent information on how to detect and stop new types of attacks. Since the exploit methodologies and attack vectors developed in the general Information Technology (IT) arena can be converted for use against control system environments, assessing areas in which cutting edge exploit development and remediation techniques are occurring can provide significance intelligence for control system network exploitation, defense, and a means of assessing threat without identifying specific capabilities of individual opponents. Attack Methodology Analysis begins with the study of what exploit technology and attack methodologies are being developed in the Information Technology (IT) security research community within the black and white hat community. Once a solid understanding of the cutting edge security research is established, emerging trends in attack methodology can be identified and the gap between those threats and the defensive capabilities of control systems can be analyzed. The results of the gap analysis drive changes in the cyber security of critical infrastructure networks to close the gap between current exploits and existing defenses. The analysis also provides defenders with an idea of how threat technology is evolving and how defenses will need to be modified to address these emerging trends.« less

False Positive and False Negative Effects on Network Attacks

NASA Astrophysics Data System (ADS)

Shang, Yilun

2018-01-01

Robustness against attacks serves as evidence for complex network structures and failure mechanisms that lie behind them. Most often, due to detection capability limitation or good disguises, attacks on networks are subject to false positives and false negatives, meaning that functional nodes may be falsely regarded as compromised by the attacker and vice versa. In this work, we initiate a study of false positive/negative effects on network robustness against three fundamental types of attack strategies, namely, random attacks (RA), localized attacks (LA), and targeted attack (TA). By developing a general mathematical framework based upon the percolation model, we investigate analytically and by numerical simulations of attack robustness with false positive/negative rate (FPR/FNR) on three benchmark models including Erdős-Rényi (ER) networks, random regular (RR) networks, and scale-free (SF) networks. We show that ER networks are equivalently robust against RA and LA only when FPR equals zero or the initial network is intact. We find several interesting crossovers in RR and SF networks when FPR is taken into consideration. By defining the cost of attack, we observe diminishing marginal attack efficiency for RA, LA, and TA. Our finding highlights the potential risk of underestimating or ignoring FPR in understanding attack robustness. The results may provide insights into ways of enhancing robustness of network architecture and improve the level of protection of critical infrastructures.

An Enhanced Privacy-Preserving Authentication Scheme for Vehicle Sensor Networks.

PubMed

Zhou, Yousheng; Zhao, Xiaofeng; Jiang, Yi; Shang, Fengjun; Deng, Shaojiang; Wang, Xiaojun

2017-12-08

Vehicle sensor networks (VSNs) are ushering in a promising future by enabling more intelligent transportation systems and providing a more efficient driving experience. However, because of their inherent openness, VSNs are subject to a large number of potential security threats. Although various authentication schemes have been proposed for addressing security problems, they are not suitable for VSN applications because of their high computation and communication costs. Chuang and Lee have developed a trust-extended authentication mechanism (TEAM) for vehicle-to-vehicle communication using a transitive trust relationship, which they claim can resist various attacks. However, it fails to counter internal attacks because of the utilization of a shared secret key. In this paper, to eliminate the vulnerability of TEAM, an enhanced privacy-preserving authentication scheme for VSNs is constructed. The security of our proposed scheme is proven under the random oracle model based on the assumption of the computational Diffie-Hellman problem.

An Enhanced Privacy-Preserving Authentication Scheme for Vehicle Sensor Networks

PubMed Central

Zhou, Yousheng; Zhao, Xiaofeng; Jiang, Yi; Shang, Fengjun; Deng, Shaojiang; Wang, Xiaojun

2017-01-01

Vehicle sensor networks (VSNs) are ushering in a promising future by enabling more intelligent transportation systems and providing a more efficient driving experience. However, because of their inherent openness, VSNs are subject to a large number of potential security threats. Although various authentication schemes have been proposed for addressing security problems, they are not suitable for VSN applications because of their high computation and communication costs. Chuang and Lee have developed a trust-extended authentication mechanism (TEAM) for vehicle-to-vehicle communication using a transitive trust relationship, which they claim can resist various attacks. However, it fails to counter internal attacks because of the utilization of a shared secret key. In this paper, to eliminate the vulnerability of TEAM, an enhanced privacy-preserving authentication scheme for VSNs is constructed. The security of our proposed scheme is proven under the random oracle model based on the assumption of the computational Diffie–Hellman problem. PMID:29292792

Percolation of localized attack on complex networks

NASA Astrophysics Data System (ADS)

Shao, Shuai; Huang, Xuqing; Stanley, H. Eugene; Havlin, Shlomo

2015-02-01

The robustness of complex networks against node failure and malicious attack has been of interest for decades, while most of the research has focused on random attack or hub-targeted attack. In many real-world scenarios, however, attacks are neither random nor hub-targeted, but localized, where a group of neighboring nodes in a network are attacked and fail. In this paper we develop a percolation framework to analytically and numerically study the robustness of complex networks against such localized attack. In particular, we investigate this robustness in Erdős-Rényi networks, random-regular networks, and scale-free networks. Our results provide insight into how to better protect networks, enhance cybersecurity, and facilitate the design of more robust infrastructures.

Layered Location-Based Security Mechanism for Mobile Sensor Networks: Moving Security Areas.

PubMed

Wang, Ze; Zhang, Haijuan; Wu, Luqiang; Zhou, Chang

2015-09-25

Network security is one of the most important issues in mobile sensor networks (MSNs). Networks are particularly vulnerable in hostile environments because of many factors, such as uncertain mobility, limitations on computation, and the need for storage in mobile nodes. Though some location-based security mechanisms can resist some malicious attacks, they are only suitable for static networks and may sometimes require large amounts of storage. To solve these problems, using location information, which is one of the most important properties in outdoor wireless networks, a security mechanism called a moving security area (MSA) is proposed to resist malicious attacks by using mobile nodes' dynamic location-based keys. The security mechanism is layered by performing different detection schemes inside or outside the MSA. The location-based private keys will be updated only at the appropriate moments, considering the balance of cost and security performance. By transferring parts of the detection tasks from ordinary nodes to the sink node, the memory requirements are distributed to different entities to save limited energy.

High Assurance Control of Cyber-Physical Systems with Application to Unmanned Aircraft Systems

NASA Astrophysics Data System (ADS)

Kwon, Cheolhyeon

With recent progress in the networked embedded control technology, cyber attacks have become one of the major threats to Cyber-Physical Systems (CPSs) due to their close integration of physical processes, computational resources, and communication capabilities. While CPSs have various applications in both military and civilian uses, their on-board automation and communication afford significant advantages over a system without such abilities, but these benefits come at the cost of possible vulnerability to cyber attacks. Traditionally, most cyber security studies in CPSs are mainly based on the computer security perspective, focusing on issues such as the trustworthiness of data flow, without rigorously considering the system's physical processes such as real-time dynamic behaviors. While computer security components are key elements in the hardware/software layer, these methods alone are not sufficient for diagnosing the healthiness of the CPSs' physical behavior. In seeking to address this problem, this research work proposes a control theoretic perspective approach which can accurately represent the interactions between the physical behavior and the logical behavior (computing resources) of the CPS. Then a controls domain aspect is explored extending beyond just the logical process of the CPS to include the underlying physical behavior. This approach will allow the CPS whose physical operations are robust/resilient to the damage caused by cyber attacks, successfully complementing the existing CPS security architecture. It is important to note that traditional fault-tolerant/robust control methods could not be directly applicable to achieve resiliency against malicious cyber attacks which can be designed sophisticatedly to spoof the security/safety monitoring system (note this is different from common faults). Thus, security issues at this layer require different risk management to detect cyber attacks and mitigate their impact within the context of a unified physical and logical process model of the CPS. Specifically, three main tasks are discussed in this presentation: (i) we first investigate diverse granularity of the interactions inside the CPS and propose feasible cyber attack models to characterize the compromised behavior of the CPS with various measures, from its severity to detectability; (ii) based on this risk information, our approach to securing the CPS addresses both monitoring of and high assurance control design against cyber attacks by developing on-line safety assessment and mitigation algorithms; and (iii) by extending the developed theories and methods from a single CPS to multiple CPSs, we examine the security and safety of multi-CPS network that are strongly dependent on the network topology, cooperation protocols between individual CPSs, etc. The effectiveness of the analytical findings is demonstrated and validated with illustrative examples, especially unmanned aircraft system (UAS) applications.

Elliptic Curve Cryptography with Security System in Wireless Sensor Networks

NASA Astrophysics Data System (ADS)

Huang, Xu; Sharma, Dharmendra

2010-10-01

The rapid progress of wireless communications and embedded micro-electro-system technologies has made wireless sensor networks (WSN) very popular and even become part of our daily life. WSNs design are generally application driven, namely a particular application's requirements will determine how the network behaves. However, the natures of WSN have attracted increasing attention in recent years due to its linear scalability, a small software footprint, low hardware implementation cost, low bandwidth requirement, and high device performance. It is noted that today's software applications are mainly characterized by their component-based structures which are usually heterogeneous and distributed, including the WSNs. But WSNs typically need to configure themselves automatically and support as hoc routing. Agent technology provides a method for handling increasing software complexity and supporting rapid and accurate decision making. This paper based on our previous works [1, 2], three contributions have made, namely (a) fuzzy controller for dynamic slide window size to improve the performance of running ECC (b) first presented a hidden generation point for protection from man-in-the middle attack and (c) we first investigates multi-agent applying for key exchange together. Security systems have been drawing great attentions as cryptographic algorithms have gained popularity due to the natures that make them suitable for use in constrained environment such as mobile sensor information applications, where computing resources and power availability are limited. Elliptic curve cryptography (ECC) is one of high potential candidates for WSNs, which requires less computational power, communication bandwidth, and memory in comparison with other cryptosystem. For saving pre-computing storages recently there is a trend for the sensor networks that the sensor group leaders rather than sensors communicate to the end database, which highlighted the needs to prevent from the man-in-the middle attack. A designed a hidden generator point that offer a good protection from the man-in-the middle (MinM) attack which becomes one of major worries for the sensor's networks with multiagent system is also discussed.

Improving Remote Voting Security with CodeVoting

NASA Astrophysics Data System (ADS)

Joaquim, Rui; Ribeiro, Carlos; Ferreira, Paulo

One of the major problems that prevents the spread of elections with the possibility of remote voting over electronic networks, also called Internet Voting, is the use of unreliable client platforms, such as the voter's computer and the Internet infrastructure connecting it to the election server. A computer connected to the Internet is exposed to viruses, worms, Trojans, spyware, malware and other threats that can compromise the election's integrity. For instance, it is possible to write a virus that changes the voter's vote to a predetermined vote on election's day. Another possible attack is the creation of a fake election web site where the voter uses a malicious vote program on the web site that manipulates the voter's vote (phishing/pharming attack). Such attacks may not disturb the election protocol, therefore can remain undetected in the eyes of the election auditors.

TH-A-12A-01: Medical Physicist's Role in Digital Information Security: Threats, Vulnerabilities and Best Practices

DOE Office of Scientific and Technical Information (OSTI.GOV)

McDonald, K; Curran, B

I. Information Security Background (Speaker = Kevin McDonald) Evolution of Medical Devices Living and Working in a Hostile Environment Attack Motivations Attack Vectors Simple Safety Strategies Medical Device Security in the News Medical Devices and Vendors Summary II. Keeping Radiation Oncology IT Systems Secure (Speaker = Bruce Curran) Hardware Security Double-lock Requirements “Foreign” computer systems Portable Device Encryption Patient Data Storage System Requirements Network Configuration Isolating Critical Devices Isolating Clinical Networks Remote Access Considerations Software Applications / Configuration Passwords / Screen Savers Restricted Services / access Software Configuration Restriction Use of DNS to restrict accesse. Patches / Upgrades Awareness Intrusionmore » Prevention Intrusion Detection Threat Risk Analysis Conclusion Learning Objectives: Understanding how Hospital IT Requirements affect Radiation Oncology IT Systems. Illustrating sample practices for hardware, network, and software security. Discussing implementation of good IT security practices in radiation oncology. Understand overall risk and threats scenario in a networked environment.« less

Robustness of non-interdependent and interdependent networks against dependent and adaptive attacks

NASA Astrophysics Data System (ADS)

Tyra, Adam; Li, Jingtao; Shang, Yilun; Jiang, Shuo; Zhao, Yanjun; Xu, Shouhuai

2017-09-01

Robustness of complex networks has been extensively studied via the notion of site percolation, which typically models independent and non-adaptive attacks (or disruptions). However, real-life attacks are often dependent and/or adaptive. This motivates us to characterize the robustness of complex networks, including non-interdependent and interdependent ones, against dependent and adaptive attacks. For this purpose, dependent attacks are accommodated by L-hop percolation where the nodes within some L-hop (L ≥ 0) distance of a chosen node are all deleted during one attack (with L = 0 degenerating to site percolation). Whereas, adaptive attacks are launched by attackers who can make node-selection decisions based on the network state in the beginning of each attack. The resulting characterization enriches the body of knowledge with new insights, such as: (i) the Achilles' Heel phenomenon is only valid for independent attacks, but not for dependent attacks; (ii) powerful attack strategies (e.g., targeted attacks and dependent attacks, dependent attacks and adaptive attacks) are not compatible and cannot help the attacker when used collectively. Our results shed some light on the design of robust complex networks.

A Novel Network Attack Audit System based on Multi-Agent Technology

NASA Astrophysics Data System (ADS)

Jianping, Wang; Min, Chen; Xianwen, Wu

A network attack audit system which includes network attack audit Agent, host audit Agent and management control center audit Agent is proposed. And the improved multi-agent technology is carried out in the network attack audit Agent which has achieved satisfactory audit results. The audit system in terms of network attack is just in-depth, and with the function improvement of network attack audit Agent, different attack will be better analyzed and audit. In addition, the management control center Agent should manage and analyze audit results from AA (or HA) and audit data on time. And the history files of network packets and host log data should also be audit to find deeper violations that cannot be found in real time.

AdaBoost-based algorithm for network intrusion detection.

PubMed

Hu, Weiming; Hu, Wei; Maybank, Steve

2008-04-01

Network intrusion detection aims at distinguishing the attacks on the Internet from normal use of the Internet. It is an indispensable part of the information security system. Due to the variety of network behaviors and the rapid development of attack fashions, it is necessary to develop fast machine-learning-based intrusion detection algorithms with high detection rates and low false-alarm rates. In this correspondence, we propose an intrusion detection algorithm based on the AdaBoost algorithm. In the algorithm, decision stumps are used as weak classifiers. The decision rules are provided for both categorical and continuous features. By combining the weak classifiers for continuous features and the weak classifiers for categorical features into a strong classifier, the relations between these two different types of features are handled naturally, without any forced conversions between continuous and categorical features. Adaptable initial weights and a simple strategy for avoiding overfitting are adopted to improve the performance of the algorithm. Experimental results show that our algorithm has low computational complexity and error rates, as compared with algorithms of higher computational complexity, as tested on the benchmark sample data.

Understanding of the Cyber Security and the Development of CAPTCHA

NASA Astrophysics Data System (ADS)

Yang, Yu

2018-04-01

CAPTCHA is the abbreviation of "Completely Automated Public Turing Test to Tell Computers and Humans Apart", which is a program algorithm for distinguishing between computers and humans. It is able to generate and evaluate tests that are easy for human to pass yet are not possible for computers to. Common CAPTCHA generally contains symbols, text, pictures, and even videos, which is mainly used for human-computer verification. With the popularization of the Internet and its related applications, many malicious attacks against websites, systems and servers gradually appear. Therefore, the research on CAPTCHA is especially important. This article will briefly summarize and introduce the existing CAPTCHA technology, and summarizes the common problems of network attacks and information security. After listing the common type of CAPTCHA, it will finally propose feasible suggestions for the development of CAPTCHA.

A graph-based system for network-vulnerability analysis

DOE Office of Scientific and Technical Information (OSTI.GOV)

Swiler, L.P.; Phillips, C.

1998-06-01

This paper presents a graph-based approach to network vulnerability analysis. The method is flexible, allowing analysis of attacks from both outside and inside the network. It can analyze risks to a specific network asset, or examine the universe of possible consequences following a successful attack. The graph-based tool can identify the set of attack paths that have a high probability of success (or a low effort cost) for the attacker. The system could be used to test the effectiveness of making configuration changes, implementing an intrusion detection system, etc. The analysis system requires as input a database of common attacks,more » broken into atomic steps, specific network configuration and topology information, and an attacker profile. The attack information is matched with the network configuration information and an attacker profile to create a superset attack graph. Nodes identify a stage of attack, for example the class of machines the attacker has accessed and the user privilege level he or she has compromised. The arcs in the attack graph represent attacks or stages of attacks. By assigning probabilities of success on the arcs or costs representing level-of-effort for the attacker, various graph algorithms such as shortest-path algorithms can identify the attack paths with the highest probability of success.« less

Detecting and Preventing Sybil Attacks in Wireless Sensor Networks Using Message Authentication and Passing Method.

PubMed

Dhamodharan, Udaya Suriya Raj Kumar; Vayanaperumal, Rajamani

2015-01-01

Wireless sensor networks are highly indispensable for securing network protection. Highly critical attacks of various kinds have been documented in wireless sensor network till now by many researchers. The Sybil attack is a massive destructive attack against the sensor network where numerous genuine identities with forged identities are used for getting an illegal entry into a network. Discerning the Sybil attack, sinkhole, and wormhole attack while multicasting is a tremendous job in wireless sensor network. Basically a Sybil attack means a node which pretends its identity to other nodes. Communication to an illegal node results in data loss and becomes dangerous in the network. The existing method Random Password Comparison has only a scheme which just verifies the node identities by analyzing the neighbors. A survey was done on a Sybil attack with the objective of resolving this problem. The survey has proposed a combined CAM-PVM (compare and match-position verification method) with MAP (message authentication and passing) for detecting, eliminating, and eventually preventing the entry of Sybil nodes in the network. We propose a scheme of assuring security for wireless sensor network, to deal with attacks of these kinds in unicasting and multicasting.

Detecting and Preventing Sybil Attacks in Wireless Sensor Networks Using Message Authentication and Passing Method

PubMed Central

Dhamodharan, Udaya Suriya Raj Kumar; Vayanaperumal, Rajamani

2015-01-01

Wireless sensor networks are highly indispensable for securing network protection. Highly critical attacks of various kinds have been documented in wireless sensor network till now by many researchers. The Sybil attack is a massive destructive attack against the sensor network where numerous genuine identities with forged identities are used for getting an illegal entry into a network. Discerning the Sybil attack, sinkhole, and wormhole attack while multicasting is a tremendous job in wireless sensor network. Basically a Sybil attack means a node which pretends its identity to other nodes. Communication to an illegal node results in data loss and becomes dangerous in the network. The existing method Random Password Comparison has only a scheme which just verifies the node identities by analyzing the neighbors. A survey was done on a Sybil attack with the objective of resolving this problem. The survey has proposed a combined CAM-PVM (compare and match-position verification method) with MAP (message authentication and passing) for detecting, eliminating, and eventually preventing the entry of Sybil nodes in the network. We propose a scheme of assuring security for wireless sensor network, to deal with attacks of these kinds in unicasting and multicasting. PMID:26236773

Formal Methods for Information Protection Technology. Task 2: Mathematical Foundations, Architecture and Principles of Implementation of Multi-Agent Learning Components for Attack Detection in Computer Networks. Part 2

DTIC Science & Technology

2003-11-01

Lafayette, IN 47907. [Lane et al-97b] T. Lane and C . E. Brodley. Sequence matching and learning in anomaly detection for computer security. Proceedings of...Mining, pp 259-263. 1998. [Lane et al-98b] T. Lane and C . E. Brodley. Temporal sequence learning and data reduction for anomaly detection ...W. Lee, C . Park, and S. Stolfo. Towards Automatic Intrusion Detection using NFR. 1st USENIX Workshop on Intrusion Detection and Network Monitoring

The robustness of multiplex networks under layer node-based attack

PubMed Central

Zhao, Da-wei; Wang, Lian-hai; Zhi, Yong-feng; Zhang, Jun; Wang, Zhen

2016-01-01

From transportation networks to complex infrastructures, and to social and economic networks, a large variety of systems can be described in terms of multiplex networks formed by a set of nodes interacting through different network layers. Network robustness, as one of the most successful application areas of complex networks, has attracted great interest in a myriad of research realms. In this regard, how multiplex networks respond to potential attack is still an open issue. Here we study the robustness of multiplex networks under layer node-based random or targeted attack, which means that nodes just suffer attacks in a given layer yet no additional influence to their connections beyond this layer. A theoretical analysis framework is proposed to calculate the critical threshold and the size of giant component of multiplex networks when nodes are removed randomly or intentionally. Via numerous simulations, it is unveiled that the theoretical method can accurately predict the threshold and the size of giant component, irrespective of attack strategies. Moreover, we also compare the robustness of multiplex networks under multiplex node-based attack and layer node-based attack, and find that layer node-based attack makes multiplex networks more vulnerable, regardless of average degree and underlying topology. PMID:27075870

The robustness of multiplex networks under layer node-based attack.

PubMed

Zhao, Da-wei; Wang, Lian-hai; Zhi, Yong-feng; Zhang, Jun; Wang, Zhen

2016-04-14

From transportation networks to complex infrastructures, and to social and economic networks, a large variety of systems can be described in terms of multiplex networks formed by a set of nodes interacting through different network layers. Network robustness, as one of the most successful application areas of complex networks, has attracted great interest in a myriad of research realms. In this regard, how multiplex networks respond to potential attack is still an open issue. Here we study the robustness of multiplex networks under layer node-based random or targeted attack, which means that nodes just suffer attacks in a given layer yet no additional influence to their connections beyond this layer. A theoretical analysis framework is proposed to calculate the critical threshold and the size of giant component of multiplex networks when nodes are removed randomly or intentionally. Via numerous simulations, it is unveiled that the theoretical method can accurately predict the threshold and the size of giant component, irrespective of attack strategies. Moreover, we also compare the robustness of multiplex networks under multiplex node-based attack and layer node-based attack, and find that layer node-based attack makes multiplex networks more vulnerable, regardless of average degree and underlying topology.

R&D100 Finalist: Neuromorphic Cyber Microscope

DOE Office of Scientific and Technical Information (OSTI.GOV)

Follett, David; Naegle, John; Suppona, Roger

The Neuromorphic Cyber Microscope provides security analysts with unprecedented visibility of their network, computer and storage assets. This processor is the world's first practical implementation of neuromorphic technology to a major computer science mission. Working with Lewis Rhodes Labs, engineers at Sandia National Laboratories have created a device that is orders of magnitude faster at analyzing data to identify cyber-attacks.

Network Security Risk Assessment System Based on Attack Graph and Markov Chain

NASA Astrophysics Data System (ADS)

Sun, Fuxiong; Pi, Juntao; Lv, Jin; Cao, Tian

2017-10-01

Network security risk assessment technology can be found in advance of the network problems and related vulnerabilities, it has become an important means to solve the problem of network security. Based on attack graph and Markov chain, this paper provides a Network Security Risk Assessment Model (NSRAM). Based on the network infiltration tests, NSRAM generates the attack graph by the breadth traversal algorithm. Combines with the international standard CVSS, the attack probability of atomic nodes are counted, and then the attack transition probabilities of ones are calculated by Markov chain. NSRAM selects the optimal attack path after comprehensive measurement to assessment network security risk. The simulation results show that NSRAM can reflect the actual situation of network security objectively.

Design and implementation of dynamic hybrid Honeypot network

NASA Astrophysics Data System (ADS)

Qiao, Peili; Hu, Shan-Shan; Zhai, Ji-Qiang

2013-05-01

The method of constructing a dynamic and self-adaptive virtual network is suggested to puzzle adversaries, delay and divert attacks, exhaust attacker resources and collect attacking information. The concepts of Honeypot and Honeyd, which is the frame of virtual Honeypot are introduced. The techniques of network scanning including active fingerprint recognition are analyzed. Dynamic virtual network system is designed and implemented. A virtual network similar to real network topology is built according to the collected messages from real environments in this system. By doing this, the system can perplex the attackers when Hackers attack and can further analyze and research the attacks. The tests to this system prove that this design can successfully simulate real network environment and can be used in network security analysis.

Kinome-wide Decoding of Network-Attacking Mutations Rewiring Cancer Signaling

PubMed Central

Creixell, Pau; Schoof, Erwin M.; Simpson, Craig D.; Longden, James; Miller, Chad J.; Lou, Hua Jane; Perryman, Lara; Cox, Thomas R.; Zivanovic, Nevena; Palmeri, Antonio; Wesolowska-Andersen, Agata; Helmer-Citterich, Manuela; Ferkinghoff-Borg, Jesper; Itamochi, Hiroaki; Bodenmiller, Bernd; Erler, Janine T.; Turk, Benjamin E.; Linding, Rune

2015-01-01

Summary Cancer cells acquire pathological phenotypes through accumulation of mutations that perturb signaling networks. However, global analysis of these events is currently limited. Here, we identify six types of network-attacking mutations (NAMs), including changes in kinase and SH2 modulation, network rewiring, and the genesis and extinction of phosphorylation sites. We developed a computational platform (ReKINect) to identify NAMs and systematically interpreted the exomes and quantitative (phospho-)proteomes of five ovarian cancer cell lines and the global cancer genome repository. We identified and experimentally validated several NAMs, including PKCγ M501I and PKD1 D665N, which encode specificity switches analogous to the appearance of kinases de novo within the kinome. We discover mutant molecular logic gates, a drift toward phospho-threonine signaling, weakening of phosphorylation motifs, and kinase-inactivating hotspots in cancer. Our method pinpoints functional NAMs, scales with the complexity of cancer genomes and cell signaling, and may enhance our capability to therapeutically target tumor-specific networks. PMID:26388441

DHCP Origin Traceback

NASA Astrophysics Data System (ADS)

Majumdar, Saugat; Kulkarni, Dhananjay; Ravishankar, Chinya V.

Imagine that the DHCP server is under attack from malicious hosts in your network. How would you know where these DHCP packets are coming from, or which path they took in the network? This paper investigates the problem of determining the origin of a DHCP packet in a network. We propose a practical method for adding a new option field that does not violate any RFC's, which we believe should be a crucial requirement while proposing any related solution. The new DHCP option will contain the ingress port and the switch MAC address. We recommend that this new option be added at the edge so that we can use the recorded value for performing traceback. The computational overhead of our solution is low, and the related network management tasks are low as well. We also address issues related to securing the field in order to maintain privacy of switch MAC addresses, fragmentation of packets, and possible attack scenarios. Our study shows that the traceback scheme is effective and practical to use in most network environments.

A Comparative Study of Unsupervised Anomaly Detection Techniques Using Honeypot Data

NASA Astrophysics Data System (ADS)

Song, Jungsuk; Takakura, Hiroki; Okabe, Yasuo; Inoue, Daisuke; Eto, Masashi; Nakao, Koji

Intrusion Detection Systems (IDS) have been received considerable attention among the network security researchers as one of the most promising countermeasures to defend our crucial computer systems or networks against attackers on the Internet. Over the past few years, many machine learning techniques have been applied to IDSs so as to improve their performance and to construct them with low cost and effort. Especially, unsupervised anomaly detection techniques have a significant advantage in their capability to identify unforeseen attacks, i.e., 0-day attacks, and to build intrusion detection models without any labeled (i.e., pre-classified) training data in an automated manner. In this paper, we conduct a set of experiments to evaluate and analyze performance of the major unsupervised anomaly detection techniques using real traffic data which are obtained at our honeypots deployed inside and outside of the campus network of Kyoto University, and using various evaluation criteria, i.e., performance evaluation by similarity measurements and the size of training data, overall performance, detection ability for unknown attacks, and time complexity. Our experimental results give some practical and useful guidelines to IDS researchers and operators, so that they can acquire insight to apply these techniques to the area of intrusion detection, and devise more effective intrusion detection models.

A Graph Analytic Metric for Mitigating Advanced Persistent Threat

DOE Office of Scientific and Technical Information (OSTI.GOV)

Johnson, John R.; Hogan, Emilie A.

2013-06-04

This paper introduces a novel graph analytic metric that can be used to measure the potential vulnerability of a cyber network to specific types of attacks that use lateral movement and privilege escalation such as the well known Pass The Hash, (PTH). The metric is computed from an oriented subgraph of the underlying cyber network induced by selecting only those edges for which a given property holds between the two vertices of the edge. The metric with respect to a select node on the subgraph is defined as the likelihood that the select node is reachable from another arbitrary nodemore » in the graph. This metric can be calculated dynamically from the authorization and auditing layers during the network security authorization phase and will potentially enable predictive deterrence against attacks such as PTH.« less

FORENSIC ANALYSIS OF WINDOW’S® VIRTUAL MEMORY INCORPORATING THE SYSTEM’S PAGEFILE COUNTERINTELLIGENCE THROUGH MALICIOUS CODE ANALYSIS

DOE Office of Scientific and Technical Information (OSTI.GOV)

Jared Stimson

FORENSIC ANALYSIS OF WINDOW’S® VIRTUAL MEMORY INCORPORATING THE SYSTEM’S PAGEFILE Computer Forensics is concerned with the use of computer investigation and analysis techniques in order to collect evidence suitable for presentation in court. The examination of volatile memory is a relatively new but important area in computer forensics. More recently criminals are becoming more forensically aware and are now able to compromise computers without accessing the hard disk of the target computer. This means that traditional incident response practice of pulling the plug will destroy the only evidence of the crime. While some techniques are available for acquiring the contentsmore » of main memory, few exist which can analyze these data in a meaningful way. One reason for this is how memory is managed by the operating system. Data belonging to one process can be distributed arbitrarily across physical memory or the hard disk, making it very difficult to recover useful information. This report will focus on how these disparate sources of information can be combined to give a single, contiguous address space for each process. Using address translation a tool is developed to reconstruct the virtual address space of a process by combining a physical memory dump with the page-file on the hard disk. COUNTERINTELLIGENCE THROUGH MALICIOUS CODE ANALYSIS As computer network technology continues to grow so does the reliance on this technology for everyday business functionality. To appeal to customers and employees alike, businesses are seeking an increased online prescience, and to increase productivity the same businesses are computerizing their day-to-day operations. The combination of a publicly accessible interface to the businesses network, and the increase in the amount of intellectual property present on these networks presents serious risks. All of this intellectual property now faces constant attacks from a wide variety of malicious software that is intended to uncover company and government secrets. Every year billions of dollars are invested in preventing and recovering from the introduction of malicious code into a system. However, there is little research being done on leveraging these attacks for counterintelligence opportunities. With the ever-increasing number of vulnerable computers on the Internet the task of attributing these attacks to an organization or a single person is a daunting one. This thesis will demonstrate the idea of intentionally running a piece of malicious code in a secure environment in order to gain counterintelligence on an attacker.« less

Secure Data Aggregation in Wireless Sensor Network-Fujisaki Okamoto(FO) Authentication Scheme against Sybil Attack.

PubMed

Nirmal Raja, K; Maraline Beno, M

2017-07-01

In the wireless sensor network(WSN) security is a major issue. There are several network security schemes proposed in research. In the network, malicious nodes obstruct the performance of the network. The network can be vulnerable by Sybil attack. When a node illicitly assertions multiple identities or claims fake IDs, the WSN grieves from an attack named Sybil attack. This attack threatens wireless sensor network in data aggregation, synchronizing system, routing, fair resource allocation and misbehavior detection. Henceforth, the research is carried out to prevent the Sybil attack and increase the performance of the network. This paper presents the novel security mechanism and Fujisaki Okamoto algorithm and also application of the work. The Fujisaki-Okamoto (FO) algorithm is ID based cryptographic scheme and gives strong authentication against Sybil attack. By using Network simulator2 (NS2) the scheme is simulated. In this proposed scheme broadcasting key, time taken for different key sizes, energy consumption, Packet delivery ratio, Throughput were analyzed.

Novel technology for enhanced security and trust in communication networks

NASA Astrophysics Data System (ADS)

Milovanov, Alexander; Bukshpun, Leonid; Pradhan, Ranjit; Jannson, Tomasz

2011-06-01

A novel technology that significantly enhances security and trust in wireless and wired communication networks has been developed. It is based on integration of a novel encryption mechanism and novel data packet structure with enhanced security tools. This novel data packet structure results in an unprecedented level of security and trust, while at the same time reducing power consumption and computing/communication overhead in networks. As a result, networks are provided with protection against intrusion, exploitation, and cyber attacks and posses self-building, self-awareness, self-configuring, self-healing, and self-protecting intelligence.

A Learning System for Discriminating Variants of Malicious Network Traffic

DOE Office of Scientific and Technical Information (OSTI.GOV)

Beaver, Justin M; Symons, Christopher T; Gillen, Rob

Modern computer network defense systems rely primarily on signature-based intrusion detection tools, which generate alerts when patterns that are pre-determined to be malicious are encountered in network data streams. Signatures are created reactively, and only after in-depth manual analysis of a network intrusion. There is little ability for signature-based detectors to identify intrusions that are new or even variants of an existing attack, and little ability to adapt the detectors to the patterns unique to a network environment. Due to these limitations, the need exists for network intrusion detection techniques that can more comprehensively address both known unknown networkbased attacksmore » and can be optimized for the target environment. This work describes a system that leverages machine learning to provide a network intrusion detection capability that analyzes behaviors in channels of communication between individual computers. Using examples of malicious and non-malicious traffic in the target environment, the system can be trained to discriminate between traffic types. The machine learning provides insight that would be difficult for a human to explicitly code as a signature because it evaluates many interdependent metrics simultaneously. With this approach, zero day detection is possible by focusing on similarity to known traffic types rather than mining for specific bit patterns or conditions. This also reduces the burden on organizations to account for all possible attack variant combinations through signatures. The approach is presented along with results from a third-party evaluation of its performance.« less

76 FR 58466 - Models To Advance Voluntary Corporate Notification to Consumers Regarding the Illicit Use of...

Federal Register 2010, 2011, 2012, 2013, 2014

2011-09-21

...The U.S. Department of Commerce and U.S. Department of Homeland Security are requesting information on the requirements of, and possible approaches to creating, a voluntary industry code of conduct to address the detection, notification and mitigation of botnets.\\1\\ Over the past several years, botnets have increasingly put computer owners at risk. A botnet infection can lead to the monitoring of a consumer's personal information and communication, and exploitation of that consumer's computing power and Internet access. Networks of these compromised computers are often used to disseminate spam, to store and transfer illegal content, and to attack the servers of government and private entities with massive, distributed denial of service attacks. The Departments seek public comment from all Internet stakeholders, including the commercial, academic, and civil society sectors, on potential models for detection, notification, prevention, and mitigation of botnets' illicit use of computer equipment. ---------------------------------------------------------------------------

Independent component analysis (ICA) and self-organizing map (SOM) approach to multidetection system for network intruders

NASA Astrophysics Data System (ADS)

Abdi, Abdi M.; Szu, Harold H.

2003-04-01

With the growing rate of interconnection among computer systems, network security is becoming a real challenge. Intrusion Detection System (IDS) is designed to protect the availability, confidentiality and integrity of critical network information systems. Today"s approach to network intrusion detection involves the use of rule-based expert systems to identify an indication of known attack or anomalies. However, these techniques are less successful in identifying today"s attacks. Hackers are perpetually inventing new and previously unanticipated techniques to compromise information infrastructure. This paper proposes a dynamic way of detecting network intruders on time serious data. The proposed approach consists of a two-step process. Firstly, obtaining an efficient multi-user detection method, employing the recently introduced complexity minimization approach as a generalization of a standard ICA. Secondly, we identified unsupervised learning neural network architecture based on Kohonen"s Self-Organizing Map for potential functional clustering. These two steps working together adaptively will provide a pseudo-real time novelty detection attribute to supplement the current intrusion detection statistical methodology.

Cyberspace and Posse Comitatus: Legal Implications of a Borderless Domain

DTIC Science & Technology

2010-03-01

technology infrastructures, including the Internet , telecommunications networks, computer systems, and embedded processors and controllers.” 9 This...the people, and stopped just short of shutting down economic markets . 2 Though never admitted, all indications point to a coordinated attack from...control orders transit many of the same, generally commercially-owned, routers, switches, computers, and wires, each with the goal of passing information

Deploying Crowd-Sourced Formal Verification Systems in a DoD Network

DTIC Science & Technology

2013-09-01

INTENTIONALLY LEFT BLANK 1 I. INTRODUCTION A. INTRODUCTION In 2014 cyber attacks on critical infrastructure are expected to increase...CSFV systems on the Internet‒‒possibly using cloud infrastructure (Dean, 2013). By using Amazon Compute Cloud (EC2) systems, DARPA will use ordinary...through standard access methods. Those clients could be mobile phones, laptops, netbooks, tablet computers or personal digital assistants (PDAs) (Smoot

SFTP: A Secure and Fault-Tolerant Paradigm against Blackhole Attack in MANET

NASA Astrophysics Data System (ADS)

KumarRout, Jitendra; Kumar Bhoi, Sourav; Kumar Panda, Sanjaya

2013-02-01

Security issues in MANET are a challenging task nowadays. MANETs are vulnerable to passive attacks and active attacks because of a limited number of resources and lack of centralized authority. Blackhole attack is an attack in network layer which degrade the network performance by dropping the packets. In this paper, we have proposed a Secure Fault-Tolerant Paradigm (SFTP) which checks the Blackhole attack in the network. The three phases used in SFTP algorithm are designing of coverage area to find the area of coverage, Network Connection algorithm to design a fault-tolerant model and Route Discovery algorithm to discover the route and data delivery from source to destination. SFTP gives better network performance by making the network fault free.

An Efficient Identity-Based Key Management Scheme for Wireless Sensor Networks Using the Bloom Filter

PubMed Central

Qin, Zhongyuan; Zhang, Xinshuai; Feng, Kerong; Zhang, Qunfang; Huang, Jie

2014-01-01

With the rapid development and widespread adoption of wireless sensor networks (WSNs), security has become an increasingly prominent problem. How to establish a session key in node communication is a challenging task for WSNs. Considering the limitations in WSNs, such as low computing capacity, small memory, power supply limitations and price, we propose an efficient identity-based key management (IBKM) scheme, which exploits the Bloom filter to authenticate the communication sensor node with storage efficiency. The security analysis shows that IBKM can prevent several attacks effectively with acceptable computation and communication overhead. PMID:25264955

Percolation Features on Climate Network under Attacks of El Niño Events

NASA Astrophysics Data System (ADS)

Lu, Z.

2015-12-01

Percolation theory under different attacks is one of the main research areas in complex networks but never be applied to investigate climate network. In this study, for the first time we construct a climate network of surface air temperature field to analyze its percolation features. Here, we regard El Niño event as a kind of naturally attacks generated from Pacific Ocean to attack its upper climate network. We find that El Niño event leads an abrupt percolation phase transition to the climate network which makes it splitting and unstable suddenly. Comparing the results of the climate network under three different forms of attacks, including most connected attack (MA), localized attack (LA) and random attack (RA) respectively, it is found that both MA and LA lead first-order transition and RA leads second-order transition to the climate network. Furthermore, we find that most real attacks consist of all these three forms of attacks. With El Niño event emerging, the ratios of LA and MA increase and dominate the style of attack while RA decreasing. It means the percolation phase transition due to El Niño events is close to first-order transition mostly affected by LA and MA. Our research may help us further understand two questions from perspective of percolation on network: (1) Why not all warming in Pacific Ocean but El Niño events could affect the climate. (2) Why the climate affected by El Niño events changes abruptly.

A secure and efficient chaotic map-based authenticated key agreement scheme for telecare medicine information systems.

PubMed

Mishra, Dheerendra; Srinivas, Jangirala; Mukhopadhyay, Sourav

2014-10-01

Advancement in network technology provides new ways to utilize telecare medicine information systems (TMIS) for patient care. Although TMIS usually faces various attacks as the services are provided over the public network. Recently, Jiang et al. proposed a chaotic map-based remote user authentication scheme for TMIS. Their scheme has the merits of low cost and session key agreement using Chaos theory. It enhances the security of the system by resisting various attacks. In this paper, we analyze the security of Jiang et al.'s scheme and demonstrate that their scheme is vulnerable to denial of service attack. Moreover, we demonstrate flaws in password change phase of their scheme. Further, our aim is to propose a new chaos map-based anonymous user authentication scheme for TMIS to overcome the weaknesses of Jiang et al.'s scheme, while also retaining the original merits of their scheme. We also show that our scheme is secure against various known attacks including the attacks found in Jiang et al.'s scheme. The proposed scheme is comparable in terms of the communication and computational overheads with Jiang et al.'s scheme and other related existing schemes. Moreover, we demonstrate the validity of the proposed scheme through the BAN (Burrows, Abadi, and Needham) logic.

Anti-social networking: crowdsourcing and the cyber defence of national critical infrastructures.

PubMed

Johnson, Chris W

2014-01-01

We identify four roles that social networking plays in the 'attribution problem', which obscures whether or not cyber-attacks were state-sponsored. First, social networks motivate individuals to participate in Distributed Denial of Service attacks by providing malware and identifying potential targets. Second, attackers use an individual's social network to focus attacks, through spear phishing. Recipients are more likely to open infected attachments when they come from a trusted source. Third, social networking infrastructures create disposable architectures to coordinate attacks through command and control servers. The ubiquitous nature of these architectures makes it difficult to determine who owns and operates the servers. Finally, governments recruit anti-social criminal networks to launch attacks on third-party infrastructures using botnets. The closing sections identify a roadmap to increase resilience against the 'dark side' of social networking.

Terrorist Capabilities for Cyberattack: Overview and Policy Issues

DTIC Science & Technology

2007-01-22

originated in the United States and in China (although some of the attacks apparently only traversed through networks in China, casting some doubt on the...detection. CRS-21 86 Louise Shelly , Organized Crime, Cybercrime and Terrorism, Computer Crime Research Center, September 27, 2004, [http://www.crime

Theoretical and Experimental Investigation of Opinion Dynamics in Small Social Networks

DTIC Science & Technology

2016-07-01

Sciences, Social Informatics and Telecommunications Engineering 2013 96 M. Gabbay described. Section 4 illustrates the application of the methodology...group of cyber terrorists has already gained access to multiple computers. The attack will attempt to disrupt and destroy a large oil refinery; at

Simulation of Attacks for Security in Wireless Sensor Network.

PubMed

Diaz, Alvaro; Sanchez, Pablo

2016-11-18

The increasing complexity and low-power constraints of current Wireless Sensor Networks (WSN) require efficient methodologies for network simulation and embedded software performance analysis of nodes. In addition, security is also a very important feature that has to be addressed in most WSNs, since they may work with sensitive data and operate in hostile unattended environments. In this paper, a methodology for security analysis of Wireless Sensor Networks is presented. The methodology allows designing attack-aware embedded software/firmware or attack countermeasures to provide security in WSNs. The proposed methodology includes attacker modeling and attack simulation with performance analysis (node's software execution time and power consumption estimation). After an analysis of different WSN attack types, an attacker model is proposed. This model defines three different types of attackers that can emulate most WSN attacks. In addition, this paper presents a virtual platform that is able to model the node hardware, embedded software and basic wireless channel features. This virtual simulation analyzes the embedded software behavior and node power consumption while it takes into account the network deployment and topology. Additionally, this simulator integrates the previously mentioned attacker model. Thus, the impact of attacks on power consumption and software behavior/execution-time can be analyzed. This provides developers with essential information about the effects that one or multiple attacks could have on the network, helping them to develop more secure WSN systems. This WSN attack simulator is an essential element of the attack-aware embedded software development methodology that is also introduced in this work.

A Novel Topology Link-Controlling Approach for Active Defense of a Node in a Network.

PubMed

Li, Jun; Hu, HanPing; Ke, Qiao; Xiong, Naixue

2017-03-09

With the rapid development of virtual machine technology and cloud computing, distributed denial of service (DDoS) attacks, or some peak traffic, poses a great threat to the security of the network. In this paper, a novel topology link control technique and mitigation attacks in real-time environments is proposed. Firstly, a non-invasive method of deploying virtual sensors in the nodes is built, which uses the resource manager of each monitored node as a sensor. Secondly, a general topology-controlling approach of resisting the tolerant invasion is proposed. In the proposed approach, a prediction model is constructed by using copula functions for predicting the peak of a resource through another resource. The result of prediction determines whether or not to initiate the active defense. Finally, a minority game with incomplete strategy is employed to suppress attack flows and improve the permeability of the normal flows. The simulation results show that the proposed approach is very effective in protecting nodes.

A Novel Topology Link-Controlling Approach for Active Defense of Nodes in Networks

PubMed Central

Li, Jun; Hu, HanPing; Ke, Qiao; Xiong, Naixue

2017-01-01

With the rapid development of virtual machine technology and cloud computing, distributed denial of service (DDoS) attacks, or some peak traffic, poses a great threat to the security of the network. In this paper, a novel topology link control technique and mitigation attacks in real-time environments is proposed. Firstly, a non-invasive method of deploying virtual sensors in the nodes is built, which uses the resource manager of each monitored node as a sensor. Secondly, a general topology-controlling approach of resisting the tolerant invasion is proposed. In the proposed approach, a prediction model is constructed by using copula functions for predicting the peak of a resource through another resource. The result of prediction determines whether or not to initiate the active defense. Finally, a minority game with incomplete strategy is employed to suppress attack flows and improve the permeability of the normal flows. The simulation results show that the proposed approach is very effective in protecting nodes. PMID:28282962

A Game Theoretical Approach to Hacktivism: Is Attack Likelihood a Product of Risks and Payoffs?

PubMed

Bodford, Jessica E; Kwan, Virginia S Y

2018-02-01

The current study examines hacktivism (i.e., hacking to convey a moral, ethical, or social justice message) through a general game theoretic framework-that is, as a product of costs and benefits. Given the inherent risk of carrying out a hacktivist attack (e.g., legal action, imprisonment), it would be rational for the user to weigh these risks against perceived benefits of carrying out the attack. As such, we examined computer science students' estimations of risks, payoffs, and attack likelihood through a game theoretic design. Furthermore, this study aims at constructing a descriptive profile of potential hacktivists, exploring two predicted covariates of attack decision making, namely, peer prevalence of hacking and sex differences. Contrary to expectations, results suggest that participants' estimations of attack likelihood stemmed solely from expected payoffs, rather than subjective risks. Peer prevalence significantly predicted increased payoffs and attack likelihood, suggesting an underlying descriptive norm in social networks. Notably, we observed no sex differences in the decision to attack, nor in the factors predicting attack likelihood. Implications for policymakers and the understanding and prevention of hacktivism are discussed, as are the possible ramifications of widely communicated payoffs over potential risks in hacking communities.

An Anonymous User Authentication and Key Agreement Scheme Based on a Symmetric Cryptosystem in Wireless Sensor Networks.

PubMed

Jung, Jaewook; Kim, Jiye; Choi, Younsung; Won, Dongho

2016-08-16

In wireless sensor networks (WSNs), a registered user can login to the network and use a user authentication protocol to access data collected from the sensor nodes. Since WSNs are typically deployed in unattended environments and sensor nodes have limited resources, many researchers have made considerable efforts to design a secure and efficient user authentication process. Recently, Chen et al. proposed a secure user authentication scheme using symmetric key techniques for WSNs. They claim that their scheme assures high efficiency and security against different types of attacks. After careful analysis, however, we find that Chen et al.'s scheme is still vulnerable to smart card loss attack and is susceptible to denial of service attack, since it is invalid for verification to simply compare an entered ID and a stored ID in smart card. In addition, we also observe that their scheme cannot preserve user anonymity. Furthermore, their scheme cannot quickly detect an incorrect password during login phase, and this flaw wastes both communication and computational overheads. In this paper, we describe how these attacks work, and propose an enhanced anonymous user authentication and key agreement scheme based on a symmetric cryptosystem in WSNs to address all of the aforementioned vulnerabilities in Chen et al.'s scheme. Our analysis shows that the proposed scheme improves the level of security, and is also more efficient relative to other related schemes.

Robustness of network of networks under targeted attack.

PubMed

Dong, Gaogao; Gao, Jianxi; Du, Ruijin; Tian, Lixin; Stanley, H Eugene; Havlin, Shlomo

2013-05-01

The robustness of a network of networks (NON) under random attack has been studied recently [Gao et al., Phys. Rev. Lett. 107, 195701 (2011)]. Understanding how robust a NON is to targeted attacks is a major challenge when designing resilient infrastructures. We address here the question how the robustness of a NON is affected by targeted attack on high- or low-degree nodes. We introduce a targeted attack probability function that is dependent upon node degree and study the robustness of two types of NON under targeted attack: (i) a tree of n fully interdependent Erdős-Rényi or scale-free networks and (ii) a starlike network of n partially interdependent Erdős-Rényi networks. For any tree of n fully interdependent Erdős-Rényi networks and scale-free networks under targeted attack, we find that the network becomes significantly more vulnerable when nodes of higher degree have higher probability to fail. When the probability that a node will fail is proportional to its degree, for a NON composed of Erdős-Rényi networks we find analytical solutions for the mutual giant component P(∞) as a function of p, where 1-p is the initial fraction of failed nodes in each network. We also find analytical solutions for the critical fraction p(c), which causes the fragmentation of the n interdependent networks, and for the minimum average degree k[over ¯](min) below which the NON will collapse even if only a single node fails. For a starlike NON of n partially interdependent Erdős-Rényi networks under targeted attack, we find the critical coupling strength q(c) for different n. When q>q(c), the attacked system undergoes an abrupt first order type transition. When q≤q(c), the system displays a smooth second order percolation transition. We also evaluate how the central network becomes more vulnerable as the number of networks with the same coupling strength q increases. The limit of q=0 represents no dependency, and the results are consistent with the classical percolation theory of a single network under targeted attack.

A novel interacting multiple model based network intrusion detection scheme

NASA Astrophysics Data System (ADS)

Xin, Ruichi; Venkatasubramanian, Vijay; Leung, Henry

2006-04-01

In today's information age, information and network security are of primary importance to any organization. Network intrusion is a serious threat to security of computers and data networks. In internet protocol (IP) based network, intrusions originate in different kinds of packets/messages contained in the open system interconnection (OSI) layer 3 or higher layers. Network intrusion detection and prevention systems observe the layer 3 packets (or layer 4 to 7 messages) to screen for intrusions and security threats. Signature based methods use a pre-existing database that document intrusion patterns as perceived in the layer 3 to 7 protocol traffics and match the incoming traffic for potential intrusion attacks. Alternately, network traffic data can be modeled and any huge anomaly from the established traffic pattern can be detected as network intrusion. The latter method, also known as anomaly based detection is gaining popularity for its versatility in learning new patterns and discovering new attacks. It is apparent that for a reliable performance, an accurate model of the network data needs to be established. In this paper, we illustrate using collected data that network traffic is seldom stationary. We propose the use of multiple models to accurately represent the traffic data. The improvement in reliability of the proposed model is verified by measuring the detection and false alarm rates on several datasets.

A Comparative Study of Anomaly Detection Techniques for Smart City Wireless Sensor Networks.

PubMed

Garcia-Font, Victor; Garrigues, Carles; Rifà-Pous, Helena

2016-06-13

In many countries around the world, smart cities are becoming a reality. These cities contribute to improving citizens' quality of life by providing services that are normally based on data extracted from wireless sensor networks (WSN) and other elements of the Internet of Things. Additionally, public administration uses these smart city data to increase its efficiency, to reduce costs and to provide additional services. However, the information received at smart city data centers is not always accurate, because WSNs are sometimes prone to error and are exposed to physical and computer attacks. In this article, we use real data from the smart city of Barcelona to simulate WSNs and implement typical attacks. Then, we compare frequently used anomaly detection techniques to disclose these attacks. We evaluate the algorithms under different requirements on the available network status information. As a result of this study, we conclude that one-class Support Vector Machines is the most appropriate technique. We achieve a true positive rate at least 56% higher than the rates achieved with the other compared techniques in a scenario with a maximum false positive rate of 5% and a 26% higher in a scenario with a false positive rate of 15%.

A Comparative Study of Anomaly Detection Techniques for Smart City Wireless Sensor Networks

PubMed Central

Garcia-Font, Victor; Garrigues, Carles; Rifà-Pous, Helena

2016-01-01

In many countries around the world, smart cities are becoming a reality. These cities contribute to improving citizens’ quality of life by providing services that are normally based on data extracted from wireless sensor networks (WSN) and other elements of the Internet of Things. Additionally, public administration uses these smart city data to increase its efficiency, to reduce costs and to provide additional services. However, the information received at smart city data centers is not always accurate, because WSNs are sometimes prone to error and are exposed to physical and computer attacks. In this article, we use real data from the smart city of Barcelona to simulate WSNs and implement typical attacks. Then, we compare frequently used anomaly detection techniques to disclose these attacks. We evaluate the algorithms under different requirements on the available network status information. As a result of this study, we conclude that one-class Support Vector Machines is the most appropriate technique. We achieve a true positive rate at least 56% higher than the rates achieved with the other compared techniques in a scenario with a maximum false positive rate of 5% and a 26% higher in a scenario with a false positive rate of 15%. PMID:27304957

Analyzing Risks and Vulnerabilities of Various Computer Systems and Undergoing Exploitation using Embedded Devices

NASA Technical Reports Server (NTRS)

Branch, Drew Alexander

2014-01-01

Security is one of the most if not the most important areas today. After the several attacks on the United States, security everywhere has heightened from airports to communication among the military branches legionnaires. With advanced persistent threats (APTs) on the rise following Stuxnet, government branches and agencies are required, more than ever, to follow several standards, policies and procedures to reduce the likelihood of a breach. Attack vectors today are very advanced and are going to continue to get more and more advanced as security controls advance. This creates a need for networks and systems to be in an updated, patched and secured state in a launch control system environment. Attacks on critical systems are becoming more and more relevant and frequent. Nation states are hacking into critical networks that might control electrical power grids or water dams as well as carrying out advanced persistent threat (APTs) attacks on government entities. NASA, as an organization, must protect its self from attacks from all different types of attackers with different motives. Although the International Space Station was created, there is still competition between the different space programs. With that in mind, NASA might get attacked and breached for various reasons such as espionage or sabotage. My project will provide a way for NASA to complete an in house penetration test which includes: asset discovery, vulnerability scans, exploit vulnerabilities and also provide forensic information to harden systems. Completing penetration testing is a part of the compliance requirements of the Federal Information Security Act (FISMA) and NASA NPR 2810.1 and related NASA Handbooks. This project is to demonstrate how in house penetration testing can be conducted that will satisfy all of the compliance requirements of the National Institute of Standards and Technology (NIST), as outlined in FISMA. By the end of this project, I hope to have carried out the tasks stated above as well as gain an immense knowledge about compliance, security tools, networks and network devices, as well as policies and procedures.

Protecting Dynamic Mobile Agent against Denial of Service Attacks

NASA Astrophysics Data System (ADS)

Aggarwal, Mayank; Nipur, Pallavi

2010-11-01

Mobile Agents are softwares migrating from one node to another to fulfill the task of its owner. The introduction of mobile agents has reduced network latency, network traffic a lot but at the same time it has increased the vulnerability for attacks by malicious hosts. One such attack is `Denial of Service', once the agent is launched it is free to roam without any control of its owner, this on one hand decreases the cost of agent—owner interaction and on the other hand increases the chances of `Denial Of Service'. In Denial Of Service attack the malicious host may deny resources required by the agent and kill the agent, thus the result computed so far is lost and this may happen every time the agent visits any malicious host. In this paper we continued the work done in [10] in which the authors proposed techniques by which owner can detect the malicious host for `Denial Of Service' but they did not covered technique for dynamic routes i.e. where the host or agent initiate migrations to hosts which were not contained in the route composed by the owner. We introduced an algorithm and a model which can be useful for the above purpose.

Towards a Low-Cost Remote Memory Attestation for the Smart Grid

PubMed Central

Yang, Xinyu; He, Xiaofei; Yu, Wei; Lin, Jie; Li, Rui; Yang, Qingyu; Song, Houbing

2015-01-01

In the smart grid, measurement devices may be compromised by adversaries, and their operations could be disrupted by attacks. A number of schemes to efficiently and accurately detect these compromised devices remotely have been proposed. Nonetheless, most of the existing schemes detecting compromised devices depend on the incremental response time in the attestation process, which are sensitive to data transmission delay and lead to high computation and network overhead. To address the issue, in this paper, we propose a low-cost remote memory attestation scheme (LRMA), which can efficiently and accurately detect compromised smart meters considering real-time network delay and achieve low computation and network overhead. In LRMA, the impact of real-time network delay on detecting compromised nodes can be eliminated via investigating the time differences reported from relay nodes. Furthermore, the attestation frequency in LRMA is dynamically adjusted with the compromised probability of each node, and then, the total number of attestations could be reduced while low computation and network overhead can be achieved. Through a combination of extensive theoretical analysis and evaluations, our data demonstrate that our proposed scheme can achieve better detection capacity and lower computation and network overhead in comparison to existing schemes. PMID:26307998

Towards a Low-Cost Remote Memory Attestation for the Smart Grid.

PubMed

Yang, Xinyu; He, Xiaofei; Yu, Wei; Lin, Jie; Li, Rui; Yang, Qingyu; Song, Houbing

2015-08-21

In the smart grid, measurement devices may be compromised by adversaries, and their operations could be disrupted by attacks. A number of schemes to efficiently and accurately detect these compromised devices remotely have been proposed. Nonetheless, most of the existing schemes detecting compromised devices depend on the incremental response time in the attestation process, which are sensitive to data transmission delay and lead to high computation and network overhead. To address the issue, in this paper, we propose a low-cost remote memory attestation scheme (LRMA), which can efficiently and accurately detect compromised smart meters considering real-time network delay and achieve low computation and network overhead. In LRMA, the impact of real-time network delay on detecting compromised nodes can be eliminated via investigating the time differences reported from relay nodes. Furthermore, the attestation frequency in LRMA is dynamically adjusted with the compromised probability of each node, and then, the total number of attestations could be reduced while low computation and network overhead can be achieved. Through a combination of extensive theoretical analysis and evaluations, our data demonstrate that our proposed scheme can achieve better detection capacity and lower computation and network overhead in comparison to existing schemes.

Simulation of Attacks for Security in Wireless Sensor Network

PubMed Central

Diaz, Alvaro; Sanchez, Pablo

2016-01-01

The increasing complexity and low-power constraints of current Wireless Sensor Networks (WSN) require efficient methodologies for network simulation and embedded software performance analysis of nodes. In addition, security is also a very important feature that has to be addressed in most WSNs, since they may work with sensitive data and operate in hostile unattended environments. In this paper, a methodology for security analysis of Wireless Sensor Networks is presented. The methodology allows designing attack-aware embedded software/firmware or attack countermeasures to provide security in WSNs. The proposed methodology includes attacker modeling and attack simulation with performance analysis (node’s software execution time and power consumption estimation). After an analysis of different WSN attack types, an attacker model is proposed. This model defines three different types of attackers that can emulate most WSN attacks. In addition, this paper presents a virtual platform that is able to model the node hardware, embedded software and basic wireless channel features. This virtual simulation analyzes the embedded software behavior and node power consumption while it takes into account the network deployment and topology. Additionally, this simulator integrates the previously mentioned attacker model. Thus, the impact of attacks on power consumption and software behavior/execution-time can be analyzed. This provides developers with essential information about the effects that one or multiple attacks could have on the network, helping them to develop more secure WSN systems. This WSN attack simulator is an essential element of the attack-aware embedded software development methodology that is also introduced in this work. PMID:27869710

Random Visitor: Defense against Identity Attacks in P2P Networks

NASA Astrophysics Data System (ADS)

Gu, Jabeom; Nah, Jaehoon; Kwon, Hyeokchan; Jang, Jonsoo; Park, Sehyun

Various advantages of cooperative peer-to-peer networks are strongly counterbalanced by the open nature of a distributed, serverless network. In such networks, it is relatively easy for an attacker to launch various attacks such as misrouting, corrupting, or dropping messages as a result of a successful identifier forgery. The impact of an identifier forgery is particularly severe because the whole network can be compromised by attacks such as Sybil or Eclipse. In this paper, we present an identifier authentication mechanism called random visitor, which uses one or more randomly selected peers as delegates of identity proof. Our scheme uses identity-based cryptography and identity ownership proof mechanisms collectively to create multiple, cryptographically protected indirect bindings between two peers, instantly when needed, through the delegates. Because of these bindings, an attacker cannot achieve an identifier forgery related attack against interacting peers without breaking the bindings. Therefore, our mechanism limits the possibility of identifier forgery attacks efficiently by disabling an attacker's ability to break the binding. The design rationale and framework details are presented. A security analysis shows that our scheme is strong enough against identifier related attacks and that the strength increases if there are many peers (more than several thousand) in the network.

Robustness of networks formed from interdependent correlated networks under intentional attacks

NASA Astrophysics Data System (ADS)

Liu, Long; Meng, Ke; Dong, Zhaoyang

2018-02-01

We study the problem of intentional attacks targeting to interdependent networks generated with known degree distribution (in-degree oriented model) or distribution of interlinks (out-degree oriented model). In both models, each node's degree is correlated with the number of its links that connect to the other network. For both models, varying the correlation coefficient has a significant effect on the robustness of a system undergoing random attacks or attacks targeting nodes with low degree. For a system with an assortative relationship between in-degree and out-degree, reducing the broadness of networks' degree distributions can increase the resistance of systems against intentional attacks.

Recovery of infrastructure networks after localised attacks.

PubMed

Hu, Fuyu; Yeung, Chi Ho; Yang, Saini; Wang, Weiping; Zeng, An

2016-04-14

The stability of infrastructure network is always a critical issue studied by researchers in different fields. A lot of works have been devoted to reveal the robustness of the infrastructure networks against random and malicious attacks. However, real attack scenarios such as earthquakes and typhoons are instead localised attacks which are investigated only recently. Unlike previous studies, we examine in this paper the resilience of infrastructure networks by focusing on the recovery process from localised attacks. We introduce various preferential repair strategies and found that they facilitate and improve network recovery compared to that of random repairs, especially when population size is uneven at different locations. Moreover, our strategic repair methods show similar effectiveness as the greedy repair. The validations are conducted on simulated networks, and on real networks with real disasters. Our method is meaningful in practice as it can largely enhance network resilience and contribute to network risk reduction.

Recovery of infrastructure networks after localised attacks

PubMed Central

Hu, Fuyu; Yeung, Chi Ho; Yang, Saini; Wang, Weiping; Zeng, An

2016-01-01

The stability of infrastructure network is always a critical issue studied by researchers in different fields. A lot of works have been devoted to reveal the robustness of the infrastructure networks against random and malicious attacks. However, real attack scenarios such as earthquakes and typhoons are instead localised attacks which are investigated only recently. Unlike previous studies, we examine in this paper the resilience of infrastructure networks by focusing on the recovery process from localised attacks. We introduce various preferential repair strategies and found that they facilitate and improve network recovery compared to that of random repairs, especially when population size is uneven at different locations. Moreover, our strategic repair methods show similar effectiveness as the greedy repair. The validations are conducted on simulated networks, and on real networks with real disasters. Our method is meaningful in practice as it can largely enhance network resilience and contribute to network risk reduction. PMID:27075559

Impact of Degree Heterogeneity on Attack Vulnerability of Interdependent Networks

NASA Astrophysics Data System (ADS)

Sun, Shiwen; Wu, Yafang; Ma, Yilin; Wang, Li; Gao, Zhongke; Xia, Chengyi

2016-09-01

The study of interdependent networks has become a new research focus in recent years. We focus on one fundamental property of interdependent networks: vulnerability. Previous studies mainly focused on the impact of topological properties upon interdependent networks under random attacks, the effect of degree heterogeneity on structural vulnerability of interdependent networks under intentional attacks, however, is still unexplored. In order to deeply understand the role of degree distribution and in particular degree heterogeneity, we construct an interdependent system model which consists of two networks whose extent of degree heterogeneity can be controlled simultaneously by a tuning parameter. Meanwhile, a new quantity, which can better measure the performance of interdependent networks after attack, is proposed. Numerical simulation results demonstrate that degree heterogeneity can significantly increase the vulnerability of both single and interdependent networks. Moreover, it is found that interdependent links between two networks make the entire system much more fragile to attacks. Enhancing coupling strength between networks can greatly increase the fragility of both networks against targeted attacks, which is most evident under the case of max-max assortative coupling. Current results can help to deepen the understanding of structural complexity of complex real-world systems.

A decoy chain deployment method based on SDN and NFV against penetration attack

PubMed Central

Zhao, Qi; Zhang, Chuanhao

2017-01-01

Penetration attacks are one of the most serious network security threats. However, existing network defense technologies do not have the ability to entirely block the penetration behavior of intruders. Therefore, the network needs additional defenses. In this paper, a decoy chain deployment (DCD) method based on SDN+NFV is proposed to address this problem. This method considers about the security status of networks, and deploys decoy chains with the resource constraints. DCD changes the attack surface of the network and makes it difficult for intruders to discern the current state of the network. Simulation experiments and analyses show that DCD can effectively resist penetration attacks by increasing the time cost and complexity of a penetration attack. PMID:29216257

A decoy chain deployment method based on SDN and NFV against penetration attack.

PubMed

Zhao, Qi; Zhang, Chuanhao; Zhao, Zheng

2017-01-01

Penetration attacks are one of the most serious network security threats. However, existing network defense technologies do not have the ability to entirely block the penetration behavior of intruders. Therefore, the network needs additional defenses. In this paper, a decoy chain deployment (DCD) method based on SDN+NFV is proposed to address this problem. This method considers about the security status of networks, and deploys decoy chains with the resource constraints. DCD changes the attack surface of the network and makes it difficult for intruders to discern the current state of the network. Simulation experiments and analyses show that DCD can effectively resist penetration attacks by increasing the time cost and complexity of a penetration attack.

Distributed micro-releases of bioterror pathogens : threat characterizations and epidemiology from uncertain patient observables.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Wolf, Michael M.; Marzouk, Youssef M.; Adams, Brian M.

2008-10-01

Terrorist attacks using an aerosolized pathogen preparation have gained credibility as a national security concern since the anthrax attacks of 2001. The ability to characterize the parameters of such attacks, i.e., to estimate the number of people infected, the time of infection, the average dose received, and the rate of disease spread in contemporary American society (for contagious diseases), is important when planning a medical response. For non-contagious diseases, we address the characterization problem by formulating a Bayesian inverse problem predicated on a short time-series of diagnosed patients exhibiting symptoms. To keep the approach relevant for response planning, we limitmore » ourselves to 3.5 days of data. In computational tests performed for anthrax, we usually find these observation windows sufficient, especially if the outbreak model employed in the inverse problem is accurate. For contagious diseases, we formulated a Bayesian inversion technique to infer both pathogenic transmissibility and the social network from outbreak observations, ensuring that the two determinants of spreading are identified separately. We tested this technique on data collected from a 1967 smallpox epidemic in Abakaliki, Nigeria. We inferred, probabilistically, different transmissibilities in the structured Abakaliki population, the social network, and the chain of transmission. Finally, we developed an individual-based epidemic model to realistically simulate the spread of a rare (or eradicated) disease in a modern society. This model incorporates the mixing patterns observed in an (American) urban setting and accepts, as model input, pathogenic transmissibilities estimated from historical outbreaks that may have occurred in socio-economic environments with little resemblance to contemporary society. Techniques were also developed to simulate disease spread on static and sampled network reductions of the dynamic social networks originally in the individual-based model, yielding faster, though approximate, network-based epidemic models. These reduced-order models are useful in scenario analysis for medical response planning, as well as in computationally intensive inverse problems.« less

Go Ahead of Malware’s Infections and Controls: Towards New Techniques for Proactive Cyber Defense

DTIC Science & Technology

2016-12-08

in SDN (such as topology poisoning attacks and data-to-control plan saturation attacks) and developed new defense for SDN (such as TopoGuard and... Poisoning Network Visibility in Software-Defined Networks: New Attacks and Countermeasures As part of our research on discovering new vulnerabilities...future network- ing paradigm. We demonstrate that this new attacks can effectively poison the network topology information, then further successfully

Robustness of Controllability for Networks Based on Edge-Attack

PubMed Central

Nie, Sen; Wang, Xuwen; Zhang, Haifeng; Li, Qilang; Wang, Binghong

2014-01-01

We study the controllability of networks in the process of cascading failures under two different attacking strategies, random and intentional attack, respectively. For the highest-load edge attack, it is found that the controllability of Erdős-Rényi network, that with moderate average degree, is less robust, whereas the Scale-free network with moderate power-law exponent shows strong robustness of controllability under the same attack strategy. The vulnerability of controllability under random and intentional attacks behave differently with the increasing of removal fraction, especially, we find that the robustness of control has important role in cascades for large removal fraction. The simulation results show that for Scale-free networks with various power-law exponents, the network has larger scale of cascades do not mean that there will be more increments of driver nodes. Meanwhile, the number of driver nodes in cascading failures is also related to the edges amount in strongly connected components. PMID:24586507

Robustness of controllability for networks based on edge-attack.

PubMed

Nie, Sen; Wang, Xuwen; Zhang, Haifeng; Li, Qilang; Wang, Binghong

2014-01-01

We study the controllability of networks in the process of cascading failures under two different attacking strategies, random and intentional attack, respectively. For the highest-load edge attack, it is found that the controllability of Erdős-Rényi network, that with moderate average degree, is less robust, whereas the Scale-free network with moderate power-law exponent shows strong robustness of controllability under the same attack strategy. The vulnerability of controllability under random and intentional attacks behave differently with the increasing of removal fraction, especially, we find that the robustness of control has important role in cascades for large removal fraction. The simulation results show that for Scale-free networks with various power-law exponents, the network has larger scale of cascades do not mean that there will be more increments of driver nodes. Meanwhile, the number of driver nodes in cascading failures is also related to the edges amount in strongly connected components.

Distributed Denial of Service Attack Source Detection Using Efficient Traceback Technique (ETT) in Cloud-Assisted Healthcare Environment.

PubMed

Latif, Rabia; Abbas, Haider; Latif, Seemab; Masood, Ashraf

2016-07-01

Security and privacy are the first and foremost concerns that should be given special attention when dealing with Wireless Body Area Networks (WBANs). As WBAN sensors operate in an unattended environment and carry critical patient health information, Distributed Denial of Service (DDoS) attack is one of the major attacks in WBAN environment that not only exhausts the available resources but also influence the reliability of information being transmitted. This research work is an extension of our previous work in which a machine learning based attack detection algorithm is proposed to detect DDoS attack in WBAN environment. However, in order to avoid complexity, no consideration was given to the traceback mechanism. During traceback, the challenge lies in reconstructing the attack path leading to identify the attack source. Among existing traceback techniques, Probabilistic Packet Marking (PPM) approach is the most commonly used technique in conventional IP- based networks. However, since marking probability assignment has significant effect on both the convergence time and performance of a scheme, it is not directly applicable in WBAN environment due to high convergence time and overhead on intermediate nodes. Therefore, in this paper we have proposed a new scheme called Efficient Traceback Technique (ETT) based on Dynamic Probability Packet Marking (DPPM) approach and uses MAC header in place of IP header. Instead of using fixed marking probability, the proposed scheme uses variable marking probability based on the number of hops travelled by a packet to reach the target node. Finally, path reconstruction algorithms are proposed to traceback an attacker. Evaluation and simulation results indicate that the proposed solution outperforms fixed PPM in terms of convergence time and computational overhead on nodes.

Robustness of coevolution in resolving prisoner's dilemma games on interdependent networks subject to attack

NASA Astrophysics Data System (ADS)

Liu, Penghui; Liu, Jing

2017-08-01

Recently, coevolution between strategy and network structure has been established as a rule to resolve social dilemmas and reach optimal situations for cooperation. Many follow-up researches have focused on studying how coevolution helps networks reorganize to deter the defectors and many coevolution methods have been proposed. However, the robustness of the coevolution rules against attacks have not been studied much. Since attacks may directly influence the original evolutionary process of cooperation, the robustness should be an important index while evaluating the quality of a coevolution method. In this paper, we focus on investigating the robustness of an elementary coevolution method in resolving the prisoner's dilemma game upon the interdependent networks. Three different types of time-independent attacks, named as edge attacks, instigation attacks and node attacks have been employed to test its robustness. Through analyzing the simulation results obtained, we find this coevolution method is relatively robust against the edge attack and the node attack as it successfully maintains cooperation in the population over the entire attack range. However, when the instigation probability of the attacked individuals is large or the attack range of instigation attack is wide enough, coevolutionary rule finally fails in maintaining cooperation in the population.

Towards a C2 Poly-Visualization Tool: Leveraging the Power of Social-Network Analysis and GIS

DTIC Science & Technology

2011-06-01

from Magsino.14 AutoMap, a product of CASOS at Carnegie Mellon University, is a text-mining tool that enables the extraction of network data from...enables community leaders to prepare for biological attacks using computational models. BioWar is a CASOS package that combines many factors into a...models, demographically accurate agent modes, wind dispersion models, and an error-diagnostic model. Construct, also developed by CASOS , is a

An Efficient Location Verification Scheme for Static Wireless Sensor Networks.

PubMed

Kim, In-Hwan; Kim, Bo-Sung; Song, JooSeok

2017-01-24

In wireless sensor networks (WSNs), the accuracy of location information is vital to support many interesting applications. Unfortunately, sensors have difficulty in estimating their location when malicious sensors attack the location estimation process. Even though secure localization schemes have been proposed to protect location estimation process from attacks, they are not enough to eliminate the wrong location estimations in some situations. The location verification can be the solution to the situations or be the second-line defense. The problem of most of the location verifications is the explicit involvement of many sensors in the verification process and requirements, such as special hardware, a dedicated verifier and the trusted third party, which causes more communication and computation overhead. In this paper, we propose an efficient location verification scheme for static WSN called mutually-shared region-based location verification (MSRLV), which reduces those overheads by utilizing the implicit involvement of sensors and eliminating several requirements. In order to achieve this, we use the mutually-shared region between location claimant and verifier for the location verification. The analysis shows that MSRLV reduces communication overhead by 77% and computation overhead by 92% on average, when compared with the other location verification schemes, in a single sensor verification. In addition, simulation results for the verification of the whole network show that MSRLV can detect the malicious sensors by over 90% when sensors in the network have five or more neighbors.

An Efficient Location Verification Scheme for Static Wireless Sensor Networks

PubMed Central

Kim, In-hwan; Kim, Bo-sung; Song, JooSeok

2017-01-01

In wireless sensor networks (WSNs), the accuracy of location information is vital to support many interesting applications. Unfortunately, sensors have difficulty in estimating their location when malicious sensors attack the location estimation process. Even though secure localization schemes have been proposed to protect location estimation process from attacks, they are not enough to eliminate the wrong location estimations in some situations. The location verification can be the solution to the situations or be the second-line defense. The problem of most of the location verifications is the explicit involvement of many sensors in the verification process and requirements, such as special hardware, a dedicated verifier and the trusted third party, which causes more communication and computation overhead. In this paper, we propose an efficient location verification scheme for static WSN called mutually-shared region-based location verification (MSRLV), which reduces those overheads by utilizing the implicit involvement of sensors and eliminating several requirements. In order to achieve this, we use the mutually-shared region between location claimant and verifier for the location verification. The analysis shows that MSRLV reduces communication overhead by 77% and computation overhead by 92% on average, when compared with the other location verification schemes, in a single sensor verification. In addition, simulation results for the verification of the whole network show that MSRLV can detect the malicious sensors by over 90% when sensors in the network have five or more neighbors. PMID:28125007

Network traffic intelligence using a low interaction honeypot

NASA Astrophysics Data System (ADS)

Nyamugudza, Tendai; Rajasekar, Venkatesh; Sen, Prasad; Nirmala, M.; Madhu Viswanatham, V.

2017-11-01

Advancements in networking technology have seen more and more devices becoming connected day by day. This has given organizations capacity to extend their networks beyond their boundaries to remote offices and remote employees. However as the network grows security becomes a major challenge since the attack surface also increases. There is need to guard the network against different types of attacks like intrusion and malware through using different tools at different networking levels. This paper describes how network intelligence can be acquired through implementing a low-interaction honeypot which detects and track network intrusion. Honeypot allows an organization to interact and gather information about an attack earlier before it compromises the network. This process is important because it allows the organization to learn about future attacks of the same nature and allows them to develop counter measures. The paper further shows how honeypot-honey net based model for interruption detection system (IDS) can be used to get the best valuable information about the attacker and prevent unexpected harm to the network.

Targeting U.S. Technologies: A Trend Analysis of Reporting from Defense Industry 2008

DTIC Science & Technology

2009-01-16

involving attempts to intrude or “ hack ” into the defense industrial base’s computer systems or networks originated from East Asia and the Pacifi c...easily mask IP addresses, utilize freely available anonymous proxies, or launch attacks from any of the open WiFi hotspots across the globe. These

An Identity-Based Anti-Quantum Privacy-Preserving Blind Authentication in Wireless Sensor Networks.

PubMed

Zhu, Hongfei; Tan, Yu-An; Zhu, Liehuang; Wang, Xianmin; Zhang, Quanxin; Li, Yuanzhang

2018-05-22

With the development of wireless sensor networks, IoT devices are crucial for the Smart City; these devices change people's lives such as e-payment and e-voting systems. However, in these two systems, the state-of-art authentication protocols based on traditional number theory cannot defeat a quantum computer attack. In order to protect user privacy and guarantee trustworthy of big data, we propose a new identity-based blind signature scheme based on number theorem research unit lattice, this scheme mainly uses a rejection sampling theorem instead of constructing a trapdoor. Meanwhile, this scheme does not depend on complex public key infrastructure and can resist quantum computer attack. Then we design an e-payment protocol using the proposed scheme. Furthermore, we prove our scheme is secure in the random oracle, and satisfies confidentiality, integrity, and non-repudiation. Finally, we demonstrate that the proposed scheme outperforms the other traditional existing identity-based blind signature schemes in signing speed and verification speed, outperforms the other lattice-based blind signature in signing speed, verification speed, and signing secret key size.

An Identity-Based Anti-Quantum Privacy-Preserving Blind Authentication in Wireless Sensor Networks

PubMed Central

Zhu, Hongfei; Tan, Yu-an; Zhu, Liehuang; Wang, Xianmin; Zhang, Quanxin; Li, Yuanzhang

2018-01-01

With the development of wireless sensor networks, IoT devices are crucial for the Smart City; these devices change people’s lives such as e-payment and e-voting systems. However, in these two systems, the state-of-art authentication protocols based on traditional number theory cannot defeat a quantum computer attack. In order to protect user privacy and guarantee trustworthy of big data, we propose a new identity-based blind signature scheme based on number theorem research unit lattice, this scheme mainly uses a rejection sampling theorem instead of constructing a trapdoor. Meanwhile, this scheme does not depend on complex public key infrastructure and can resist quantum computer attack. Then we design an e-payment protocol using the proposed scheme. Furthermore, we prove our scheme is secure in the random oracle, and satisfies confidentiality, integrity, and non-repudiation. Finally, we demonstrate that the proposed scheme outperforms the other traditional existing identity-based blind signature schemes in signing speed and verification speed, outperforms the other lattice-based blind signature in signing speed, verification speed, and signing secret key size. PMID:29789475

A study on efficient detection of network-based IP spoofing DDoS and malware-infected Systems.

PubMed

Seo, Jung Woo; Lee, Sang Jin

2016-01-01

Large-scale network environments require effective detection and response methods against DDoS attacks. Depending on the advancement of IT infrastructure such as the server or network equipment, DDoS attack traffic arising from a few malware-infected systems capable of crippling the organization's internal network has become a significant threat. This study calculates the frequency of network-based packet attributes and analyzes the anomalies of the attributes in order to detect IP-spoofed DDoS attacks. Also, a method is proposed for the effective detection of malware infection systems triggering IP-spoofed DDoS attacks on an edge network. Detection accuracy and performance of the collected real-time traffic on a core network is analyzed thru the use of the proposed algorithm, and a prototype was developed to evaluate the performance of the algorithm. As a result, DDoS attacks on the internal network were detected in real-time and whether or not IP addresses were spoofed was confirmed. Detecting hosts infected by malware in real-time allowed the execution of intrusion responses before stoppage of the internal network caused by large-scale attack traffic.

An Anonymous User Authentication and Key Agreement Scheme Based on a Symmetric Cryptosystem in Wireless Sensor Networks

PubMed Central

Jung, Jaewook; Kim, Jiye; Choi, Younsung; Won, Dongho

2016-01-01

In wireless sensor networks (WSNs), a registered user can login to the network and use a user authentication protocol to access data collected from the sensor nodes. Since WSNs are typically deployed in unattended environments and sensor nodes have limited resources, many researchers have made considerable efforts to design a secure and efficient user authentication process. Recently, Chen et al. proposed a secure user authentication scheme using symmetric key techniques for WSNs. They claim that their scheme assures high efficiency and security against different types of attacks. After careful analysis, however, we find that Chen et al.’s scheme is still vulnerable to smart card loss attack and is susceptible to denial of service attack, since it is invalid for verification to simply compare an entered ID and a stored ID in smart card. In addition, we also observe that their scheme cannot preserve user anonymity. Furthermore, their scheme cannot quickly detect an incorrect password during login phase, and this flaw wastes both communication and computational overheads. In this paper, we describe how these attacks work, and propose an enhanced anonymous user authentication and key agreement scheme based on a symmetric cryptosystem in WSNs to address all of the aforementioned vulnerabilities in Chen et al.’s scheme. Our analysis shows that the proposed scheme improves the level of security, and is also more efficient relative to other related schemes. PMID:27537890

Attack tolerance of correlated time-varying social networks with well-defined communities

NASA Astrophysics Data System (ADS)

Sur, Souvik; Ganguly, Niloy; Mukherjee, Animesh

2015-02-01

In this paper, we investigate the efficiency and the robustness of information transmission for real-world social networks, modeled as time-varying instances, under targeted attack in shorter time spans. We observe that these quantities are markedly higher than that of the randomized versions of the considered networks. An important factor that drives this efficiency or robustness is the presence of short-time correlations across the network instances which we quantify by a novel metric the-edge emergence factor, denoted as ξ. We find that standard targeted attacks are not effective in collapsing this network structure. Remarkably, if the hourly community structures of the temporal network instances are attacked with the largest size community attacked first, the second largest next and so on, the network soon collapses. This behavior, we show is an outcome of the fact that the edge emergence factor bears a strong positive correlation with the size ordered community structures.

VTAC: virtual terrain assisted impact assessment for cyber attacks

NASA Astrophysics Data System (ADS)

Argauer, Brian J.; Yang, Shanchieh J.

2008-03-01

Overwhelming intrusion alerts have made timely response to network security breaches a difficult task. Correlating alerts to produce a higher level view of intrusion state of a network, thus, becomes an essential element in network defense. This work proposes to analyze correlated or grouped alerts and determine their 'impact' to services and users of the network. A network is modeled as 'virtual terrain' where cyber attacks maneuver. Overlaying correlated attack tracks on virtual terrain exhibits the vulnerabilities exploited by each track and the relationships between them and different network entities. The proposed impact assessment algorithm utilizes the graph-based virtual terrain model and combines assessments of damages caused by the attacks. The combined impact scores allow to identify severely damaged network services and affected users. Several scenarios are examined to demonstrate the uses of the proposed Virtual Terrain Assisted Impact Assessment for Cyber Attacks (VTAC).

Computer viruses

NASA Technical Reports Server (NTRS)

Denning, Peter J.

1988-01-01

The worm, Trojan horse, bacterium, and virus are destructive programs that attack information stored in a computer's memory. Virus programs, which propagate by incorporating copies of themselves into other programs, are a growing menace in the late-1980s world of unprotected, networked workstations and personal computers. Limited immunity is offered by memory protection hardware, digitally authenticated object programs,and antibody programs that kill specific viruses. Additional immunity can be gained from the practice of digital hygiene, primarily the refusal to use software from untrusted sources. Full immunity requires attention in a social dimension, the accountability of programmers.

Thundercloud: Domain specific information security training for the smart grid

NASA Astrophysics Data System (ADS)

Stites, Joseph

In this paper, we describe a cloud-based virtual smart grid test bed: ThunderCloud, which is intended to be used for domain-specific security training applicable to the smart grid environment. The test bed consists of virtual machines connected using a virtual internal network. ThunderCloud is remotely accessible, allowing students to undergo educational exercises online. We also describe a series of practical exercises that we have developed for providing the domain-specific training using ThunderCloud. The training exercises and attacks are designed to be realistic and to reflect known vulnerabilities and attacks reported in the smart grid environment. We were able to use ThunderCloud to offer practical domain-specific security training for smart grid environment to computer science students at little or no cost to the department and no risk to any real networks or systems.

Provably Secure Heterogeneous Access Control Scheme for Wireless Body Area Network.

PubMed

Omala, Anyembe Andrew; Mbandu, Angolo Shem; Mutiria, Kamenyi Domenic; Jin, Chunhua; Li, Fagen

2018-04-28

Wireless body area network (WBAN) provides a medium through which physiological information could be harvested and transmitted to application provider (AP) in real time. Integrating WBAN in a heterogeneous Internet of Things (IoT) ecosystem would enable an AP to monitor patients from anywhere and at anytime. However, the IoT roadmap of interconnected 'Things' is still faced with many challenges. One of the challenges in healthcare is security and privacy of streamed medical data from heterogeneously networked devices. In this paper, we first propose a heterogeneous signcryption scheme where a sender is in a certificateless cryptographic (CLC) environment while a receiver is in identity-based cryptographic (IBC) environment. We then use this scheme to design a heterogeneous access control protocol. Formal security proof for indistinguishability against adaptive chosen ciphertext attack and unforgeability against adaptive chosen message attack in random oracle model is presented. In comparison with some of the existing access control schemes, our scheme has lower computation and communication cost.

An Enhanced Secure Identity-Based Certificateless Public Key Authentication Scheme for Vehicular Sensor Networks.

PubMed

Li, Congcong; Zhang, Xi; Wang, Haiping; Li, Dongfeng

2018-01-11

Vehicular sensor networks have been widely applied in intelligent traffic systems in recent years. Because of the specificity of vehicular sensor networks, they require an enhanced, secure and efficient authentication scheme. Existing authentication protocols are vulnerable to some problems, such as a high computational overhead with certificate distribution and revocation, strong reliance on tamper-proof devices, limited scalability when building many secure channels, and an inability to detect hardware tampering attacks. In this paper, an improved authentication scheme using certificateless public key cryptography is proposed to address these problems. A security analysis of our scheme shows that our protocol provides an enhanced secure anonymous authentication, which is resilient against major security threats. Furthermore, the proposed scheme reduces the incidence of node compromise and replication attacks. The scheme also provides a malicious-node detection and warning mechanism, which can quickly identify compromised static nodes and immediately alert the administrative department. With performance evaluations, the scheme can obtain better trade-offs between security and efficiency than the well-known available schemes.

Attack Vulnerability of Network Controllability

PubMed Central

2016-01-01

Controllability of complex networks has attracted much attention, and understanding the robustness of network controllability against potential attacks and failures is of practical significance. In this paper, we systematically investigate the attack vulnerability of network controllability for the canonical model networks as well as the real-world networks subject to attacks on nodes and edges. The attack strategies are selected based on degree and betweenness centralities calculated for either the initial network or the current network during the removal, among which random failure is as a comparison. It is found that the node-based strategies are often more harmful to the network controllability than the edge-based ones, and so are the recalculated strategies than their counterparts. The Barabási-Albert scale-free model, which has a highly biased structure, proves to be the most vulnerable of the tested model networks. In contrast, the Erdős-Rényi random model, which lacks structural bias, exhibits much better robustness to both node-based and edge-based attacks. We also survey the control robustness of 25 real-world networks, and the numerical results show that most real networks are control robust to random node failures, which has not been observed in the model networks. And the recalculated betweenness-based strategy is the most efficient way to harm the controllability of real-world networks. Besides, we find that the edge degree is not a good quantity to measure the importance of an edge in terms of network controllability. PMID:27588941

Attack Vulnerability of Network Controllability.

PubMed

Lu, Zhe-Ming; Li, Xin-Feng

2016-01-01

Controllability of complex networks has attracted much attention, and understanding the robustness of network controllability against potential attacks and failures is of practical significance. In this paper, we systematically investigate the attack vulnerability of network controllability for the canonical model networks as well as the real-world networks subject to attacks on nodes and edges. The attack strategies are selected based on degree and betweenness centralities calculated for either the initial network or the current network during the removal, among which random failure is as a comparison. It is found that the node-based strategies are often more harmful to the network controllability than the edge-based ones, and so are the recalculated strategies than their counterparts. The Barabási-Albert scale-free model, which has a highly biased structure, proves to be the most vulnerable of the tested model networks. In contrast, the Erdős-Rényi random model, which lacks structural bias, exhibits much better robustness to both node-based and edge-based attacks. We also survey the control robustness of 25 real-world networks, and the numerical results show that most real networks are control robust to random node failures, which has not been observed in the model networks. And the recalculated betweenness-based strategy is the most efficient way to harm the controllability of real-world networks. Besides, we find that the edge degree is not a good quantity to measure the importance of an edge in terms of network controllability.

VoIP attacks detection engine based on neural network

NASA Astrophysics Data System (ADS)

Safarik, Jakub; Slachta, Jiri

2015-05-01

The security is crucial for any system nowadays, especially communications. One of the most successful protocols in the field of communication over IP networks is Session Initiation Protocol. It is an open-source project used by different kinds of applications, both open-source and proprietary. High penetration and text-based principle made SIP number one target in IP telephony infrastructure, so security of SIP server is essential. To keep up with hackers and to detect potential malicious attacks, security administrator needs to monitor and evaluate SIP traffic in the network. But monitoring and following evaluation could easily overwhelm the security administrator in networks, typically in networks with a number of SIP servers, users and logically or geographically separated networks. The proposed solution lies in automatic attack detection systems. The article covers detection of VoIP attacks through a distributed network of nodes. Then the gathered data analyze aggregation server with artificial neural network. Artificial neural network means multilayer perceptron network trained with a set of collected attacks. Attack data could also be preprocessed and verified with a self-organizing map. The source data is detected by distributed network of detection nodes. Each node contains a honeypot application and traffic monitoring mechanism. Aggregation of data from each node creates an input for neural networks. The automatic classification on a centralized server with low false positive detection reduce the cost of attack detection resources. The detection system uses modular design for easy deployment in final infrastructure. The centralized server collects and process detected traffic. It also maintains all detection nodes.

Security analysis and improvement of a privacy authentication scheme for telecare medical information systems.

PubMed

Wu, Fan; Xu, Lili

2013-08-01

Nowadays, patients can gain many kinds of medical service on line via Telecare Medical Information Systems(TMIS) due to the fast development of computer technology. So security of communication through network between the users and the server is very significant. Authentication plays an important part to protect information from being attacked by malicious attackers. Recently, Jiang et al. proposed a privacy enhanced scheme for TMIS using smart cards and claimed their scheme was better than Chen et al.'s. However, we have showed that Jiang et al.'s scheme has the weakness of ID uselessness and is vulnerable to off-line password guessing attack and user impersonation attack if an attacker compromises the legal user's smart card. Also, it can't resist DoS attack in two cases: after a successful impersonation attack and wrong password input in Password change phase. Then we propose an improved mutual authentication scheme used for a telecare medical information system. Remote monitoring, checking patients' past medical history record and medical consultant can be applied in the system where information transmits via Internet. Finally, our analysis indicates that the suggested scheme overcomes the disadvantages of Jiang et al.'s scheme and is practical for TMIS.

Enhancing the cyber-security of smart grids with applications to synchrophasor data

NASA Astrophysics Data System (ADS)

Pal, Seemita

In the power grids, Supervisory Control and Data Acquisition (SCADA) systems are used as part of the Energy Management System (EMS) for enabling grid monitoring, control and protection. In recent times, with the ongoing installation of thousands of Phasor Measurement Units (PMUs), system operators are becoming increasingly reliant on PMU-generated synchrophasor measurements for executing wide-area monitoring and real-time control. The availability of PMU data facilitates dynamic state estimation of the system, thus improving the efficiency and resiliency of the grid. Since the SCADA and PMU data are used to make critical control decisions including actuation of physical systems, the timely availability and integrity of this networked data is of paramount importance. Absence or wrong control actions can potentially lead to disruption of operations, monetary loss, damage to equipments or surroundings or even blackout. This has posed new challenges to information security especially in this age of ever-increasing cyber-attacks. In this thesis, potential cyber-attacks on smart grids are presented and effective and implementable schemes are proposed for detecting them. The focus is mainly on three kinds of cyber-attacks and their detection: (i) gray-hole attacks on synchrophasor systems, (ii) PMU data manipulation attacks and (iii) data integrity attacks on SCADA systems. In the case of gray-hole attacks, also known as packet-drop attacks, the adversary may arbitrarily drop PMU data packets as they traverse the network, resulting in unavailability of time-sensitive data for the various critical power system applications. The fundamental challenge is to distinguish packets dropped by the adversary from those that occur naturally due to network congestion.The proposed gray-hole attack detection technique is based on exploiting the inherent timing information in the GPS time-stamped PMU data packets and using the temporal trends of the latencies to classify the cause of packet-drops and finally detect attacks, if any. In the case of PMU data manipulation attacks, the attacker may modify the data in the PMU packets in order to bias the system states and influence the control center into taking wrong decisions. The proposed detection technique is based on evaluating the equivalent impedances of the transmission lines and classifying the observed anomalies to determine the presence of attack and its location. The scheme for detecting data integrity attacks on SCADA systems is based on utilizing synchrophasor measurements from available PMUs in the grid. The proposed method uses a difference measure, developed in this thesis, to determine the relative divergence and mis-correlation between the datasets. Based on the estimated difference measure, tampered and genuine data can be distinguished. The proposed detection mechanisms have demonstrated high accuracy in real-time detection of attacks of various magnitudes, simulated on real PMU data obtained from the NY grid. By performing alarm clustering, the occurrence of false alarms has been reduced to almost zero. The solutions are computationally inexpensive, low on cost, do not add any overhead, and do not require any feedback from the network.

Security Enhanced User Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography

PubMed Central

Choi, Younsung; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Nam, Junghyun; Won, Dongho

2014-01-01

Wireless sensor networks (WSNs) consist of sensors, gateways and users. Sensors are widely distributed to monitor various conditions, such as temperature, sound, speed and pressure but they have limited computational ability and energy. To reduce the resource use of sensors and enhance the security of WSNs, various user authentication protocols have been proposed. In 2011, Yeh et al. first proposed a user authentication protocol based on elliptic curve cryptography (ECC) for WSNs. However, it turned out that Yeh et al.'s protocol does not provide mutual authentication, perfect forward secrecy, and key agreement between the user and sensor. Later in 2013, Shi et al. proposed a new user authentication protocol that improves both security and efficiency of Yeh et al.'s protocol. However, Shi et al.'s improvement introduces other security weaknesses. In this paper, we show that Shi et al.'s improved protocol is vulnerable to session key attack, stolen smart card attack, and sensor energy exhausting attack. In addition, we propose a new, security-enhanced user authentication protocol using ECC for WSNs. PMID:24919012

Security enhanced user authentication protocol for wireless sensor networks using elliptic curves cryptography.

PubMed

Choi, Younsung; Lee, Donghoon; Kim, Jiye; Jung, Jaewook; Nam, Junghyun; Won, Dongho

2014-06-10

Wireless sensor networks (WSNs) consist of sensors, gateways and users. Sensors are widely distributed to monitor various conditions, such as temperature, sound, speed and pressure but they have limited computational ability and energy. To reduce the resource use of sensors and enhance the security of WSNs, various user authentication protocols have been proposed. In 2011, Yeh et al. first proposed a user authentication protocol based on elliptic curve cryptography (ECC) for WSNs. However, it turned out that Yeh et al.'s protocol does not provide mutual authentication, perfect forward secrecy, and key agreement between the user and sensor. Later in 2013, Shi et al. proposed a new user authentication protocol that improves both security and efficiency of Yeh et al.'s protocol. However, Shi et al.'s improvement introduces other security weaknesses. In this paper, we show that Shi et al.'s improved protocol is vulnerable to session key attack, stolen smart card attack, and sensor energy exhausting attack. In addition, we propose a new, security-enhanced user authentication protocol using ECC for WSNs.

Prediction of Aerodynamic Characteristics of Fighter Wings at High Angles of Attack.

DTIC Science & Technology

1984-03-01

potential distribution throughout the network of four points on a body surface great- ly facilitates the flow analysis procedure. Tangential velocity...expensive of computer time. For example, as quoted by McLean, using this coarsest grid network , each 0 surface of the 727-200 wing required 10 minutes of...1980. 19. Le Balleur, J.C. and Neron , M., "Calcul D’Ecoulements3 Visqueux Decolles sur Profils D’Ailes par une Approche de Couplage", AGARn CP-291

Improving Biometric-Based Authentication Schemes with Smart Card Revocation/Reissue for Wireless Sensor Networks.

PubMed

Moon, Jongho; Lee, Donghoon; Lee, Youngsook; Won, Dongho

2017-04-25

User authentication in wireless sensor networks is more difficult than in traditional networks owing to sensor network characteristics such as unreliable communication, limited resources, and unattended operation. For these reasons, various authentication schemes have been proposed to provide secure and efficient communication. In 2016, Park et al. proposed a secure biometric-based authentication scheme with smart card revocation/reissue for wireless sensor networks. However, we found that their scheme was still insecure against impersonation attack, and had a problem in the smart card revocation/reissue phase. In this paper, we show how an adversary can impersonate a legitimate user or sensor node, illegal smart card revocation/reissue and prove that Park et al.'s scheme fails to provide revocation/reissue. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Finally, we provide security and performance analysis between previous schemes and the proposed scheme, and provide formal analysis based on the random oracle model. The results prove that the proposed scheme can solve the weaknesses of impersonation attack and other security flaws in the security analysis section. Furthermore, performance analysis shows that the computational cost is lower than the previous scheme.

Improving Biometric-Based Authentication Schemes with Smart Card Revocation/Reissue for Wireless Sensor Networks

PubMed Central

Moon, Jongho; Lee, Donghoon; Lee, Youngsook; Won, Dongho

2017-01-01

User authentication in wireless sensor networks is more difficult than in traditional networks owing to sensor network characteristics such as unreliable communication, limited resources, and unattended operation. For these reasons, various authentication schemes have been proposed to provide secure and efficient communication. In 2016, Park et al. proposed a secure biometric-based authentication scheme with smart card revocation/reissue for wireless sensor networks. However, we found that their scheme was still insecure against impersonation attack, and had a problem in the smart card revocation/reissue phase. In this paper, we show how an adversary can impersonate a legitimate user or sensor node, illegal smart card revocation/reissue and prove that Park et al.’s scheme fails to provide revocation/reissue. In addition, we propose an enhanced scheme that provides efficiency, as well as anonymity and security. Finally, we provide security and performance analysis between previous schemes and the proposed scheme, and provide formal analysis based on the random oracle model. The results prove that the proposed scheme can solve the weaknesses of impersonation attack and other security flaws in the security analysis section. Furthermore, performance analysis shows that the computational cost is lower than the previous scheme. PMID:28441331

Hierarchical Kohonenen net for anomaly detection in network security.

PubMed

Sarasamma, Suseela T; Zhu, Qiuming A; Huff, Julie

2005-04-01

A novel multilevel hierarchical Kohonen Net (K-Map) for an intrusion detection system is presented. Each level of the hierarchical map is modeled as a simple winner-take-all K-Map. One significant advantage of this multilevel hierarchical K-Map is its computational efficiency. Unlike other statistical anomaly detection methods such as nearest neighbor approach, K-means clustering or probabilistic analysis that employ distance computation in the feature space to identify the outliers, our approach does not involve costly point-to-point computation in organizing the data into clusters. Another advantage is the reduced network size. We use the classification capability of the K-Map on selected dimensions of data set in detecting anomalies. Randomly selected subsets that contain both attacks and normal records from the KDD Cup 1999 benchmark data are used to train the hierarchical net. We use a confidence measure to label the clusters. Then we use the test set from the same KDD Cup 1999 benchmark to test the hierarchical net. We show that a hierarchical K-Map in which each layer operates on a small subset of the feature space is superior to a single-layer K-Map operating on the whole feature space in detecting a variety of attacks in terms of detection rate as well as false positive rate.

Autonomous self-organizing resource manager for multiple networked platforms

NASA Astrophysics Data System (ADS)

Smith, James F., III

2002-08-01

A fuzzy logic based expert system for resource management has been developed that automatically allocates electronic attack (EA) resources in real-time over many dissimilar autonomous naval platforms defending their group against attackers. The platforms can be very general, e.g., ships, planes, robots, land based facilities, etc. Potential foes the platforms deal with can also be general. This paper provides an overview of the resource manager including the four fuzzy decision trees that make up the resource manager; the fuzzy EA model; genetic algorithm based optimization; co-evolutionary data mining through gaming; and mathematical, computational and hardware based validation. Methods of automatically designing new multi-platform EA techniques are considered. The expert system runs on each defending platform rendering it an autonomous system requiring no human intervention. There is no commanding platform. Instead the platforms work cooperatively as a function of battlespace geometry; sensor data such as range, bearing, ID, uncertainty measures for sensor output; intelligence reports; etc. Computational experiments will show the defending networked platform's ability to self- organize. The platforms' ability to self-organize is illustrated through the output of the scenario generator, a software package that automates the underlying data mining problem and creates a computer movie of the platforms' interaction for evaluation.

Attacks and intrusion detection in wireless sensor networks of industrial SCADA systems

NASA Astrophysics Data System (ADS)

Kamaev, V. A.; Finogeev, A. G.; Finogeev, A. A.; Parygin, D. S.

2017-01-01

The effectiveness of automated process control systems (APCS) and supervisory control and data acquisition systems (SCADA) information security depends on the applied protection technologies of transport environment data transmission components. This article investigates the problems of detecting attacks in wireless sensor networks (WSN) of SCADA systems. As a result of analytical studies, the authors developed the detailed classification of external attacks and intrusion detection in sensor networks and brought a detailed description of attacking impacts on components of SCADA systems in accordance with the selected directions of attacks.

The system of technical diagnostics of the industrial safety information network

NASA Astrophysics Data System (ADS)

Repp, P. V.

2017-01-01

This research is devoted to problems of safety of the industrial information network. Basic sub-networks, ensuring reliable operation of the elements of the industrial Automatic Process Control System, were identified. The core tasks of technical diagnostics of industrial information safety were presented. The structure of the technical diagnostics system of the information safety was proposed. It includes two parts: a generator of cyber-attacks and the virtual model of the enterprise information network. The virtual model was obtained by scanning a real enterprise network. A new classification of cyber-attacks was proposed. This classification enables one to design an efficient generator of cyber-attacks sets for testing the virtual modes of the industrial information network. The numerical method of the Monte Carlo (with LPτ - sequences of Sobol), and Markov chain was considered as the design method for the cyber-attacks generation algorithm. The proposed system also includes a diagnostic analyzer, performing expert functions. As an integrative quantitative indicator of the network reliability the stability factor (Kstab) was selected. This factor is determined by the weight of sets of cyber-attacks, identifying the vulnerability of the network. The weight depends on the frequency and complexity of cyber-attacks, the degree of damage, complexity of remediation. The proposed Kstab is an effective integral quantitative measure of the information network reliability.

Construction of a Cyber Attack Model for Nuclear Power Plants

DOE Office of Scientific and Technical Information (OSTI.GOV)

Varuttamaseni, Athi; Bari, Robert A.; Youngblood, Robert

The consideration of how one compromised digital equipment can impact neighboring equipment is critical to understanding the progression of cyber attacks. The degree of influence that one component may have on another depends on a variety of factors, including the sharing of resources such as network bandwidth or processing power, the level of trust between components, and the inclusion of segmentation devices such as firewalls. The interactions among components via mechanisms that are unique to the digital world are not usually considered in traditional PRA. This means potential sequences of events that may occur during an attack may be missedmore » if one were to only look at conventional accident sequences. This paper presents a method where, starting from the initial attack vector, the progression of a cyber attack can be modeled. The propagation of the attack is modeled by considering certain attributes of the digital components in the system. These attributes determine the potential vulnerability of a component to a class of attack and the capability gained by the attackers once they are in control of the equipment. The use of attributes allows similar components (components with the same set of attributes) to be modeled in the same way, thereby reducing the computing resources required for analysis of large systems.« less

How To: Protect against a Zero-Hour Attack

ERIC Educational Resources Information Center

McCarthy, Rob

2005-01-01

In the last year, a series of viruses and worms that caused damage across the Internet in record time has made very clear how vulnerable computer systems are. The MS Blaster, Slammer, Sasser, and Korgo.W worms have shown that signature-based antivirus software and traditional firewalls are not enough to protect networks. Everyone is worried about…

Con Artists Attack Colleges with Fake Help-Desk E-Mail

ERIC Educational Resources Information Center

Young, Jeffrey R.

2008-01-01

An e-mail scam has hit tens of thousands of users at dozens of colleges over the past few weeks, leaving network administrators scrambling to respond before campus computer accounts are taken over by spammers. Students, professors, and staff members at the affected colleges received e-mail messages that purported to come from the colleges' help…

Vulnerability of network of networks

NASA Astrophysics Data System (ADS)

Havlin, S.; Kenett, D. Y.; Bashan, A.; Gao, J.; Stanley, H. E.

2014-10-01

Our dependence on networks - be they infrastructure, economic, social or others - leaves us prone to crises caused by the vulnerabilities of these networks. There is a great need to develop new methods to protect infrastructure networks and prevent cascade of failures (especially in cases of coupled networks). Terrorist attacks on transportation networks have traumatized modern societies. With a single blast, it has become possible to paralyze airline traffic, electric power supply, ground transportation or Internet communication. How, and at which cost can one restructure the network such that it will become more robust against malicious attacks? The gradual increase in attacks on the networks society depends on - Internet, mobile phone, transportation, air travel, banking, etc. - emphasize the need to develop new strategies to protect and defend these crucial networks of communication and infrastructure networks. One example is the threat of liquid explosives a few years ago, which completely shut down air travel for days, and has created extreme changes in regulations. Such threats and dangers warrant the need for new tools and strategies to defend critical infrastructure. In this paper we review recent advances in the theoretical understanding of the vulnerabilities of interdependent networks with and without spatial embedding, attack strategies and their affect on such networks of networks as well as recently developed strategies to optimize and repair failures caused by such attacks.

Securing mobile ad hoc networks using danger theory-based artificial immune algorithm.

PubMed

Abdelhaq, Maha; Alsaqour, Raed; Abdelhaq, Shawkat

2015-01-01

A mobile ad hoc network (MANET) is a set of mobile, decentralized, and self-organizing nodes that are used in special cases, such as in the military. MANET properties render the environment of this network vulnerable to different types of attacks, including black hole, wormhole and flooding-based attacks. Flooding-based attacks are one of the most dangerous attacks that aim to consume all network resources and thus paralyze the functionality of the whole network. Therefore, the objective of this paper is to investigate the capability of a danger theory-based artificial immune algorithm called the mobile dendritic cell algorithm (MDCA) to detect flooding-based attacks in MANETs. The MDCA applies the dendritic cell algorithm (DCA) to secure the MANET with additional improvements. The MDCA is tested and validated using Qualnet v7.1 simulation tool. This work also introduces a new simulation module for a flooding attack called the resource consumption attack (RCA) using Qualnet v7.1. The results highlight the high efficiency of the MDCA in detecting RCAs in MANETs.

Securing Mobile Ad Hoc Networks Using Danger Theory-Based Artificial Immune Algorithm

PubMed Central

2015-01-01

A mobile ad hoc network (MANET) is a set of mobile, decentralized, and self-organizing nodes that are used in special cases, such as in the military. MANET properties render the environment of this network vulnerable to different types of attacks, including black hole, wormhole and flooding-based attacks. Flooding-based attacks are one of the most dangerous attacks that aim to consume all network resources and thus paralyze the functionality of the whole network. Therefore, the objective of this paper is to investigate the capability of a danger theory-based artificial immune algorithm called the mobile dendritic cell algorithm (MDCA) to detect flooding-based attacks in MANETs. The MDCA applies the dendritic cell algorithm (DCA) to secure the MANET with additional improvements. The MDCA is tested and validated using Qualnet v7.1 simulation tool. This work also introduces a new simulation module for a flooding attack called the resource consumption attack (RCA) using Qualnet v7.1. The results highlight the high efficiency of the MDCA in detecting RCAs in MANETs. PMID:25946001

Random domain name and address mutation (RDAM) for thwarting reconnaissance attacks

PubMed Central

Chen, Xi; Zhu, Yuefei

2017-01-01

Network address shuffling is a novel moving target defense (MTD) that invalidates the address information collected by the attacker by dynamically changing or remapping the host’s network addresses. However, most network address shuffling methods are limited by the limited address space and rely on the host’s static domain name to map to its dynamic address; therefore these methods cannot effectively defend against random scanning attacks, and cannot defend against an attacker who knows the target’s domain name. In this paper, we propose a network defense method based on random domain name and address mutation (RDAM), which increases the scanning space of the attacker through a dynamic domain name method and reduces the probability that a host will be hit by an attacker scanning IP addresses using the domain name system (DNS) query list and the time window methods. Theoretical analysis and experimental results show that RDAM can defend against scanning attacks and worm propagation more effectively than general network address shuffling methods, while introducing an acceptable operational overhead. PMID:28489910

Computation and Communication Evaluation of an Authentication Mechanism for Time-Triggered Networked Control Systems

PubMed Central

Martins, Goncalo; Moondra, Arul; Dubey, Abhishek; Bhattacharjee, Anirban; Koutsoukos, Xenofon D.

2016-01-01

In modern networked control applications, confidentiality and integrity are important features to address in order to prevent against attacks. Moreover, network control systems are a fundamental part of the communication components of current cyber-physical systems (e.g., automotive communications). Many networked control systems employ Time-Triggered (TT) architectures that provide mechanisms enabling the exchange of precise and synchronous messages. TT systems have computation and communication constraints, and with the aim to enable secure communications in the network, it is important to evaluate the computational and communication overhead of implementing secure communication mechanisms. This paper presents a comprehensive analysis and evaluation of the effects of adding a Hash-based Message Authentication (HMAC) to TT networked control systems. The contributions of the paper include (1) the analysis and experimental validation of the communication overhead, as well as a scalability analysis that utilizes the experimental result for both wired and wireless platforms and (2) an experimental evaluation of the computational overhead of HMAC based on a kernel-level Linux implementation. An automotive application is used as an example, and the results show that it is feasible to implement a secure communication mechanism without interfering with the existing automotive controller execution times. The methods and results of the paper can be used for evaluating the performance impact of security mechanisms and, thus, for the design of secure wired and wireless TT networked control systems. PMID:27463718

Computation and Communication Evaluation of an Authentication Mechanism for Time-Triggered Networked Control Systems.

PubMed

Martins, Goncalo; Moondra, Arul; Dubey, Abhishek; Bhattacharjee, Anirban; Koutsoukos, Xenofon D

2016-07-25

In modern networked control applications, confidentiality and integrity are important features to address in order to prevent against attacks. Moreover, network control systems are a fundamental part of the communication components of current cyber-physical systems (e.g., automotive communications). Many networked control systems employ Time-Triggered (TT) architectures that provide mechanisms enabling the exchange of precise and synchronous messages. TT systems have computation and communication constraints, and with the aim to enable secure communications in the network, it is important to evaluate the computational and communication overhead of implementing secure communication mechanisms. This paper presents a comprehensive analysis and evaluation of the effects of adding a Hash-based Message Authentication (HMAC) to TT networked control systems. The contributions of the paper include (1) the analysis and experimental validation of the communication overhead, as well as a scalability analysis that utilizes the experimental result for both wired and wireless platforms and (2) an experimental evaluation of the computational overhead of HMAC based on a kernel-level Linux implementation. An automotive application is used as an example, and the results show that it is feasible to implement a secure communication mechanism without interfering with the existing automotive controller execution times. The methods and results of the paper can be used for evaluating the performance impact of security mechanisms and, thus, for the design of secure wired and wireless TT networked control systems.

Cyber Security Research Frameworks For Coevolutionary Network Defense

DOE Office of Scientific and Technical Information (OSTI.GOV)

Rush, George D.; Tauritz, Daniel Remy

Several architectures have been created for developing and testing systems used in network security, but most are meant to provide a platform for running cyber security experiments as opposed to automating experiment processes. In the first paper, we propose a framework termed Distributed Cyber Security Automation Framework for Experiments (DCAFE) that enables experiment automation and control in a distributed environment. Predictive analysis of adversaries is another thorny issue in cyber security. Game theory can be used to mathematically analyze adversary models, but its scalability limitations restrict its use. Computational game theory allows us to scale classical game theory to larger,more » more complex systems. In the second paper, we propose a framework termed Coevolutionary Agent-based Network Defense Lightweight Event System (CANDLES) that can coevolve attacker and defender agent strategies and capabilities and evaluate potential solutions with a custom network defense simulation. The third paper is a continuation of the CANDLES project in which we rewrote key parts of the framework. Attackers and defenders have been redesigned to evolve pure strategy, and a new network security simulation is devised which specifies network architecture and adds a temporal aspect. We also add a hill climber algorithm to evaluate the search space and justify the use of a coevolutionary algorithm.« less

Cyber Signal/Noise Characteristics and Sensor Models for Early Cyber Indications and Warning

DTIC Science & Technology

2005-09-01

investigating and simulating attack scenarios. The sensors are, in effect , mathematical functions. These functions range from simple functions of...172 8.1.2 Examine each attack scenario or case to derive the cause- effect network for the attack scenario...threat profiles............................ 174 8.1.4 Develop attack profiles by enlarging the cause- effect network of each attack scenario with

Department of Defense Information Network (DODIN): A Study of Current Cyber Threats and Best Practices for Network Security

DTIC Science & Technology

2016-06-10

DODIN) is being threatened by state actors, non-state actors, and continuous hacking and cyber-attacks. These threats against the network come in a...variety of forms; physical attacks from radio jamming, logical cyber threats from hacking , or a combination of both physical and logical attacks. Each...year the number of hacking attacks is increasing. Corporations like Symantec publish annual reports on cyber threats and provide tips for best

Approaches to a global quantum key distribution network

NASA Astrophysics Data System (ADS)

Islam, Tanvirul; Bedington, Robert; Ling, Alexander

2017-10-01

Progress in realising quantum computers threatens to weaken existing public key encryption infrastructure. A global quantum key distribution (QKD) network can play a role in computational attack-resistant encryption. Such a network could use a constellation of high altitude platforms such as airships and satellites as trusted nodes to facilitate QKD between any two points on the globe on demand. This requires both space-to-ground and inter-platform links. However, the prohibitive cost of traditional satellite based development limits the experimental work demonstrating relevant technologies. To accelerate progress towards a global network, we use an emerging class of shoe-box sized spacecraft known as CubeSats. We have designed a polarization entangled photon pair source that can operate on board CubeSats. The robustness and miniature form factor of our entanglement source makes it especially suitable for performing pathfinder missions that studies QKD between two high altitude platforms. The technological outcomes of such mission would be the essential building blocks for a global QKD network.

Social Networking—Another Breach In The Wall

NASA Astrophysics Data System (ADS)

Bamnote, Gajendra; Patil, Gajendra; Shejole, Amol

2010-11-01

With the increasing popularity of social networks like Facebook and MySpace, such sites have lately become the favourite destinations for spammers and attackers. Social networks have experienced complex social engineering attacks, massive spam and aggressive malware distribution in the recent past. This paper presents a practical case study of social engineering, malware distribution and phishing attacks against social networking sites that are identified over last few months. It is explained how private data of the users are exposed to attackers and how easily their privacy is compromised as a result of these attacks and their own careless behaviour.

SDN-based path hopping communication against eavesdropping attack

NASA Astrophysics Data System (ADS)

Zhang, Chuanhao; Bu, Youjun; Zhao, Zheng

2016-10-01

Network eavesdropping is one of the most popular means used by cyber attackers, which has been a severe threat to network communication security. Adversaries could capture and analyze network communication data from network nodes or links, monitor network status and steal sensitive data such as username and password etc. Traditional network usually uses static network configuration, and existing defense methods, including firewall, IDS, IPS etc., cannot prevent eavesdropping, which has no distinguishing characteristic. Network eavesdropping become silent during most of the time of the attacking process, which is why it is difficult to discover and to defend. But A successful eavesdropping attack also has its' precondition, which is the target path should be relatively stable and has enough time of duration. So, In order to resolve this problem, it has to work on the network architecture. In this paper, a path hopping communication(PHC) mechanism based on Software Define Network (SDN) was proposed to solve this problem. In PHC, Ends in communication packets as well as the routing paths were changed dynamically. Therefore, the traffic would be distributed to multiple flows and transmitted along different paths. so that Network eavesdropping attack could be prevented effectively. It was concluded that PHC was able to increase the overhead of Network eavesdropping, as well as the difficulty of communication data recovery.

Adaptive Suspicious Prevention for Defending DoS Attacks in SDN-Based Convergent Networks

PubMed Central

Dao, Nhu-Ngoc; Kim, Joongheon; Park, Minho; Cho, Sungrae

2016-01-01

The convergent communication network will play an important role as a single platform to unify heterogeneous networks and integrate emerging technologies and existing legacy networks. Although there have been proposed many feasible solutions, they could not become convergent frameworks since they mainly focused on converting functions between various protocols and interfaces in edge networks, and handling functions for multiple services in core networks, e.g., the Multi-protocol Label Switching (MPLS) technique. Software-defined networking (SDN), on the other hand, is expected to be the ideal future for the convergent network since it can provide a controllable, dynamic, and cost-effective network. However, SDN has an original structural vulnerability behind a lot of advantages, which is the centralized control plane. As the brains of the network, a controller manages the whole network, which is attractive to attackers. In this context, we proposes a novel solution called adaptive suspicious prevention (ASP) mechanism to protect the controller from the Denial of Service (DoS) attacks that could incapacitate an SDN. The ASP is integrated with OpenFlow protocol to detect and prevent DoS attacks effectively. Our comprehensive experimental results show that the ASP enhances the resilience of an SDN network against DoS attacks by up to 38%. PMID:27494411

Adaptive Suspicious Prevention for Defending DoS Attacks in SDN-Based Convergent Networks.

PubMed

Dao, Nhu-Ngoc; Kim, Joongheon; Park, Minho; Cho, Sungrae

2016-01-01

The convergent communication network will play an important role as a single platform to unify heterogeneous networks and integrate emerging technologies and existing legacy networks. Although there have been proposed many feasible solutions, they could not become convergent frameworks since they mainly focused on converting functions between various protocols and interfaces in edge networks, and handling functions for multiple services in core networks, e.g., the Multi-protocol Label Switching (MPLS) technique. Software-defined networking (SDN), on the other hand, is expected to be the ideal future for the convergent network since it can provide a controllable, dynamic, and cost-effective network. However, SDN has an original structural vulnerability behind a lot of advantages, which is the centralized control plane. As the brains of the network, a controller manages the whole network, which is attractive to attackers. In this context, we proposes a novel solution called adaptive suspicious prevention (ASP) mechanism to protect the controller from the Denial of Service (DoS) attacks that could incapacitate an SDN. The ASP is integrated with OpenFlow protocol to detect and prevent DoS attacks effectively. Our comprehensive experimental results show that the ASP enhances the resilience of an SDN network against DoS attacks by up to 38%.

Network Robustness: the whole story

NASA Astrophysics Data System (ADS)

Longjas, A.; Tejedor, A.; Zaliapin, I. V.; Ambroj, S.; Foufoula-Georgiou, E.

2014-12-01

A multitude of actual processes operating on hydrological networks may exhibit binary outcomes such as clean streams in a river network that may become contaminated. These binary outcomes can be modeled by node removal processes (attacks) acting in a network. Network robustness against attacks has been widely studied in fields as diverse as the Internet, power grids and human societies. However, the current definition of robustness is only accounting for the connectivity of the nodes unaffected by the attack. Here, we put forward the idea that the connectivity of the affected nodes can play a crucial role in proper evaluation of the overall network robustness and its future recovery from the attack. Specifically, we propose a dual perspective approach wherein at any instant in the network evolution under attack, two distinct networks are defined: (i) the Active Network (AN) composed of the unaffected nodes and (ii) the Idle Network (IN) composed of the affected nodes. The proposed robustness metric considers both the efficiency of destroying the AN and the efficiency of building-up the IN. This approach is motivated by concrete applied problems, since, for example, if we study the dynamics of contamination in river systems, it is necessary to know both the connectivity of the healthy and contaminated parts of the river to assess its ecological functionality. We show that trade-offs between the efficiency of the Active and Idle network dynamics give rise to surprising crossovers and re-ranking of different attack strategies, pointing to significant implications for decision making.

Localized attacks on spatially embedded networks with dependencies.

PubMed

Berezin, Yehiel; Bashan, Amir; Danziger, Michael M; Li, Daqing; Havlin, Shlomo

2015-03-11

Many real world complex systems such as critical infrastructure networks are embedded in space and their components may depend on one another to function. They are also susceptible to geographically localized damage caused by malicious attacks or natural disasters. Here, we study a general model of spatially embedded networks with dependencies under localized attacks. We develop a theoretical and numerical approach to describe and predict the effects of localized attacks on spatially embedded systems with dependencies. Surprisingly, we find that a localized attack can cause substantially more damage than an equivalent random attack. Furthermore, we find that for a broad range of parameters, systems which appear stable are in fact metastable. Though robust to random failures-even of finite fraction-if subjected to a localized attack larger than a critical size which is independent of the system size (i.e., a zero fraction), a cascading failure emerges which leads to complete system collapse. Our results demonstrate the potential high risk of localized attacks on spatially embedded network systems with dependencies and may be useful for designing more resilient systems.

A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks.

PubMed

Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

2015-12-17

Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism.

A Security Assessment Mechanism for Software-Defined Networking-Based Mobile Networks

PubMed Central

Luo, Shibo; Dong, Mianxiong; Ota, Kaoru; Wu, Jun; Li, Jianhua

2015-01-01

Software-Defined Networking-based Mobile Networks (SDN-MNs) are considered the future of 5G mobile network architecture. With the evolving cyber-attack threat, security assessments need to be performed in the network management. Due to the distinctive features of SDN-MNs, such as their dynamic nature and complexity, traditional network security assessment methodologies cannot be applied directly to SDN-MNs, and a novel security assessment methodology is needed. In this paper, an effective security assessment mechanism based on attack graphs and an Analytic Hierarchy Process (AHP) is proposed for SDN-MNs. Firstly, this paper discusses the security assessment problem of SDN-MNs and proposes a methodology using attack graphs and AHP. Secondly, to address the diversity and complexity of SDN-MNs, a novel attack graph definition and attack graph generation algorithm are proposed. In order to quantify security levels, the Node Minimal Effort (NME) is defined to quantify attack cost and derive system security levels based on NME. Thirdly, to calculate the NME of an attack graph that takes the dynamic factors of SDN-MN into consideration, we use AHP integrated with the Technique for Order Preference by Similarity to an Ideal Solution (TOPSIS) as the methodology. Finally, we offer a case study to validate the proposed methodology. The case study and evaluation show the advantages of the proposed security assessment mechanism. PMID:26694409

Stability and Topology of Scale-Free Networks under Attack and Defense Strategies

NASA Astrophysics Data System (ADS)

Gallos, Lazaros K.; Cohen, Reuven; Argyrakis, Panos; Bunde, Armin; Havlin, Shlomo

2005-05-01

We study tolerance and topology of random scale-free networks under attack and defense strategies that depend on the degree k of the nodes. This situation occurs, for example, when the robustness of a node depends on its degree or in an intentional attack with insufficient knowledge of the network. We determine, for all strategies, the critical fraction pc of nodes that must be removed for disintegrating the network. We find that, for an intentional attack, little knowledge of the well-connected sites is sufficient to strongly reduce pc. At criticality, the topology of the network depends on the removal strategy, implying that different strategies may lead to different kinds of percolation transitions.

Trouble Brewing: Using Observations of Invariant Behavior to Detect Malicious Agency in Distributed Control Systems

NASA Astrophysics Data System (ADS)

McEvoy, Thomas Richard; Wolthusen, Stephen D.

Recent research on intrusion detection in supervisory data acquisition and control (SCADA) and DCS systems has focused on anomaly detection at protocol level based on the well-defined nature of traffic on such networks. Here, we consider attacks which compromise sensors or actuators (including physical manipulation), where intrusion may not be readily apparent as data and computational states can be controlled to give an appearance of normality, and sensor and control systems have limited accuracy. To counter these, we propose to consider indirect relations between sensor readings to detect such attacks through concurrent observations as determined by control laws and constraints.

Science & Technology Review January/February 2010

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bearinger, J P

2009-11-30

This month's issue has the following articles: (1) Innovative Materials Rise to the Radiation Challenge - Commentary by Bruce Warner; (2) The Hunt for Better Radiation Detection - New materials will help radiation detectors pick up weak signals and accurately identify illicit radioactive sources; (3) Time-Critical Technology Identifies Deadly Bloodborne Pathogens - A portable device can simultaneously distinguish up to five bloodborne pathogens in just minutes; (4) Defending Computer Networks against Attack - A Laboratory effort takes a new approach to detecting increasingly sophisticated cyber attacks; and (5) Imaging Cargo's Inner Secrets - Livermore-University of California collaborators are modeling amore » new radiographic technique for identifying nuclear materials concealed inside cargo containers.« less

The structure of gallery networks in the nests of termite Cubitermes spp. revealed by X-ray tomography

NASA Astrophysics Data System (ADS)

Perna, Andrea; Jost, Christian; Couturier, Etienne; Valverde, Sergi; Douady, Stéphane; Theraulaz, Guy

2008-09-01

Recent studies have introduced computer tomography (CT) as a tool for the visualisation and characterisation of insect architectures. Here, we use CT to map the three-dimensional networks of galleries inside Cubitermes nests in order to analyse them with tools from graph theory. The structure of these networks indicates that connections inside the nest are rearranged during the whole nest life. The functional analysis reveals that the final network topology represents an excellent compromise between efficient connectivity inside the nest and defence against attacking predators. We further discuss and illustrate the usefulness of CT to disentangle environmental and specific influences on nest architecture.

Using Unix system auditing for detecting network intrusions

DOE Office of Scientific and Technical Information (OSTI.GOV)

Christensen, M.J.

1993-03-01

Intrusion Detection Systems (IDSs) are designed to detect actions of individuals who use computer resources without authorization as well as legitimate users who exceed their privileges. This paper describes a novel approach to IDS research, namely a decision aiding approach to intrusion detection. The introduction of a decision tree represents the logical steps necessary to distinguish and identify different types of attacks. This tool, the Intrusion Decision Aiding Tool (IDAT), utilizes IDS-based attack models and standard Unix audit data. Since attacks have certain characteristics and are based on already developed signature attack models, experienced and knowledgeable Unix system administrators knowmore » what to look for in system audit logs to determine if a system has been attacked. Others, however, are usually less able to recognize common signatures of unauthorized access. Users can traverse the tree using available audit data displayed by IDAT and general knowledge they possess to reach a conclusion regarding suspicious activity. IDAT is an easy-to-use window based application that gathers, analyzes, and displays pertinent system data according to Unix attack characteristics. IDAT offers a more practical approach and allows the user to make an informed decision regarding suspicious activity.« less

Development of module for neural network identification of attacks on applications and services in multi-cloud platforms

NASA Astrophysics Data System (ADS)

Parfenov, D. I.; Bolodurina, I. P.

2018-05-01

The article presents the results of developing an approach to detecting and protecting against network attacks on the corporate infrastructure deployed on the multi-cloud platform. The proposed approach is based on the combination of two technologies: a softwareconfigurable network and virtualization of network functions. The approach for searching for anomalous traffic is to use a hybrid neural network consisting of a self-organizing Kohonen network and a multilayer perceptron. The study of the work of the prototype of the system for detecting attacks, the method of forming a learning sample, and the course of experiments are described. The study showed that using the proposed approach makes it possible to increase the effectiveness of the obfuscation of various types of attacks and at the same time does not reduce the performance of the network

Detection of network attacks based on adaptive resonance theory

NASA Astrophysics Data System (ADS)

Bukhanov, D. G.; Polyakov, V. M.

2018-05-01

The paper considers an approach to intrusion detection systems using a neural network of adaptive resonant theory. It suggests the structure of an intrusion detection system consisting of two types of program modules. The first module manages connections of user applications by preventing the undesirable ones. The second analyzes the incoming network traffic parameters to check potential network attacks. After attack detection, it notifies the required stations using a secure transmission channel. The paper describes the experiment on the detection and recognition of network attacks using the test selection. It also compares the obtained results with similar experiments carried out by other authors. It gives findings and conclusions on the sufficiency of the proposed approach. The obtained information confirms the sufficiency of applying the neural networks of adaptive resonant theory to analyze network traffic within the intrusion detection system.

DOE Office of Scientific and Technical Information (OSTI.GOV)

John Homer; Ashok Varikuti; Xinming Ou

Various tools exist to analyze enterprise network systems and to produce attack graphs detailing how attackers might penetrate into the system. These attack graphs, however, are often complex and difficult to comprehend fully, and a human user may find it problematic to reach appropriate configuration decisions. This paper presents methodologies that can 1) automatically identify portions of an attack graph that do not help a user to understand the core security problems and so can be trimmed, and 2) automatically group similar attack steps as virtual nodes in a model of the network topology, to immediately increase the understandability ofmore » the data. We believe both methods are important steps toward improving visualization of attack graphs to make them more useful in configuration management for large enterprise networks. We implemented our methods using one of the existing attack-graph toolkits. Initial experimentation shows that the proposed approaches can 1) significantly reduce the complexity of attack graphs by trimming a large portion of the graph that is not needed for a user to understand the security problem, and 2) significantly increase the accessibility and understandability of the data presented in the attack graph by clearly showing, within a generated visualization of the network topology, the number and type of potential attacks to which each host is exposed.« less

A model for anomaly classification in intrusion detection systems

NASA Astrophysics Data System (ADS)

Ferreira, V. O.; Galhardi, V. V.; Gonçalves, L. B. L.; Silva, R. C.; Cansian, A. M.

2015-09-01

Intrusion Detection Systems (IDS) are traditionally divided into two types according to the detection methods they employ, namely (i) misuse detection and (ii) anomaly detection. Anomaly detection has been widely used and its main advantage is the ability to detect new attacks. However, the analysis of anomalies generated can become expensive, since they often have no clear information about the malicious events they represent. In this context, this paper presents a model for automated classification of alerts generated by an anomaly based IDS. The main goal is either the classification of the detected anomalies in well-defined taxonomies of attacks or to identify whether it is a false positive misclassified by the IDS. Some common attacks to computer networks were considered and we achieved important results that can equip security analysts with best resources for their analyses.

Network Security Validation Using Game Theory

NASA Astrophysics Data System (ADS)

Papadopoulou, Vicky; Gregoriades, Andreas

Non-functional requirements (NFR) such as network security recently gained widespread attention in distributed information systems. Despite their importance however, there is no systematic approach to validate these requirements given the complexity and uncertainty characterizing modern networks. Traditionally, network security requirements specification has been the results of a reactive process. This however, limited the immunity property of the distributed systems that depended on these networks. Security requirements specification need a proactive approach. Networks' infrastructure is constantly under attack by hackers and malicious software that aim to break into computers. To combat these threats, network designers need sophisticated security validation techniques that will guarantee the minimum level of security for their future networks. This paper presents a game-theoretic approach to security requirements validation. An introduction to game theory is presented along with an example that demonstrates the application of the approach.

Eavesdropping-aware routing and spectrum allocation based on multi-flow virtual concatenation for confidential information service in elastic optical networks

NASA Astrophysics Data System (ADS)

Bai, Wei; Yang, Hui; Yu, Ao; Xiao, Hongyun; He, Linkuan; Feng, Lei; Zhang, Jie

2018-01-01

The leakage of confidential information is one of important issues in the network security area. Elastic Optical Networks (EON) as a promising technology in the optical transport network is under threat from eavesdropping attacks. It is a great demand to support confidential information service (CIS) and design efficient security strategy against the eavesdropping attacks. In this paper, we propose a solution to cope with the eavesdropping attacks in routing and spectrum allocation. Firstly, we introduce probability theory to describe eavesdropping issue and achieve awareness of eavesdropping attacks. Then we propose an eavesdropping-aware routing and spectrum allocation (ES-RSA) algorithm to guarantee information security. For further improving security and network performance, we employ multi-flow virtual concatenation (MFVC) and propose an eavesdropping-aware MFVC-based secure routing and spectrum allocation (MES-RSA) algorithm. The presented simulation results show that the proposed two RSA algorithms can both achieve greater security against the eavesdropping attacks and MES-RSA can also improve the network performance efficiently.

Cryptanalysis and improvement of a biometrics-based authentication and key agreement scheme for multi-server environments.

PubMed

Yang, Li; Zheng, Zhiming

2018-01-01

According to advancements in the wireless technologies, study of biometrics-based multi-server authenticated key agreement schemes has acquired a lot of momentum. Recently, Wang et al. presented a three-factor authentication protocol with key agreement and claimed that their scheme was resistant to several prominent attacks. Unfortunately, this paper indicates that their protocol is still vulnerable to the user impersonation attack, privileged insider attack and server spoofing attack. Furthermore, their protocol cannot provide the perfect forward secrecy. As a remedy of these aforementioned problems, we propose a biometrics-based authentication and key agreement scheme for multi-server environments. Compared with various related schemes, our protocol achieves the stronger security and provides more functionality properties. Besides, the proposed protocol shows the satisfactory performances in respect of storage requirement, communication overhead and computational cost. Thus, our protocol is suitable for expert systems and other multi-server architectures. Consequently, the proposed protocol is more appropriate in the distributed networks.

Cryptanalysis and improvement of a biometrics-based authentication and key agreement scheme for multi-server environments

PubMed Central

Zheng, Zhiming

2018-01-01

According to advancements in the wireless technologies, study of biometrics-based multi-server authenticated key agreement schemes has acquired a lot of momentum. Recently, Wang et al. presented a three-factor authentication protocol with key agreement and claimed that their scheme was resistant to several prominent attacks. Unfortunately, this paper indicates that their protocol is still vulnerable to the user impersonation attack, privileged insider attack and server spoofing attack. Furthermore, their protocol cannot provide the perfect forward secrecy. As a remedy of these aforementioned problems, we propose a biometrics-based authentication and key agreement scheme for multi-server environments. Compared with various related schemes, our protocol achieves the stronger security and provides more functionality properties. Besides, the proposed protocol shows the satisfactory performances in respect of storage requirement, communication overhead and computational cost. Thus, our protocol is suitable for expert systems and other multi-server architectures. Consequently, the proposed protocol is more appropriate in the distributed networks. PMID:29534085

The Optimal Employment of a Deep Seaweb Acoustic Network for Submarine Communications at Speed and Depth Using a Defender-Attacker-Defender Model

DTIC Science & Technology

2013-09-01

Figure 17. Reliable acoustic paths from a deep source to shallow receivers (From Urick 1983... Urick 1983). ..................................................................28 Figure 19. Computer generated ray diagram of the DSC for a source...near the axis. Reflected rays are omitted (From Urick 1983). .........................................29 Figure 20. Worldwide DSC axis depths in

A Systems Engineering Framework for Implementing a Security and Critical Patch Management Process in Diverse Environments (Academic Departments' Workstations)

ERIC Educational Resources Information Center

Mohammadi, Hadi

2014-01-01

Use of the Patch Vulnerability Management (PVM) process should be seriously considered for any networked computing system. The PVM process prevents the operating system (OS) and software applications from being attacked due to security vulnerabilities, which lead to system failures and critical data leakage. The purpose of this research is to…

Attacks on Bluetooth Security Architecture and Its Countermeasures

NASA Astrophysics Data System (ADS)

Iqbal, Mian Muhammad Waseem; Kausar, Firdous; Wahla, Muhammad Arif

WPANs compliment the traditional IEEE 802.11 wireless networks by facilitating the clients with flexibility in network topologies, higher mobility and relaxed configuration/hardware requirements. Bluetooth, a WPAN technology, is an open standard for short-range radio frequency (RF) communication. However, it is also susceptible to typical security threats found in wireless LANs. This paper discuses some of the attack scenarios against the bluetooth network such as hostile intrusion, active Man-in-the-Middle (MITM) attack using unit key and various forms of denial of service (DoS) attacks. These threats and attacks compromise the confidentiality and availability of bluetooth data and services. This paper proposes an improved security architecture for bluetooth device which provides protection against the above mentioned attacks.

On the Simulation-Based Reliability of Complex Emergency Logistics Networks in Post-Accident Rescues.

PubMed

Wang, Wei; Huang, Li; Liang, Xuedong

2018-01-06

This paper investigates the reliability of complex emergency logistics networks, as reliability is crucial to reducing environmental and public health losses in post-accident emergency rescues. Such networks' statistical characteristics are analyzed first. After the connected reliability and evaluation indices for complex emergency logistics networks are effectively defined, simulation analyses of network reliability are conducted under two different attack modes using a particular emergency logistics network as an example. The simulation analyses obtain the varying trends in emergency supply times and the ratio of effective nodes and validates the effects of network characteristics and different types of attacks on network reliability. The results demonstrate that this emergency logistics network is both a small-world and a scale-free network. When facing random attacks, the emergency logistics network steadily changes, whereas it is very fragile when facing selective attacks. Therefore, special attention should be paid to the protection of supply nodes and nodes with high connectivity. The simulation method provides a new tool for studying emergency logistics networks and a reference for similar studies.

Measure of robustness for complex networks

NASA Astrophysics Data System (ADS)

Youssef, Mina Nabil

Critical infrastructures are repeatedly attacked by external triggers causing tremendous amount of damages. Any infrastructure can be studied using the powerful theory of complex networks. A complex network is composed of extremely large number of different elements that exchange commodities providing significant services. The main functions of complex networks can be damaged by different types of attacks and failures that degrade the network performance. These attacks and failures are considered as disturbing dynamics, such as the spread of viruses in computer networks, the spread of epidemics in social networks, and the cascading failures in power grids. Depending on the network structure and the attack strength, every network differently suffers damages and performance degradation. Hence, quantifying the robustness of complex networks becomes an essential task. In this dissertation, new metrics are introduced to measure the robustness of technological and social networks with respect to the spread of epidemics, and the robustness of power grids with respect to cascading failures. First, we introduce a new metric called the Viral Conductance (VCSIS ) to assess the robustness of networks with respect to the spread of epidemics that are modeled through the susceptible/infected/susceptible (SIS) epidemic approach. In contrast to assessing the robustness of networks based on a classical metric, the epidemic threshold, the new metric integrates the fraction of infected nodes at steady state for all possible effective infection strengths. Through examples, VCSIS provides more insights about the robustness of networks than the epidemic threshold. In addition, both the paradoxical robustness of Barabasi-Albert preferential attachment networks and the effect of the topology on the steady state infection are studied, to show the importance of quantifying the robustness of networks. Second, a new metric VCSIR is introduced to assess the robustness of networks with respect to the spread of susceptible/infected/recovered (SIR) epidemics. To compute VCSIR, we propose a novel individual-based approach to model the spread of SIR epidemics in networks, which captures the infection size for a given effective infection rate. Thus, VCSIR quantitatively integrates the infection strength with the corresponding infection size. To optimize the VCSIR metric, a new mitigation strategy is proposed, based on a temporary reduction of contacts in social networks. The social contact network is modeled as a weighted graph that describes the frequency of contacts among the individuals. Thus, we consider the spread of an epidemic as a dynamical system, and the total number of infection cases as the state of the system, while the weight reduction in the social network is the controller variable leading to slow/reduce the spread of epidemics. Using optimal control theory, the obtained solution represents an optimal adaptive weighted network defined over a finite time interval. Moreover, given the high complexity of the optimization problem, we propose two heuristics to find the near optimal solutions by reducing the contacts among the individuals in a decentralized way. Finally, the cascading failures that can take place in power grids and have recently caused several blackouts are studied. We propose a new metric to assess the robustness of the power grid with respect to the cascading failures. The power grid topology is modeled as a network, which consists of nodes and links representing power substations and transmission lines, respectively. We also propose an optimal islanding strategy to protect the power grid when a cascading failure event takes place in the grid. The robustness metrics are numerically evaluated using real and synthetic networks to quantify their robustness with respect to disturbing dynamics. We show that the proposed metrics outperform the classical metrics in quantifying the robustness of networks and the efficiency of the mitigation strategies. In summary, our work advances the network science field in assessing the robustness of complex networks with respect to various disturbing dynamics.

Autoblocker: a system for detecting and blocking of network scanning based on analysis of netflow data

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bobyshev, A.; Lamore, D.; Demar, P.

2004-12-01

In a large campus network, such at Fermilab, with tens of thousands of nodes, scanning initiated from either outside of or within the campus network raises security concerns. This scanning may have very serious impact on network performance, and even disrupt normal operation of many services. In this paper we introduce a system for detecting and automatic blocking excessive traffic of different kinds of scanning, DoS attacks, virus infected computers. The system, called AutoBlocker, is a distributed computing system based on quasi-real time analysis of network flow data collected from the border router and core switches. AutoBlocker also has anmore » interface to accept alerts from IDS systems (e.g. BRO, SNORT) that are based on other technologies. The system has multiple configurable alert levels for the detection of anomalous behavior and configurable trigger criteria for automated blocking of scans at the core or border routers. It has been in use at Fermilab for about 2 years, and has become a very valuable tool to curtail scan activity within the Fermilab campus network.« less

A provably-secure ECC-based authentication scheme for wireless sensor networks.

PubMed

Nam, Junghyun; Kim, Moonseong; Paik, Juryon; Lee, Youngsook; Won, Dongho

2014-11-06

A smart-card-based user authentication scheme for wireless sensor networks (in short, a SUA-WSN scheme) is designed to restrict access to the sensor data only to users who are in possession of both a smart card and the corresponding password. While a significant number of SUA-WSN schemes have been suggested in recent years, their intended security properties lack formal definitions and proofs in a widely-accepted model. One consequence is that SUA-WSN schemes insecure against various attacks have proliferated. In this paper, we devise a security model for the analysis of SUA-WSN schemes by extending the widely-accepted model of Bellare, Pointcheval and Rogaway (2000). Our model provides formal definitions of authenticated key exchange and user anonymity while capturing side-channel attacks, as well as other common attacks. We also propose a new SUA-WSN scheme based on elliptic curve cryptography (ECC), and prove its security properties in our extended model. To the best of our knowledge, our proposed scheme is the first SUA-WSN scheme that provably achieves both authenticated key exchange and user anonymity. Our scheme is also computationally competitive with other ECC-based (non-provably secure) schemes.

A Lightweight White-Box Symmetric Encryption Algorithm against Node Capture for WSNs †

PubMed Central

Shi, Yang; Wei, Wujing; He, Zongjian

2015-01-01

Wireless Sensor Networks (WSNs) are often deployed in hostile environments and, thus, nodes can be potentially captured by an adversary. This is a typical white-box attack context, i.e., the adversary may have total visibility of the implementation of the build-in cryptosystem and full control over its execution platform. Handling white-box attacks in a WSN scenario is a challenging task. Existing encryption algorithms for white-box attack contexts require large memory footprint and, hence, are not applicable for wireless sensor networks scenarios. As a countermeasure against the threat in this context, in this paper, we propose a class of lightweight secure implementations of the symmetric encryption algorithm SMS4. The basic idea of our approach is to merge several steps of the round function of SMS4 into table lookups, blended by randomly generated mixing bijections. Therefore, the size of the implementations are significantly reduced while keeping the same security efficiency. The security and efficiency of the proposed solutions are theoretically analyzed. Evaluation shows our solutions satisfy the requirement of sensor nodes in terms of limited memory size and low computational costs. PMID:26007737

A Provably-Secure ECC-Based Authentication Scheme for Wireless Sensor Networks

PubMed Central

Nam, Junghyun; Kim, Moonseong; Paik, Juryon; Lee, Youngsook; Won, Dongho

2014-01-01

A smart-card-based user authentication scheme for wireless sensor networks (in short, a SUA-WSN scheme) is designed to restrict access to the sensor data only to users who are in possession of both a smart card and the corresponding password. While a significant number of SUA-WSN schemes have been suggested in recent years, their intended security properties lack formal definitions and proofs in a widely-accepted model. One consequence is that SUA-WSN schemes insecure against various attacks have proliferated. In this paper, we devise a security model for the analysis of SUA-WSN schemes by extending the widely-accepted model of Bellare, Pointcheval and Rogaway (2000). Our model provides formal definitions of authenticated key exchange and user anonymity while capturing side-channel attacks, as well as other common attacks. We also propose a new SUA-WSN scheme based on elliptic curve cryptography (ECC), and prove its security properties in our extended model. To the best of our knowledge, our proposed scheme is the first SUA-WSN scheme that provably achieves both authenticated key exchange and user anonymity. Our scheme is also computationally competitive with other ECC-based (non-provably secure) schemes. PMID:25384009

Cryptanalysis and security improvements of 'two-factor user authentication in wireless sensor networks'.

PubMed

Khan, Muhammad Khurram; Alghathbar, Khaled

2010-01-01

User authentication in wireless sensor networks (WSN) is a critical security issue due to their unattended and hostile deployment in the field. Since sensor nodes are equipped with limited computing power, storage, and communication modules; authenticating remote users in such resource-constrained environments is a paramount security concern. Recently, M.L. Das proposed a two-factor user authentication scheme in WSNs and claimed that his scheme is secure against different kinds of attack. However, in this paper, we show that the M.L. Das-scheme has some critical security pitfalls and cannot be recommended for real applications. We point out that in his scheme: users cannot change/update their passwords, it does not provide mutual authentication between gateway node and sensor node, and is vulnerable to gateway node bypassing attack and privileged-insider attack. To overcome the inherent security weaknesses of the M.L. Das-scheme, we propose improvements and security patches that attempt to fix the susceptibilities of his scheme. The proposed security improvements can be incorporated in the M.L. Das-scheme for achieving a more secure and robust two-factor user authentication in WSNs.

An Enhanced Secure Identity-Based Certificateless Public Key Authentication Scheme for Vehicular Sensor Networks

PubMed Central

Li, Congcong; Zhang, Xi; Wang, Haiping; Li, Dongfeng

2018-01-01

Vehicular sensor networks have been widely applied in intelligent traffic systems in recent years. Because of the specificity of vehicular sensor networks, they require an enhanced, secure and efficient authentication scheme. Existing authentication protocols are vulnerable to some problems, such as a high computational overhead with certificate distribution and revocation, strong reliance on tamper-proof devices, limited scalability when building many secure channels, and an inability to detect hardware tampering attacks. In this paper, an improved authentication scheme using certificateless public key cryptography is proposed to address these problems. A security analysis of our scheme shows that our protocol provides an enhanced secure anonymous authentication, which is resilient against major security threats. Furthermore, the proposed scheme reduces the incidence of node compromise and replication attacks. The scheme also provides a malicious-node detection and warning mechanism, which can quickly identify compromised static nodes and immediately alert the administrative department. With performance evaluations, the scheme can obtain better trade-offs between security and efficiency than the well-known available schemes. PMID:29324719

RUASN: a robust user authentication framework for wireless sensor networks.

PubMed

Kumar, Pardeep; Choudhury, Amlan Jyoti; Sain, Mangal; Lee, Sang-Gon; Lee, Hoon-Jae

2011-01-01

In recent years, wireless sensor networks (WSNs) have been considered as a potential solution for real-time monitoring applications and these WSNs have potential practical impact on next generation technology too. However, WSNs could become a threat if suitable security is not considered before the deployment and if there are any loopholes in their security, which might open the door for an attacker and hence, endanger the application. User authentication is one of the most important security services to protect WSN data access from unauthorized users; it should provide both mutual authentication and session key establishment services. This paper proposes a robust user authentication framework for wireless sensor networks, based on a two-factor (password and smart card) concept. This scheme facilitates many services to the users such as user anonymity, mutual authentication, secure session key establishment and it allows users to choose/update their password regularly, whenever needed. Furthermore, we have provided the formal verification using Rubin logic and compare RUASN with many existing schemes. As a result, we found that the proposed scheme possesses many advantages against popular attacks, and achieves better efficiency at low computation cost.

On the Simulation-Based Reliability of Complex Emergency Logistics Networks in Post-Accident Rescues

PubMed Central

Wang, Wei; Huang, Li; Liang, Xuedong

2018-01-01

This paper investigates the reliability of complex emergency logistics networks, as reliability is crucial to reducing environmental and public health losses in post-accident emergency rescues. Such networks’ statistical characteristics are analyzed first. After the connected reliability and evaluation indices for complex emergency logistics networks are effectively defined, simulation analyses of network reliability are conducted under two different attack modes using a particular emergency logistics network as an example. The simulation analyses obtain the varying trends in emergency supply times and the ratio of effective nodes and validates the effects of network characteristics and different types of attacks on network reliability. The results demonstrate that this emergency logistics network is both a small-world and a scale-free network. When facing random attacks, the emergency logistics network steadily changes, whereas it is very fragile when facing selective attacks. Therefore, special attention should be paid to the protection of supply nodes and nodes with high connectivity. The simulation method provides a new tool for studying emergency logistics networks and a reference for similar studies. PMID:29316614

Cyber situational awareness and differential hardening

NASA Astrophysics Data System (ADS)

Dwivedi, Anurag; Tebben, Dan

2012-06-01

The advent of cyber threats has created a need for a new network planning, design, architecture, operations, control, situational awareness, management, and maintenance paradigms. Primary considerations include the ability to assess cyber attack resiliency of the network, and rapidly detect, isolate, and operate during deliberate simultaneous attacks against the network nodes and links. Legacy network planning relied on automatic protection of a network in the event of a single fault or a very few simultaneous faults in mesh networks, but in the future it must be augmented to include improved network resiliency and vulnerability awareness to cyber attacks. Ability to design a resilient network requires the development of methods to define, and quantify the network resiliency to attacks, and to be able to develop new optimization strategies for maintaining operations in the midst of these newly emerging cyber threats. Ways to quantify resiliency, and its use in visualizing cyber vulnerability awareness and in identifying node or link criticality, are presented in the current work, as well as a methodology of differential network hardening based on the criticality profile of cyber network components.

Unsupervised algorithms for intrusion detection and identification in wireless ad hoc sensor networks

NASA Astrophysics Data System (ADS)

Hortos, William S.

2009-05-01

In previous work by the author, parameters across network protocol layers were selected as features in supervised algorithms that detect and identify certain intrusion attacks on wireless ad hoc sensor networks (WSNs) carrying multisensor data. The algorithms improved the residual performance of the intrusion prevention measures provided by any dynamic key-management schemes and trust models implemented among network nodes. The approach of this paper does not train algorithms on the signature of known attack traffic, but, instead, the approach is based on unsupervised anomaly detection techniques that learn the signature of normal network traffic. Unsupervised learning does not require the data to be labeled or to be purely of one type, i.e., normal or attack traffic. The approach can be augmented to add any security attributes and quantified trust levels, established during data exchanges among nodes, to the set of cross-layer features from the WSN protocols. A two-stage framework is introduced for the security algorithms to overcome the problems of input size and resource constraints. The first stage is an unsupervised clustering algorithm which reduces the payload of network data packets to a tractable size. The second stage is a traditional anomaly detection algorithm based on a variation of support vector machines (SVMs), whose efficiency is improved by the availability of data in the packet payload. In the first stage, selected algorithms are adapted to WSN platforms to meet system requirements for simple parallel distributed computation, distributed storage and data robustness. A set of mobile software agents, acting like an ant colony in securing the WSN, are distributed at the nodes to implement the algorithms. The agents move among the layers involved in the network response to the intrusions at each active node and trustworthy neighborhood, collecting parametric values and executing assigned decision tasks. This minimizes the need to move large amounts of audit-log data through resource-limited nodes and locates routines closer to that data. Performance of the unsupervised algorithms is evaluated against the network intrusions of black hole, flooding, Sybil and other denial-of-service attacks in simulations of published scenarios. Results for scenarios with intentionally malfunctioning sensors show the robustness of the two-stage approach to intrusion anomalies.

A system for distributed intrusion detection

DOE Office of Scientific and Technical Information (OSTI.GOV)

Snapp, S.R.; Brentano, J.; Dias, G.V.

1991-01-01

The study of providing security in computer networks is a rapidly growing area of interest because the network is the medium over which most attacks or intrusions on computer systems are launched. One approach to solving this problem is the intrusion-detection concept, whose basic premise is that not only abandoning the existing and huge infrastructure of possibly-insecure computer and network systems is impossible, but also replacing them by totally-secure systems may not be feasible or cost effective. Previous work on intrusion-detection systems were performed on stand-alone hosts and on a broadcast local area network (LAN) environment. The focus of ourmore » present research is to extend our network intrusion-detection concept from the LAN environment to arbitarily wider areas with the network topology being arbitrary as well. The generalized distributed environment is heterogeneous, i.e., the network nodes can be hosts or servers from different vendors, or some of them could be LAN managers, like our previous work, a network security monitor (NSM), as well. The proposed architecture for this distributed intrusion-detection system consists of the following components: a host manager in each host; a LAN manager for monitoring each LAN in the system; and a central manager which is placed at a single secure location and which receives reports from various host and LAN managers to process these reports, correlate them, and detect intrusions. 11 refs., 2 figs.« less

Attack-tolerant networked control system: an approach for detection the controller stealthy hijacking attack

NASA Astrophysics Data System (ADS)

Atta Yaseen, Amer; Bayart, Mireille

2017-01-01

In this work, a new approach will be introduced as a development for the attack-tolerant scheme in the Networked Control System (NCS). The objective is to be able to detect an attack such as the Stuxnet case where the controller is reprogrammed and hijacked. Besides the ability to detect the stealthy controller hijacking attack, the advantage of this approach is that there is no need for a priori mathematical model of the controller. In order to implement the proposed scheme, a specific detector for the controller hijacking attack is designed. The performance of this scheme is evaluated be connected the detector to NCS with basic security elements such as Data Encryption Standard (DES), Message Digest (MD5), and timestamp. The detector is tested along with networked PI controller under stealthy hijacking attack. The test results of the proposed method show that the hijacked controller can be significantly detected and recovered.

Secure chaotic map based block cryptosystem with application to camera sensor networks.

PubMed

Guo, Xianfeng; Zhang, Jiashu; Khan, Muhammad Khurram; Alghathbar, Khaled

2011-01-01

Recently, Wang et al. presented an efficient logistic map based block encryption system. The encryption system employs feedback ciphertext to achieve plaintext dependence of sub-keys. Unfortunately, we discovered that their scheme is unable to withstand key stream attack. To improve its security, this paper proposes a novel chaotic map based block cryptosystem. At the same time, a secure architecture for camera sensor network is constructed. The network comprises a set of inexpensive camera sensors to capture the images, a sink node equipped with sufficient computation and storage capabilities and a data processing server. The transmission security between the sink node and the server is gained by utilizing the improved cipher. Both theoretical analysis and simulation results indicate that the improved algorithm can overcome the flaws and maintain all the merits of the original cryptosystem. In addition, computational costs and efficiency of the proposed scheme are encouraging for the practical implementation in the real environment as well as camera sensor network.

Secure Chaotic Map Based Block Cryptosystem with Application to Camera Sensor Networks

PubMed Central

Guo, Xianfeng; Zhang, Jiashu; Khan, Muhammad Khurram; Alghathbar, Khaled

2011-01-01

Recently, Wang et al. presented an efficient logistic map based block encryption system. The encryption system employs feedback ciphertext to achieve plaintext dependence of sub-keys. Unfortunately, we discovered that their scheme is unable to withstand key stream attack. To improve its security, this paper proposes a novel chaotic map based block cryptosystem. At the same time, a secure architecture for camera sensor network is constructed. The network comprises a set of inexpensive camera sensors to capture the images, a sink node equipped with sufficient computation and storage capabilities and a data processing server. The transmission security between the sink node and the server is gained by utilizing the improved cipher. Both theoretical analysis and simulation results indicate that the improved algorithm can overcome the flaws and maintain all the merits of the original cryptosystem. In addition, computational costs and efficiency of the proposed scheme are encouraging for the practical implementation in the real environment as well as camera sensor network. PMID:22319371

On effectiveness of network sensor-based defense framework

NASA Astrophysics Data System (ADS)

Zhang, Difan; Zhang, Hanlin; Ge, Linqiang; Yu, Wei; Lu, Chao; Chen, Genshe; Pham, Khanh

2012-06-01

Cyber attacks are increasing in frequency, impact, and complexity, which demonstrate extensive network vulnerabilities with the potential for serious damage. Defending against cyber attacks calls for the distributed collaborative monitoring, detection, and mitigation. To this end, we develop a network sensor-based defense framework, with the aim of handling network security awareness, mitigation, and prediction. We implement the prototypical system and show its effectiveness on detecting known attacks, such as port-scanning and distributed denial-of-service (DDoS). Based on this framework, we also implement the statistical-based detection and sequential testing-based detection techniques and compare their respective detection performance. The future implementation of defensive algorithms can be provisioned in our proposed framework for combating cyber attacks.

DoS detection in IEEE 802.11 with the presence of hidden nodes

PubMed Central

Soryal, Joseph; Liu, Xijie; Saadawi, Tarek

2013-01-01

The paper presents a novel technique to detect Denial of Service (DoS) attacks applied by misbehaving nodes in wireless networks with the presence of hidden nodes employing the widely used IEEE 802.11 Distributed Coordination Function (DCF) protocols described in the IEEE standard [1]. Attacker nodes alter the IEEE 802.11 DCF firmware to illicitly capture the channel via elevating the probability of the average number of packets transmitted successfully using up the bandwidth share of the innocent nodes that follow the protocol standards. We obtained the theoretical network throughput by solving two-dimensional Markov Chain model as described by Bianchi [2], and Liu and Saadawi [3] to determine the channel capacity. We validated the results obtained via the theoretical computations with the results obtained by OPNET simulator [4] to define the baseline for the average attainable throughput in the channel under standard conditions where all nodes follow the standards. The main goal of the DoS attacker is to prevent the innocent nodes from accessing the channel and by capturing the channel’s bandwidth. In addition, the attacker strives to appear as an innocent node that follows the standards. The protocol resides in every node to enable each node to police other nodes in its immediate wireless coverage area. All innocent nodes are able to detect and identify the DoS attacker in its wireless coverage area. We applied the protocol to two Physical Layer technologies: Direct Sequence Spread Spectrum (DSSS) and Frequency Hopping Spread Spectrum (FHSS) and the results are presented to validate the algorithm. PMID:25685510

DoS detection in IEEE 802.11 with the presence of hidden nodes.

PubMed

Soryal, Joseph; Liu, Xijie; Saadawi, Tarek

2014-07-01

The paper presents a novel technique to detect Denial of Service (DoS) attacks applied by misbehaving nodes in wireless networks with the presence of hidden nodes employing the widely used IEEE 802.11 Distributed Coordination Function (DCF) protocols described in the IEEE standard [1]. Attacker nodes alter the IEEE 802.11 DCF firmware to illicitly capture the channel via elevating the probability of the average number of packets transmitted successfully using up the bandwidth share of the innocent nodes that follow the protocol standards. We obtained the theoretical network throughput by solving two-dimensional Markov Chain model as described by Bianchi [2], and Liu and Saadawi [3] to determine the channel capacity. We validated the results obtained via the theoretical computations with the results obtained by OPNET simulator [4] to define the baseline for the average attainable throughput in the channel under standard conditions where all nodes follow the standards. The main goal of the DoS attacker is to prevent the innocent nodes from accessing the channel and by capturing the channel's bandwidth. In addition, the attacker strives to appear as an innocent node that follows the standards. The protocol resides in every node to enable each node to police other nodes in its immediate wireless coverage area. All innocent nodes are able to detect and identify the DoS attacker in its wireless coverage area. We applied the protocol to two Physical Layer technologies: Direct Sequence Spread Spectrum (DSSS) and Frequency Hopping Spread Spectrum (FHSS) and the results are presented to validate the algorithm.

The Relative Ineffectiveness of Criminal Network Disruption

PubMed Central

Duijn, Paul A. C.; Kashirin, Victor; Sloot, Peter M. A.

2014-01-01

Researchers, policymakers and law enforcement agencies across the globe struggle to find effective strategies to control criminal networks. The effectiveness of disruption strategies is known to depend on both network topology and network resilience. However, as these criminal networks operate in secrecy, data-driven knowledge concerning the effectiveness of different criminal network disruption strategies is very limited. By combining computational modeling and social network analysis with unique criminal network intelligence data from the Dutch Police, we discovered, in contrast to common belief, that criminal networks might even become ‘stronger’, after targeted attacks. On the other hand increased efficiency within criminal networks decreases its internal security, thus offering opportunities for law enforcement agencies to target these networks more deliberately. Our results emphasize the importance of criminal network interventions at an early stage, before the network gets a chance to (re-)organize to maximum resilience. In the end disruption strategies force criminal networks to become more exposed, which causes successful network disruption to become a long-term effort. PMID:24577374

The relative ineffectiveness of criminal network disruption.

PubMed

Duijn, Paul A C; Kashirin, Victor; Sloot, Peter M A

2014-02-28

Researchers, policymakers and law enforcement agencies across the globe struggle to find effective strategies to control criminal networks. The effectiveness of disruption strategies is known to depend on both network topology and network resilience. However, as these criminal networks operate in secrecy, data-driven knowledge concerning the effectiveness of different criminal network disruption strategies is very limited. By combining computational modeling and social network analysis with unique criminal network intelligence data from the Dutch Police, we discovered, in contrast to common belief, that criminal networks might even become 'stronger', after targeted attacks. On the other hand increased efficiency within criminal networks decreases its internal security, thus offering opportunities for law enforcement agencies to target these networks more deliberately. Our results emphasize the importance of criminal network interventions at an early stage, before the network gets a chance to (re-)organize to maximum resilience. In the end disruption strategies force criminal networks to become more exposed, which causes successful network disruption to become a long-term effort.

DMP: Detouring Using Multiple Paths against Jamming Attack for Ubiquitous Networking System

PubMed Central

Kim, Mihui; Chae, Kijoon

2010-01-01

To successfully realize the ubiquitous network environment including home automation or industrial control systems, it is important to be able to resist a jamming attack. This has recently been considered as an extremely threatening attack because it can collapse the entire network, despite the existence of basic security protocols such as encryption and authentication. In this paper, we present a method of jamming attack tolerant routing using multiple paths based on zones. The proposed scheme divides the network into zones, and manages the candidate forward nodes of neighbor zones. After detecting an attack, detour nodes decide zones for rerouting, and detour packets destined for victim nodes through forward nodes in the decided zones. Simulation results show that our scheme increases the PDR (Packet Delivery Ratio) and decreases the delay significantly in comparison with rerouting by a general routing protocol on sensor networks, AODV (Ad hoc On Demand Distance Vector), and a conventional JAM (Jammed Area Mapping) service with one reroute. PMID:22319316

DMP: detouring using multiple paths against jamming attack for ubiquitous networking system.

PubMed

Kim, Mihui; Chae, Kijoon

2010-01-01

To successfully realize the ubiquitous network environment including home automation or industrial control systems, it is important to be able to resist a jamming attack. This has recently been considered as an extremely threatening attack because it can collapse the entire network, despite the existence of basic security protocols such as encryption and authentication. In this paper, we present a method of jamming attack tolerant routing using multiple paths based on zones. The proposed scheme divides the network into zones, and manages the candidate forward nodes of neighbor zones. After detecting an attack, detour nodes decide zones for rerouting, and detour packets destined for victim nodes through forward nodes in the decided zones. Simulation results show that our scheme increases the PDR (Packet Delivery Ratio) and decreases the delay significantly in comparison with rerouting by a general routing protocol on sensor networks, AODV (Ad hoc On Demand Distance Vector), and a conventional JAM (Jammed Area Mapping) service with one reroute.

Autonomous Military Robotics: Risk, Ethics, and Design

DTIC Science & Technology

2008-12-20

civilians, such as most biological or chemical weapons —and perhaps even many modes of ‘cyberattacks’ on computer networks [Rowe, 2008]. ▌51...disproportionately—similar in effect to landmines as well as nuclear, biological , and chemical weapons —are hence immoral to deploy. Whether or not...little cover from attacks, to clearing roads and seas of improvised explosive devices (IEDs), to surveying damage from biochemical weapons , to

The Blurring of Lines Between Combatants and Civilians in Twenty-First Century Armed Conflict

DTIC Science & Technology

2013-03-28

concern for retirement, pensions , placement, or medical care. Speed, technical expertise, continuity, and flexibility are advantages gained by using...including the Internet, telecommunications networks, computer systems , and embedded processors and controllers.”42 Cyberspace and the technologies that... systems . Additionally, the Department of Defense relies heavily on its National Security Agency to defend the United States from attacks against its

An Energy-Efficient Secure Routing and Key Management Scheme for Mobile Sinks in Wireless Sensor Networks Using Deployment Knowledge

PubMed Central

Hung, Le Xuan; Canh, Ngo Trong; Lee, Sungyoung; Lee, Young-Koo; Lee, Heejo

2008-01-01

For many sensor network applications such as military or homeland security, it is essential for users (sinks) to access the sensor network while they are moving. Sink mobility brings new challenges to secure routing in large-scale sensor networks. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. Also, studies and experiences have shown that considering security during design time is the best way to provide security for sensor network routing. This paper presents an energy-efficient secure routing and key management for mobile sinks in sensor networks, called SCODEplus. It is a significant extension of our previous study in five aspects: (1) Key management scheme and routing protocol are considered during design time to increase security and efficiency; (2) The network topology is organized in a hexagonal plane which supports more efficiency than previous square-grid topology; (3) The key management scheme can eliminate the impacts of node compromise attacks on links between non-compromised nodes; (4) Sensor node deployment is based on Gaussian distribution which is more realistic than uniform distribution; (5) No GPS or like is required to provide sensor node location information. Our security analysis demonstrates that the proposed scheme can defend against common attacks in sensor networks including node compromise attacks, replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Both mathematical and simulation-based performance evaluation show that the SCODEplus significantly reduces the communication overhead, energy consumption, packet delivery latency while it always delivers more than 97 percent of packets successfully. PMID:27873956

An Energy-Efficient Secure Routing and Key Management Scheme for Mobile Sinks in Wireless Sensor Networks Using Deployment Knowledge.

PubMed

Hung, Le Xuan; Canh, Ngo Trong; Lee, Sungyoung; Lee, Young-Koo; Lee, Heejo

2008-12-03

For many sensor network applications such as military or homeland security, it is essential for users (sinks) to access the sensor network while they are moving. Sink mobility brings new challenges to secure routing in large-scale sensor networks. Previous studies on sink mobility have mainly focused on efficiency and effectiveness of data dissemination without security consideration. Also, studies and experiences have shown that considering security during design time is the best way to provide security for sensor network routing. This paper presents an energy-efficient secure routing and key management for mobile sinks in sensor networks, called SCODE plus . It is a significant extension of our previous study in five aspects: (1) Key management scheme and routing protocol are considered during design time to increase security and efficiency; (2) The network topology is organized in a hexagonal plane which supports more efficiency than previous square-grid topology; (3) The key management scheme can eliminate the impacts of node compromise attacks on links between non-compromised nodes; (4) Sensor node deployment is based on Gaussian distribution which is more realistic than uniform distribution; (5) No GPS or like is required to provide sensor node location information. Our security analysis demonstrates that the proposed scheme can defend against common attacks in sensor networks including node compromise attacks, replay attacks, selective forwarding attacks, sinkhole and wormhole, Sybil attacks, HELLO flood attacks. Both mathematical and simulation-based performance evaluation show that the SCODE plus significantly reduces the communication overhead, energy consumption, packet delivery latency while it always delivers more than 97 percent of packets successfully.

Spoof Detection for Finger-Vein Recognition System Using NIR Camera.

PubMed

Nguyen, Dat Tien; Yoon, Hyo Sik; Pham, Tuyen Danh; Park, Kang Ryoung

2017-10-01

Finger-vein recognition, a new and advanced biometrics recognition method, is attracting the attention of researchers because of its advantages such as high recognition performance and lesser likelihood of theft and inaccuracies occurring on account of skin condition defects. However, as reported by previous researchers, it is possible to attack a finger-vein recognition system by using presentation attack (fake) finger-vein images. As a result, spoof detection, named as presentation attack detection (PAD), is necessary in such recognition systems. Previous attempts to establish PAD methods primarily focused on designing feature extractors by hand (handcrafted feature extractor) based on the observations of the researchers about the difference between real (live) and presentation attack finger-vein images. Therefore, the detection performance was limited. Recently, the deep learning framework has been successfully applied in computer vision and delivered superior results compared to traditional handcrafted methods on various computer vision applications such as image-based face recognition, gender recognition and image classification. In this paper, we propose a PAD method for near-infrared (NIR) camera-based finger-vein recognition system using convolutional neural network (CNN) to enhance the detection ability of previous handcrafted methods. Using the CNN method, we can derive a more suitable feature extractor for PAD than the other handcrafted methods using a training procedure. We further process the extracted image features to enhance the presentation attack finger-vein image detection ability of the CNN method using principal component analysis method (PCA) for dimensionality reduction of feature space and support vector machine (SVM) for classification. Through extensive experimental results, we confirm that our proposed method is adequate for presentation attack finger-vein image detection and it can deliver superior detection results compared to CNN-based methods and other previous handcrafted methods.

Spoof Detection for Finger-Vein Recognition System Using NIR Camera

PubMed Central

Nguyen, Dat Tien; Yoon, Hyo Sik; Pham, Tuyen Danh; Park, Kang Ryoung

2017-01-01

Finger-vein recognition, a new and advanced biometrics recognition method, is attracting the attention of researchers because of its advantages such as high recognition performance and lesser likelihood of theft and inaccuracies occurring on account of skin condition defects. However, as reported by previous researchers, it is possible to attack a finger-vein recognition system by using presentation attack (fake) finger-vein images. As a result, spoof detection, named as presentation attack detection (PAD), is necessary in such recognition systems. Previous attempts to establish PAD methods primarily focused on designing feature extractors by hand (handcrafted feature extractor) based on the observations of the researchers about the difference between real (live) and presentation attack finger-vein images. Therefore, the detection performance was limited. Recently, the deep learning framework has been successfully applied in computer vision and delivered superior results compared to traditional handcrafted methods on various computer vision applications such as image-based face recognition, gender recognition and image classification. In this paper, we propose a PAD method for near-infrared (NIR) camera-based finger-vein recognition system using convolutional neural network (CNN) to enhance the detection ability of previous handcrafted methods. Using the CNN method, we can derive a more suitable feature extractor for PAD than the other handcrafted methods using a training procedure. We further process the extracted image features to enhance the presentation attack finger-vein image detection ability of the CNN method using principal component analysis method (PCA) for dimensionality reduction of feature space and support vector machine (SVM) for classification. Through extensive experimental results, we confirm that our proposed method is adequate for presentation attack finger-vein image detection and it can deliver superior detection results compared to CNN-based methods and other previous handcrafted methods. PMID:28974031

Multi-Layer Approach for the Detection of Selective Forwarding Attacks

PubMed Central

Alajmi, Naser; Elleithy, Khaled

2015-01-01

Security breaches are a major threat in wireless sensor networks (WSNs). WSNs are increasingly used due to their broad range of important applications in both military and civilian domains. WSNs are prone to several types of security attacks. Sensor nodes have limited capacities and are often deployed in dangerous locations; therefore, they are vulnerable to different types of attacks, including wormhole, sinkhole, and selective forwarding attacks. Security attacks are classified as data traffic and routing attacks. These security attacks could affect the most significant applications of WSNs, namely, military surveillance, traffic monitoring, and healthcare. Therefore, there are different approaches to detecting security attacks on the network layer in WSNs. Reliability, energy efficiency, and scalability are strong constraints on sensor nodes that affect the security of WSNs. Because sensor nodes have limited capabilities in most of these areas, selective forwarding attacks cannot be easily detected in networks. In this paper, we propose an approach to selective forwarding detection (SFD). The approach has three layers: MAC pool IDs, rule-based processing, and anomaly detection. It maintains the safety of data transmission between a source node and base station while detecting selective forwarding attacks. Furthermore, the approach is reliable, energy efficient, and scalable. PMID:26610499

Multi-Layer Approach for the Detection of Selective Forwarding Attacks.

PubMed

Alajmi, Naser; Elleithy, Khaled

2015-11-19

Security breaches are a major threat in wireless sensor networks (WSNs). WSNs are increasingly used due to their broad range of important applications in both military and civilian domains. WSNs are prone to several types of security attacks. Sensor nodes have limited capacities and are often deployed in dangerous locations; therefore, they are vulnerable to different types of attacks, including wormhole, sinkhole, and selective forwarding attacks. Security attacks are classified as data traffic and routing attacks. These security attacks could affect the most significant applications of WSNs, namely, military surveillance, traffic monitoring, and healthcare. Therefore, there are different approaches to detecting security attacks on the network layer in WSNs. Reliability, energy efficiency, and scalability are strong constraints on sensor nodes that affect the security of WSNs. Because sensor nodes have limited capabilities in most of these areas, selective forwarding attacks cannot be easily detected in networks. In this paper, we propose an approach to selective forwarding detection (SFD). The approach has three layers: MAC pool IDs, rule-based processing, and anomaly detection. It maintains the safety of data transmission between a source node and base station while detecting selective forwarding attacks. Furthermore, the approach is reliable, energy efficient, and scalable.

An efficient collaborative approach for black hole attack discovery and mitigating its impact in manet

NASA Astrophysics Data System (ADS)

Devipriya, K.; Ivy, B. Persis Urbana; Prabha, D.

2018-04-01

A mobile ad hoc network (MANET) is an assemblage of nodes composed of mobile devices coupled in various ways wirelessly which do not have any central administration. Each node in MANET cooperates in forwarding packets in the network. This type of collaboration incurs high cost but there exits nodes that declines to cooperate leading to selfish conduct of nodes which effects overall network performance. To discover the attacks caused by such nodes, a renowned mechanism using watchdog can be deployed. In infrastructure less network attack detection and reaction and high false positives, false negatives initiating black hole attack becomes major issue in watchdog. This paper put forward a collaborative approach for identifying such attacks in MANET. Through abstract analysis and extensive simulation of this approach, the detection time of misbehaved nodes is reduced and substantial enhancement in overhead and throughput is witnessed.

Enhancing robustness of interdependent network by adding connectivity and dependence links

NASA Astrophysics Data System (ADS)

Cui, Pengshuai; Zhu, Peidong; Wang, Ke; Xun, Peng; Xia, Zhuoqun

2018-05-01

Enhancing robustness of interdependent networks by adding connectivity links has been researched extensively, however, few of them are focusing on adding both connectivity and dependence links to enhance robustness. In this paper, we aim to study how to allocate the limited costs reasonably to add both connectivity and dependence links. Firstly, we divide the attackers into stubborn attackers and smart attackers according to whether would they change their attack modes with the changing of network structure; Then by simulations, link addition strategies are given separately according to different attackers, with which we can allocate the limited costs to add connectivity links and dependence links reasonably and achieve more robustness than only adding connectivity links or dependence links. The results show that compared to only adding connectivity links or dependence links, allocating the limited resources reasonably and adding both connectivity links and dependence links could bring more robustness to the interdependent networks.

Insecurity of Wireless Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Sheldon, Frederick T; Weber, John Mark; Yoo, Seong-Moo

Wireless is a powerful core technology enabling our global digital infrastructure. Wi-Fi networks are susceptible to attacks on Wired Equivalency Privacy, Wi-Fi Protected Access (WPA), and WPA2. These attack signatures can be profiled into a system that defends against such attacks on the basis of their inherent characteristics. Wi-Fi is the standard protocol for wireless networks used extensively in US critical infrastructures. Since the Wired Equivalency Privacy (WEP) security protocol was broken, the Wi-Fi Protected Access (WPA) protocol has been considered the secure alternative compatible with hardware developed for WEP. However, in November 2008, researchers developed an attack on WPA,more » allowing forgery of Address Resolution Protocol (ARP) packets. Subsequent enhancements have enabled ARP poisoning, cryptosystem denial of service, and man-in-the-middle attacks. Open source systems and methods (OSSM) have long been used to secure networks against such attacks. This article reviews OSSMs and the results of experimental attacks on WPA. These experiments re-created current attacks in a laboratory setting, recording both wired and wireless traffic. The article discusses methods of intrusion detection and prevention in the context of cyber physical protection of critical Internet infrastructure. The basis for this research is a specialized (and undoubtedly incomplete) taxonomy of Wi-Fi attacks and their adaptations to existing countermeasures and protocol revisions. Ultimately, this article aims to provide a clearer picture of how and why wireless protection protocols and encryption must achieve a more scientific basis for detecting and preventing such attacks.« less

Virtual terrain: a security-based representation of a computer network

NASA Astrophysics Data System (ADS)

Holsopple, Jared; Yang, Shanchieh; Argauer, Brian

2008-03-01

Much research has been put forth towards detection, correlating, and prediction of cyber attacks in recent years. As this set of research progresses, there is an increasing need for contextual information of a computer network to provide an accurate situational assessment. Typical approaches adopt contextual information as needed; yet such ad hoc effort may lead to unnecessary or even conflicting features. The concept of virtual terrain is, therefore, developed and investigated in this work. Virtual terrain is a common representation of crucial information about network vulnerabilities, accessibilities, and criticalities. A virtual terrain model encompasses operating systems, firewall rules, running services, missions, user accounts, and network connectivity. It is defined as connected graphs with arc attributes defining dynamic relationships among vertices modeling network entities, such as services, users, and machines. The virtual terrain representation is designed to allow feasible development and maintenance of the model, as well as efficacy in terms of the use of the model. This paper will describe the considerations in developing the virtual terrain schema, exemplary virtual terrain models, and algorithms utilizing the virtual terrain model for situation and threat assessment.

Characterization of computer network events through simultaneous feature selection and clustering of intrusion alerts

NASA Astrophysics Data System (ADS)

Chen, Siyue; Leung, Henry; Dondo, Maxwell

2014-05-01

As computer network security threats increase, many organizations implement multiple Network Intrusion Detection Systems (NIDS) to maximize the likelihood of intrusion detection and provide a comprehensive understanding of intrusion activities. However, NIDS trigger a massive number of alerts on a daily basis. This can be overwhelming for computer network security analysts since it is a slow and tedious process to manually analyse each alert produced. Thus, automated and intelligent clustering of alerts is important to reveal the structural correlation of events by grouping alerts with common features. As the nature of computer network attacks, and therefore alerts, is not known in advance, unsupervised alert clustering is a promising approach to achieve this goal. We propose a joint optimization technique for feature selection and clustering to aggregate similar alerts and to reduce the number of alerts that analysts have to handle individually. More precisely, each identified feature is assigned a binary value, which reflects the feature's saliency. This value is treated as a hidden variable and incorporated into a likelihood function for clustering. Since computing the optimal solution of the likelihood function directly is analytically intractable, we use the Expectation-Maximisation (EM) algorithm to iteratively update the hidden variable and use it to maximize the expected likelihood. Our empirical results, using a labelled Defense Advanced Research Projects Agency (DARPA) 2000 reference dataset, show that the proposed method gives better results than the EM clustering without feature selection in terms of the clustering accuracy.

Towards an integrated defense system for cyber security situation awareness experiment

NASA Astrophysics Data System (ADS)

Zhang, Hanlin; Wei, Sixiao; Ge, Linqiang; Shen, Dan; Yu, Wei; Blasch, Erik P.; Pham, Khanh D.; Chen, Genshe

2015-05-01

In this paper, an implemented defense system is demonstrated to carry out cyber security situation awareness. The developed system consists of distributed passive and active network sensors designed to effectively capture suspicious information associated with cyber threats, effective detection schemes to accurately distinguish attacks, and network actors to rapidly mitigate attacks. Based on the collected data from network sensors, image-based and signals-based detection schemes are implemented to detect attacks. To further mitigate attacks, deployed dynamic firewalls on hosts dynamically update detection information reported from the detection schemes and block attacks. The experimental results show the effectiveness of the proposed system. A future plan to design an effective defense system is also discussed based on system theory.

Network robustness assessed within a dual connectivity framework: joint dynamics of the Active and Idle Networks.

PubMed

Tejedor, Alejandro; Longjas, Anthony; Zaliapin, Ilya; Ambroj, Samuel; Foufoula-Georgiou, Efi

2017-08-17

Network robustness against attacks has been widely studied in fields as diverse as the Internet, power grids and human societies. But current definition of robustness is only accounting for half of the story: the connectivity of the nodes unaffected by the attack. Here we propose a new framework to assess network robustness, wherein the connectivity of the affected nodes is also taken into consideration, acknowledging that it plays a crucial role in properly evaluating the overall network robustness in terms of its future recovery from the attack. Specifically, we propose a dual perspective approach wherein at any instant in the network evolution under attack, two distinct networks are defined: (i) the Active Network (AN) composed of the unaffected nodes and (ii) the Idle Network (IN) composed of the affected nodes. The proposed robustness metric considers both the efficiency of destroying the AN and that of building-up the IN. We show, via analysis of well-known prototype networks and real world data, that trade-offs between the efficiency of Active and Idle Network dynamics give rise to surprising robustness crossovers and re-rankings, which can have significant implications for decision making.

Novel Duplicate Address Detection with Hash Function

PubMed Central

Song, GuangJia; Ji, ZhenZhou

2016-01-01

Duplicate address detection (DAD) is an important component of the address resolution protocol (ARP) and the neighbor discovery protocol (NDP). DAD determines whether an IP address is in conflict with other nodes. In traditional DAD, the target address to be detected is broadcast through the network, which provides convenience for malicious nodes to attack. A malicious node can send a spoofing reply to prevent the address configuration of a normal node, and thus, a denial-of-service attack is launched. This study proposes a hash method to hide the target address in DAD, which prevents an attack node from launching destination attacks. If the address of a normal node is identical to the detection address, then its hash value should be the same as the “Hash_64” field in the neighboring solicitation message. Consequently, DAD can be successfully completed. This process is called DAD-h. Simulation results indicate that address configuration using DAD-h has a considerably higher success rate when under attack compared with traditional DAD. Comparative analysis shows that DAD-h does not require third-party devices and considerable computing resources; it also provides a lightweight security resolution. PMID:26991901

Guaranteeing Spoof-Resilient Multi-Robot Networks

DTIC Science & Technology

2015-05-12

particularly challenging attack on this assumption is the so-called “Sybil attack.” In a Sybil attack a malicious agent can generate (or spoof) a large...cybersecurity in general multi-node networks (e.g. a wired LAN), the same is not true for multi- robot networks [14, 28], leaving them largely vulnerable...key passing or cryptographic authen- tication is difficult to maintain due to the highly dynamic and distributed nature of multi-robot teams where

Performance Evaluation of Localization Accuracy for a Log-Normal Shadow Fading Wireless Sensor Network under Physical Barrier Attacks

PubMed Central

Abdulqader Hussein, Ahmed; Rahman, Tharek A.; Leow, Chee Yen

2015-01-01

Localization is an apparent aspect of a wireless sensor network, which is the focus of much interesting research. One of the severe conditions that needs to be taken into consideration is localizing a mobile target through a dispersed sensor network in the presence of physical barrier attacks. These attacks confuse the localization process and cause location estimation errors. Range-based methods, like the received signal strength indication (RSSI), face the major influence of this kind of attack. This paper proposes a solution based on a combination of multi-frequency multi-power localization (C-MFMPL) and step function multi-frequency multi-power localization (SF-MFMPL), including the fingerprint matching technique and lateration, to provide a robust and accurate localization technique. In addition, this paper proposes a grid coloring algorithm to detect the signal hole map in the network, which refers to the attack-prone regions, in order to carry out corrective actions. The simulation results show the enhancement and robustness of RSS localization performance in the face of log normal shadow fading effects, besides the presence of physical barrier attacks, through detecting, filtering and eliminating the effect of these attacks. PMID:26690159

Vulnerability of water supply systems to cyber-physical attacks

NASA Astrophysics Data System (ADS)

Galelli, Stefano; Taormina, Riccardo; Tippenhauer, Nils; Salomons, Elad; Ostfeld, Avi

2016-04-01

The adoption of smart meters, distributed sensor networks and industrial control systems has largely improved the level of service provided by modern water supply systems. Yet, the progressive computerization exposes these critical infrastructures to cyber-physical attacks, which are generally aimed at stealing critical information (cyber-espionage) or causing service disruption (denial-of-service). Recent statistics show that water and power utilities are undergoing frequent attacks - such as the December power outage in Ukraine - , attracting the interest of operators and security agencies. Taking the security of Water Distribution Networks (WDNs) as domain of study, our work seeks to characterize the vulnerability of WDNs to cyber-physical attacks, so as to conceive adequate defense mechanisms. We extend the functionality of EPANET, which models hydraulic and water quality processes in pressurized pipe networks, to include a cyber layer vulnerable to repeated attacks. Simulation results on a medium-scale network show that several hydraulic actuators (valves and pumps, for example) can be easily attacked, causing both service disruption - i.e., water spillage and loss of pressure - and structural damages - e.g., pipes burst. Our work highlights the need for adequate countermeasures, such as attacks detection and reactive control systems.

Performance Evaluation of Localization Accuracy for a Log-Normal Shadow Fading Wireless Sensor Network under Physical Barrier Attacks.

PubMed

Hussein, Ahmed Abdulqader; Rahman, Tharek A; Leow, Chee Yen

2015-12-04

Localization is an apparent aspect of a wireless sensor network, which is the focus of much interesting research. One of the severe conditions that needs to be taken into consideration is localizing a mobile target through a dispersed sensor network in the presence of physical barrier attacks. These attacks confuse the localization process and cause location estimation errors. Range-based methods, like the received signal strength indication (RSSI), face the major influence of this kind of attack. This paper proposes a solution based on a combination of multi-frequency multi-power localization (C-MFMPL) and step function multi-frequency multi-power localization (SF-MFMPL), including the fingerprint matching technique and lateration, to provide a robust and accurate localization technique. In addition, this paper proposes a grid coloring algorithm to detect the signal hole map in the network, which refers to the attack-prone regions, in order to carry out corrective actions. The simulation results show the enhancement and robustness of RSS localization performance in the face of log normal shadow fading effects, besides the presence of physical barrier attacks, through detecting, filtering and eliminating the effect of these attacks.

On the Topologic Properties of River Networks

NASA Astrophysics Data System (ADS)

Sarker, S.; Singh, A.

2017-12-01

River network is an important landscape feature and has been studied extensively from a range of geomorphological and hydrological perspective. However, quantifying topologic dynamics and reorganization of river networks is becoming more and more challenging under changing natural and anthropogenic forcings. Here, we use a graph-theoretical approach to study topologic properties of natural and simulated river networks for a range of climatic and tectonic conditions. Among other metrics, we use betweeness and eigenvector centrality distributions computed using adjacency matrix of river networks and show their dependence on energy exponent γ that characterizes mechanism of erosional processes on a landscape. We further compare these topologic characteristics of landscape to geomorphic features such as slope-area curve and drainage density. Furthermore, we identify locations of critical nodes and links on a network as a function of energy exponent γ to understand network robustness and vulnerability under external attacks.

If it walks like a duck: nanosensor threat assessment

NASA Astrophysics Data System (ADS)

Chachis, George C.

2003-09-01

A convergence of technologies is making deployment of unattended ground nanosensors operationally feasible in terms of energy, communications for both arbitrated and self-organizing distributed, collective behaviors. A number of nano communications technologies are already making network-centric systems possible for MicroElectrical Mechanical (MEM) sensor devices today. Similar technologies may make NanoElectrical Mechanical (NEM) sensor devices operationally feasible a few years from now. Just as organizational behaviors of large numbers of nanodevices can derive strategies from social insects and other group-oriented animals, bio-inspired heuristics for threat assessment provide a conceptual approach for successful integration of nanosensors into unattended smart sensor networks. Biological models such as the organization of social insects or the dynamics of immune systems show promise as biologically-inspired paradigms for protecting nanosensor networks for security scene analysis and battlespace awareness. The paradox of nanosensors is that the smaller the device is the more useful it is but the smaller it is the more vulnerable it is to a variety of threats. In other words simpler means networked nanosensors are more likely to fall prey to a wide-range of attacks including jamming, spoofing, Janisserian recruitment, Pied-Piper distraction, as well as typical attacks computer network security. Thus, unattended sensor technologies call for network architectures that include security and countermeasures to provide reliable scene analysis or battlespace awareness information. Such network centric architectures may well draw upon a variety of bio-inspired approaches to safeguard, validate and make sense of large quantities of information.

Cascading failures in interconnected networks with dynamical redistribution of loads

NASA Astrophysics Data System (ADS)

Zhao, Zhuang; Zhang, Peng; Yang, Hujiang

2015-09-01

Cascading failures of loads in isolated networks and coupled networks have been studied in the past few years. In most of the corresponding results, the topologies of the networks are destroyed. Here, we present an interconnected network model considering cascading failures based on the dynamic redistribution of flow in the networks. Compared with the results of single scale-free networks, we find that interconnected scale-free networks have higher vulnerability. Additionally, the network heterogeneity plays an important role in the robustness of interconnected networks under intentional attacks. Considering the effects of various coupling preferences, the results show that there are almost no differences. Finally, the application of our model to the Beijing interconnected traffic network, which consists of a subway network and a bus network, shows that the subway network suffers more damage under the attack. Moreover, the interconnected traffic network may be more exposed to damage after initial attacks on the bus network. These discussions are important for the design and optimization of interconnected networks.

Intrusion Prevention and Detection in Grid Computing - The ALICE Case

NASA Astrophysics Data System (ADS)

Gomez, Andres; Lara, Camilo; Kebschull, Udo

2015-12-01

Grids allow users flexible on-demand usage of computing resources through remote communication networks. A remarkable example of a Grid in High Energy Physics (HEP) research is used in the ALICE experiment at European Organization for Nuclear Research CERN. Physicists can submit jobs used to process the huge amount of particle collision data produced by the Large Hadron Collider (LHC). Grids face complex security challenges. They are interesting targets for attackers seeking for huge computational resources. Since users can execute arbitrary code in the worker nodes on the Grid sites, special care should be put in this environment. Automatic tools to harden and monitor this scenario are required. Currently, there is no integrated solution for such requirement. This paper describes a new security framework to allow execution of job payloads in a sandboxed context. It also allows process behavior monitoring to detect intrusions, even when new attack methods or zero day vulnerabilities are exploited, by a Machine Learning approach. We plan to implement the proposed framework as a software prototype that will be tested as a component of the ALICE Grid middleware.

The Changing Nature of Suicide Attacks: A Social Network Perspective

ERIC Educational Resources Information Center

Pedahzur, Ami; Perliger, Arie

2006-01-01

To comprehend the developments underlying the suicide attacks of recent years, we suggest that the organizational approach, which until recently was used to explain this phenomenon, should be complemented with a social network perspective. By employing a social network analysis of Palestinian suicide networks, the authors found that, in contrast…

Robustness of the p53 network and biological hackers.

PubMed

Dartnell, Lewis; Simeonidis, Evangelos; Hubank, Michael; Tsoka, Sophia; Bogle, I David L; Papageorgiou, Lazaros G

2005-06-06

The p53 protein interaction network is crucial in regulating the metazoan cell cycle and apoptosis. Here, the robustness of the p53 network is studied by analyzing its degeneration under two modes of attack. Linear Programming is used to calculate average path lengths among proteins and the network diameter as measures of functionality. The p53 network is found to be robust to random loss of nodes, but vulnerable to a targeted attack against its hubs, as a result of its architecture. The significance of the results is considered with respect to mutational knockouts of proteins and the directed attacks mounted by tumour inducing viruses.

High-Lift Optimization Design Using Neural Networks on a Multi-Element Airfoil

NASA Technical Reports Server (NTRS)

Greenman, Roxana M.; Roth, Karlin R.; Smith, Charles A. (Technical Monitor)

1998-01-01

The high-lift performance of a multi-element airfoil was optimized by using neural-net predictions that were trained using a computational data set. The numerical data was generated using a two-dimensional, incompressible, Navier-Stokes algorithm with the Spalart-Allmaras turbulence model. Because it is difficult to predict maximum lift for high-lift systems, an empirically-based maximum lift criteria was used in this study to determine both the maximum lift and the angle at which it occurs. Multiple input, single output networks were trained using the NASA Ames variation of the Levenberg-Marquardt algorithm for each of the aerodynamic coefficients (lift, drag, and moment). The artificial neural networks were integrated with a gradient-based optimizer. Using independent numerical simulations and experimental data for this high-lift configuration, it was shown that this design process successfully optimized flap deflection, gap, overlap, and angle of attack to maximize lift. Once the neural networks were trained and integrated with the optimizer, minimal additional computer resources were required to perform optimization runs with different initial conditions and parameters. Applying the neural networks within the high-lift rigging optimization process reduced the amount of computational time and resources by 83% compared with traditional gradient-based optimization procedures for multiple optimization runs.

Applied Hypergame Theory for Network Defense

DTIC Science & Technology

2013-06-01

information technology infrastructure as they are perhaps the most wired country on the planet . Government websites, banking systems, and even media...a long way from the simple lone youth down in the basement causing mischief. Organized swaths of intelligent computer savvy attackers now exist and...out of the five hypergames choose the hyperstrategy that is the same as the full game MSNE, with the Mid-Level defender being the lone difference. Thus

Fault Tolerant Computer Network Study

DTIC Science & Technology

1980-04-01

2. 1.2. 2 Air Data The air data function processes air pressures, temperature , and angle- of-attack measurements, and provides calibrated airspeed...attitude direction indicator. 2.1.5.2 Fixtaking Sensors used for fixtaking include the radar (in ground map mode), head- up display (for visual...VFR interdiction mission. The radar (ground map mode) is also the primary sensor at night and in adverse weather if the target presents a

Hybrid attacks on model-based social recommender systems

NASA Astrophysics Data System (ADS)

Yu, Junliang; Gao, Min; Rong, Wenge; Li, Wentao; Xiong, Qingyu; Wen, Junhao

2017-10-01

With the growing popularity of the online social platform, the social network based approaches to recommendation emerged. However, because of the open nature of rating systems and social networks, the social recommender systems are susceptible to malicious attacks. In this paper, we present a certain novel attack, which inherits characteristics of the rating attack and the relation attack, and term it hybrid attack. Furtherly, we explore the impact of the hybrid attack on model-based social recommender systems in multiple aspects. The experimental results show that, the hybrid attack is more destructive than the rating attack in most cases. In addition, users and items with fewer ratings will be influenced more when attacked. Last but not the least, the findings suggest that spammers do not depend on the feedback links from normal users to become more powerful, the unilateral links can make the hybrid attack effective enough. Since unilateral links are much cheaper, the hybrid attack will be a great threat to model-based social recommender systems.

An efficient and secure certificateless authentication protocol for healthcare system on wireless medical sensor networks.

PubMed

Guo, Rui; Wen, Qiaoyan; Jin, Zhengping; Zhang, Hua

2013-01-01

Sensor networks have opened up new opportunities in healthcare systems, which can transmit patient's condition to health professional's hand-held devices in time. The patient's physiological signals are very sensitive and the networks are extremely vulnerable to many attacks. It must be ensured that patient's privacy is not exposed to unauthorized entities. Therefore, the control of access to healthcare systems has become a crucial challenge. An efficient and secure authentication protocol will thus be needed in wireless medical sensor networks. In this paper, we propose a certificateless authentication scheme without bilinear pairing while providing patient anonymity. Compared with other related protocols, the proposed scheme needs less computation and communication cost and preserves stronger security. Our performance evaluations show that this protocol is more practical for healthcare system in wireless medical sensor networks.

An Efficient and Secure Certificateless Authentication Protocol for Healthcare System on Wireless Medical Sensor Networks

PubMed Central

Guo, Rui; Wen, Qiaoyan; Jin, Zhengping; Zhang, Hua

2013-01-01

Sensor networks have opened up new opportunities in healthcare systems, which can transmit patient's condition to health professional's hand-held devices in time. The patient's physiological signals are very sensitive and the networks are extremely vulnerable to many attacks. It must be ensured that patient's privacy is not exposed to unauthorized entities. Therefore, the control of access to healthcare systems has become a crucial challenge. An efficient and secure authentication protocol will thus be needed in wireless medical sensor networks. In this paper, we propose a certificateless authentication scheme without bilinear pairing while providing patient anonymity. Compared with other related protocols, the proposed scheme needs less computation and communication cost and preserves stronger security. Our performance evaluations show that this protocol is more practical for healthcare system in wireless medical sensor networks. PMID:23710147

Interarrival times of message propagation on directed networks.

PubMed

Mihaljev, Tamara; de Arcangelis, Lucilla; Herrmann, Hans J

2011-08-01

One of the challenges in fighting cybercrime is to understand the dynamics of message propagation on botnets, networks of infected computers used to send viruses, unsolicited commercial emails (SPAM) or denial of service attacks. We map this problem to the propagation of multiple random walkers on directed networks and we evaluate the interarrival time distribution between successive walkers arriving at a target. We show that the temporal organization of this process, which models information propagation on unstructured peer to peer networks, has the same features as SPAM reaching a single user. We study the behavior of the message interarrival time distribution on three different network topologies using two different rules for sending messages. In all networks the propagation is not a pure Poisson process. It shows universal features on Poissonian networks and a more complex behavior on scale free networks. Results open the possibility to indirectly learn about the process of sending messages on networks with unknown topologies, by studying interarrival times at any node of the network.

Interarrival times of message propagation on directed networks

NASA Astrophysics Data System (ADS)

Mihaljev, Tamara; de Arcangelis, Lucilla; Herrmann, Hans J.

2011-08-01

One of the challenges in fighting cybercrime is to understand the dynamics of message propagation on botnets, networks of infected computers used to send viruses, unsolicited commercial emails (SPAM) or denial of service attacks. We map this problem to the propagation of multiple random walkers on directed networks and we evaluate the interarrival time distribution between successive walkers arriving at a target. We show that the temporal organization of this process, which models information propagation on unstructured peer to peer networks, has the same features as SPAM reaching a single user. We study the behavior of the message interarrival time distribution on three different network topologies using two different rules for sending messages. In all networks the propagation is not a pure Poisson process. It shows universal features on Poissonian networks and a more complex behavior on scale free networks. Results open the possibility to indirectly learn about the process of sending messages on networks with unknown topologies, by studying interarrival times at any node of the network.

AVQS: attack route-based vulnerability quantification scheme for smart grid.

PubMed

Ko, Jongbin; Lim, Hyunwoo; Lee, Seokjun; Shon, Taeshik

2014-01-01

A smart grid is a large, consolidated electrical grid system that includes heterogeneous networks and systems. Based on the data, a smart grid system has a potential security threat in its network connectivity. To solve this problem, we develop and apply a novel scheme to measure the vulnerability in a smart grid domain. Vulnerability quantification can be the first step in security analysis because it can help prioritize the security problems. However, existing vulnerability quantification schemes are not suitable for smart grid because they do not consider network vulnerabilities. We propose a novel attack route-based vulnerability quantification scheme using a network vulnerability score and an end-to-end security score, depending on the specific smart grid network environment to calculate the vulnerability score for a particular attack route. To evaluate the proposed approach, we derive several attack scenarios from the advanced metering infrastructure domain. The experimental results of the proposed approach and the existing common vulnerability scoring system clearly show that we need to consider network connectivity for more optimized vulnerability quantification.

Real-time network security situation visualization and threat assessment based on semi-Markov process

NASA Astrophysics Data System (ADS)

Chen, Junhua

2013-03-01

To cope with a large amount of data in current sensed environments, decision aid tools should provide their understanding of situations in a time-efficient manner, so there is an increasing need for real-time network security situation awareness and threat assessment. In this study, the state transition model of vulnerability in the network based on semi-Markov process is proposed at first. Once events are triggered by an attacker's action or system response, the current states of the vulnerabilities are known. Then we calculate the transition probabilities of the vulnerability from the current state to security failure state. Furthermore in order to improve accuracy of our algorithms, we adjust the probabilities that they exploit the vulnerability according to the attacker's skill level. In the light of the preconditions and post-conditions of vulnerabilities in the network, attack graph is built to visualize security situation in real time. Subsequently, we predict attack path, recognize attack intention and estimate the impact through analysis of attack graph. These help administrators to insight into intrusion steps, determine security state and assess threat. Finally testing in a network shows that this method is reasonable and feasible, and can undertake tremendous analysis task to facilitate administrators' work.

A Temporal Credential-Based Mutual Authentication with Multiple-Password Scheme for Wireless Sensor Networks

PubMed Central

Zhang, Ruisheng; Liu, Qidong

2017-01-01

Wireless sensor networks (WSNs), which consist of a large number of sensor nodes, have become among the most important technologies in numerous fields, such as environmental monitoring, military surveillance, control systems in nuclear reactors, vehicle safety systems, and medical monitoring. The most serious drawback for the widespread application of WSNs is the lack of security. Given the resource limitation of WSNs, traditional security schemes are unsuitable. Approaches toward withstanding related attacks with small overhead have thus recently been studied by many researchers. Numerous studies have focused on the authentication scheme for WSNs, but most of these works cannot achieve the security performance and overhead perfectly. Nam et al. proposed a two-factor authentication scheme with lightweight sensor computation for WSNs. In this paper, we review this scheme, emphasize its drawbacks, and propose a temporal credential-based mutual authentication with a multiple-password scheme for WSNs. Our scheme uses multiple passwords to achieve three-factor security performance and generate a session key between user and sensor nodes. The security analysis phase shows that our scheme can withstand related attacks, including a lost password threat, and the comparison phase shows that our scheme involves a relatively small overhead. In the comparison of the overhead phase, the result indicates that more than 95% of the overhead is composed of communication and not computation overhead. Therefore, the result motivates us to pay further attention to communication overhead than computation overhead in future research. PMID:28135288

A Temporal Credential-Based Mutual Authentication with Multiple-Password Scheme for Wireless Sensor Networks.

PubMed

Liu, Xin; Zhang, Ruisheng; Liu, Qidong

2017-01-01

Wireless sensor networks (WSNs), which consist of a large number of sensor nodes, have become among the most important technologies in numerous fields, such as environmental monitoring, military surveillance, control systems in nuclear reactors, vehicle safety systems, and medical monitoring. The most serious drawback for the widespread application of WSNs is the lack of security. Given the resource limitation of WSNs, traditional security schemes are unsuitable. Approaches toward withstanding related attacks with small overhead have thus recently been studied by many researchers. Numerous studies have focused on the authentication scheme for WSNs, but most of these works cannot achieve the security performance and overhead perfectly. Nam et al. proposed a two-factor authentication scheme with lightweight sensor computation for WSNs. In this paper, we review this scheme, emphasize its drawbacks, and propose a temporal credential-based mutual authentication with a multiple-password scheme for WSNs. Our scheme uses multiple passwords to achieve three-factor security performance and generate a session key between user and sensor nodes. The security analysis phase shows that our scheme can withstand related attacks, including a lost password threat, and the comparison phase shows that our scheme involves a relatively small overhead. In the comparison of the overhead phase, the result indicates that more than 95% of the overhead is composed of communication and not computation overhead. Therefore, the result motivates us to pay further attention to communication overhead than computation overhead in future research.

Advanced Cyber Industrial Control System Tactics, Techniques, and Procedures (ACI TTP) for Department of Defense (DOD) Industrial Control Systems (ICS)

DTIC Science & Technology

2016-08-10

enable JCS managers to detect advanced cyber attacks, mitigate the effects of those attacks, and recover their networks following an attack. It also... managers of ICS networks to Detect, Mitigate, and Recover from nation-state-level cyber attacks (strategic, deliberate, well-trained, and funded...Successful Detection of cyber anomalies is best achieved when IT and ICS managers remain in close coordination. The Integrity Checks Table

Analysis of metro network performance from a complex network perspective

NASA Astrophysics Data System (ADS)

Wu, Xingtang; Dong, Hairong; Tse, Chi Kong; Ho, Ivan W. H.; Lau, Francis C. M.

2018-02-01

In this paper, the performance of metro networks is studied from a network science perspective. We review the structural efficiency of metro networks on the basis of a passenger's intuitive routing strategy that optimizes the number of transfers and the distance traveled.A new node centrality measure, called node occupying probability, is introduced for evaluating the level of utilization of stations. The robustness of a metro network is analyzed under several attack scenarios. Six metro networks (Beijing, London, Paris, Hong Kong, Tokyo and New York) are compared in terms of the node occupying probability and a few other performance parameters. Simulation results show that the New York metro system has better topological efficiency, the Tokyo and Hong Kong systems are the most robust under random attack and target attack, respectively.

Enhanced Security and Pairing-free Handover Authentication Scheme for Mobile Wireless Networks

NASA Astrophysics Data System (ADS)

Chen, Rui; Shu, Guangqiang; Chen, Peng; Zhang, Lijun

2017-10-01

With the widely deployment of mobile wireless networks, we aim to propose a secure and seamless handover authentication scheme that allows users to roam freely in wireless networks without worrying about security and privacy issues. Given the open characteristic of wireless networks, safety and efficiency should be considered seriously. Several previous protocols are designed based on a bilinear pairing mapping, which is time-consuming and inefficient work, as well as unsuitable for practical situations. To address these issues, we designed a new pairing-free handover authentication scheme for mobile wireless networks. This scheme is an effective improvement of the protocol by Xu et al., which is suffer from the mobile node impersonation attack. Security analysis and simulation experiment indicate that the proposed protocol has many excellent security properties when compared with other recent similar handover schemes, such as mutual authentication and resistance to known network threats, as well as requiring lower computation and communication cost.

AEGIS: A Lightweight Firewall for Wireless Sensor Networks

NASA Astrophysics Data System (ADS)

Hossain, Mohammad Sajjad; Raghunathan, Vijay

Firewalls are an essential component in today's networked computing systems (desktops, laptops, and servers) and provide effective protection against a variety of over-the-network security attacks. With the development of technologies such as IPv6 and 6LoWPAN that pave the way for Internet-connected embedded systems and sensor networks, these devices will soon be subject to (and need to be defended against) similar security threats. As a first step, this paper presents Aegis, a lightweight, rule-based firewall for networked embedded systems such as wireless sensor networks. Aegis is based on a semantically rich, yet simple, rule definition language. In addition, Aegis is highly efficient during operation, runs in a transparent manner from running applications, and is easy to maintain. Experimental results obtained using real sensor nodes and cycle-accurate simulations demonstrate that Aegis successfully performs gatekeeping of a sensor node's communication traffic in a flexible manner with minimal overheads.

A Novel Re-keying Function Protocol (NRFP) For Wireless Sensor Network Security.

PubMed

Abdullah, Maan Younis; Hua, Gui Wei; Alsharabi, Naif

2008-12-04

This paper describes a novel re-keying function protocol (NRFP) for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs), covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding in-network processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks.

Heart Attack Recovery FAQs

MedlinePlus

... recommendations to make a full recovery. View an animation of a heart attack . Heart Attack Recovery Questions ... Support Network Popular Articles 1 Understanding Blood Pressure Readings 2 Sodium and Salt 3 Heart Attack Symptoms ...

LiPISC: A Lightweight and Flexible Method for Privacy-Aware Intersection Set Computation

PubMed Central

Huang, Shiyong; Ren, Yi; Choo, Kim-Kwang Raymond

2016-01-01

Privacy-aware intersection set computation (PISC) can be modeled as secure multi-party computation. The basic idea is to compute the intersection of input sets without leaking privacy. Furthermore, PISC should be sufficiently flexible to recommend approximate intersection items. In this paper, we reveal two previously unpublished attacks against PISC, which can be used to reveal and link one input set to another input set, resulting in privacy leakage. We coin these as Set Linkage Attack and Set Reveal Attack. We then present a lightweight and flexible PISC scheme (LiPISC) and prove its security (including against Set Linkage Attack and Set Reveal Attack). PMID:27326763

LiPISC: A Lightweight and Flexible Method for Privacy-Aware Intersection Set Computation.

PubMed

Ren, Wei; Huang, Shiyong; Ren, Yi; Choo, Kim-Kwang Raymond

2016-01-01

Privacy-aware intersection set computation (PISC) can be modeled as secure multi-party computation. The basic idea is to compute the intersection of input sets without leaking privacy. Furthermore, PISC should be sufficiently flexible to recommend approximate intersection items. In this paper, we reveal two previously unpublished attacks against PISC, which can be used to reveal and link one input set to another input set, resulting in privacy leakage. We coin these as Set Linkage Attack and Set Reveal Attack. We then present a lightweight and flexible PISC scheme (LiPISC) and prove its security (including against Set Linkage Attack and Set Reveal Attack).

A Game-Theoretic Response Strategy for Coordinator Attack in Wireless Sensor Networks

PubMed Central

Liu, Jianhua; Yue, Guangxue; Shang, Huiliang; Li, Hongjie

2014-01-01

The coordinator is a specific node that controls the whole network and has a significant impact on the performance in cooperative multihop ZigBee wireless sensor networks (ZWSNs). However, the malicious node attacks coordinator nodes in an effort to waste the resources and disrupt the operation of the network. Attacking leads to a failure of one round of communication between the source nodes and destination nodes. Coordinator selection is a technique that can considerably defend against attack and reduce the data delivery delay, and increase network performance of cooperative communications. In this paper, we propose an adaptive coordinator selection algorithm using game and fuzzy logic aiming at both minimizing the average number of hops and maximizing network lifetime. The proposed game model consists of two interrelated formulations: a stochastic game for dynamic defense and a best response policy using evolutionary game formulation for coordinator selection. The stable equilibrium best policy to response defense is obtained from this game model. It is shown that the proposed scheme can improve reliability and save energy during the network lifetime with respect to security. PMID:25105171

A game-theoretic response strategy for coordinator attack in wireless sensor networks.

PubMed

Liu, Jianhua; Yue, Guangxue; Shen, Shigen; Shang, Huiliang; Li, Hongjie

2014-01-01

The coordinator is a specific node that controls the whole network and has a significant impact on the performance in cooperative multihop ZigBee wireless sensor networks (ZWSNs). However, the malicious node attacks coordinator nodes in an effort to waste the resources and disrupt the operation of the network. Attacking leads to a failure of one round of communication between the source nodes and destination nodes. Coordinator selection is a technique that can considerably defend against attack and reduce the data delivery delay, and increase network performance of cooperative communications. In this paper, we propose an adaptive coordinator selection algorithm using game and fuzzy logic aiming at both minimizing the average number of hops and maximizing network lifetime. The proposed game model consists of two interrelated formulations: a stochastic game for dynamic defense and a best response policy using evolutionary game formulation for coordinator selection. The stable equilibrium best policy to response defense is obtained from this game model. It is shown that the proposed scheme can improve reliability and save energy during the network lifetime with respect to security.

RUASN: A Robust User Authentication Framework for Wireless Sensor Networks

PubMed Central

Kumar, Pardeep; Choudhury, Amlan Jyoti; Sain, Mangal; Lee, Sang-Gon; Lee, Hoon-Jae

2011-01-01

In recent years, wireless sensor networks (WSNs) have been considered as a potential solution for real-time monitoring applications and these WSNs have potential practical impact on next generation technology too. However, WSNs could become a threat if suitable security is not considered before the deployment and if there are any loopholes in their security, which might open the door for an attacker and hence, endanger the application. User authentication is one of the most important security services to protect WSN data access from unauthorized users; it should provide both mutual authentication and session key establishment services. This paper proposes a robust user authentication framework for wireless sensor networks, based on a two-factor (password and smart card) concept. This scheme facilitates many services to the users such as user anonymity, mutual authentication, secure session key establishment and it allows users to choose/update their password regularly, whenever needed. Furthermore, we have provided the formal verification using Rubin logic and compare RUASN with many existing schemes. As a result, we found that the proposed scheme possesses many advantages against popular attacks, and achieves better efficiency at low computation cost. PMID:22163888

State-of-the-art research on electromagnetic information security

NASA Astrophysics Data System (ADS)

Hayashi, Yu-ichi

2016-07-01

As information security is becoming increasingly significant, security at the hardware level is as important as in networks and applications. In recent years, instrumentation has become cheaper and more precise, computation has become faster, and capacities have increased. With these advancements, the threat of advanced attacks that were considerably difficult to carry out previously has increased not only in military and diplomatic fields but also in general-purpose manufactured devices. This paper focuses on the problem of the security limitations concerning electromagnetic waves (electromagnetic information security) that has rendered attack detection particularly difficult at the hardware level. In addition to reviewing the mechanisms of these information leaks and countermeasures, this paper also presents the latest research trends and standards.

Cyber secure systems approach for NPP digital control systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

McCreary, T. J.; Hsu, A.

2006-07-01

Whether fossil or nuclear power, the chief operations goal is to generate electricity. The heart of most plant operations is the I and C system. With the march towards open architecture, the I and C system is more vulnerable than ever to system security attacks (denial of service, virus attacks and others), thus jeopardizing plant operations. Plant staff must spend large amounts of time and money setting up and monitoring a variety of security strategies to counter the threats and actual attacks to the system. This time and money is a drain on the financial performance of a plant andmore » distracts valuable operations resources from their real goals: product. The pendulum towards complete open architecture may have swung too far. Not all aspects of proprietary hardware and software are necessarily 'bad'. As the aging U.S. fleet of nuclear power plants starts to engage in replacing legacy control systems, and given the on-going (and legitimate) concern about the security of present digital control systems, decisions about how best to approach cyber security are vital to the specification and selection of control system vendors for these upgrades. The authors maintain that utilizing certain resources available in today's digital technology, plant control systems can be configured from the onset to be inherently safe, so that plant staff can concentrate on the operational issues of the plant. The authors postulate the concept of the plant I and C being bounded in a 'Cyber Security Zone' and present a design approach that can alleviate the concern and cost at the plant level of dealing with system security strategies. Present approaches through various IT cyber strategies, commercial software, and even postulated standards from various industry/trade organizations are almost entirely reactive and simply add to cost and complexity. This Cyber Security Zone design demonstrates protection from the four classes of cyber security attacks: 1)Threat from an intruder attempting to disrupt network communications by entering the system from an attached utility network or utilizing a modem connected to a control system PC that is in turn connected to a publicly accessible phone; 2)Threat from a user connecting an unauthorized computer to the control network; 3)Threat from a security attack when an unauthorized user gains access to a PC connected to the plant network;. 4)Threat from internal disruption (by plant staff, whether, malicious or otherwise) by unauthorized usage of files or file handling media that opens the system to security threat (as typified in current situation in most control rooms). The plant I and C system cyber security design and the plant specific procedures should adequately demonstrate protection from the four pertinent classes of cyber security attacks. The combination of these features should demonstrate that the system is not vulnerable to any analyzed cyber security attacks either from internal sources or through network connections. The authors will provide configurations that will demonstrate the Cyber Security Zone. (authors)« less

The influence of the depth of k-core layers on the robustness of interdependent networks against cascading failures

NASA Astrophysics Data System (ADS)

Dong, Zhengcheng; Fang, Yanjun; Tian, Meng; Kong, Zhengmin

The hierarchical structure, k-core, is common in various complex networks, and the actual network always has successive layers from 1-core layer (the peripheral layer) to km-core layer (the core layer). The nodes within the core layer have been proved to be the most influential spreaders, but there is few work about how the depth of k-core layers (the value of km) can affect the robustness against cascading failures, rather than the interdependent networks. First, following the preferential attachment, a novel method is proposed to generate the scale-free network with successive k-core layers (KCBA network), and the KCBA network is validated more realistic than the traditional BA network. Then, with KCBA interdependent networks, the effect of the depth of k-core layers is investigated. Considering the load-based model, the loss of capacity on nodes is adopted to quantify the robustness instead of the number of functional nodes in the end. We conduct two attacking strategies, i.e. the RO-attack (Randomly remove only one node) and the RF-attack (Randomly remove a fraction of nodes). Results show that the robustness of KCBA networks not only depends on the depth of k-core layers, but also is slightly influenced by the initial load. With RO-attack, the networks with less k-core layers are more robust when the initial load is small. With RF-attack, the robustness improves with small km, but the improvement is getting weaker with the increment of the initial load. In a word, the lower the depth is, the more robust the networks will be.

Accurate Sybil Attack Detection Based on Fine-Grained Physical Channel Information.

PubMed

Wang, Chundong; Zhu, Likun; Gong, Liangyi; Zhao, Zhentang; Yang, Lei; Liu, Zheli; Cheng, Xiaochun

2018-03-15

With the development of the Internet-of-Things (IoT), wireless network security has more and more attention paid to it. The Sybil attack is one of the famous wireless attacks that can forge wireless devices to steal information from clients. These forged devices may constantly attack target access points to crush the wireless network. In this paper, we propose a novel Sybil attack detection based on Channel State Information (CSI). This detection algorithm can tell whether the static devices are Sybil attackers by combining a self-adaptive multiple signal classification algorithm with the Received Signal Strength Indicator (RSSI). Moreover, we develop a novel tracing scheme to cluster the channel characteristics of mobile devices and detect dynamic attackers that change their channel characteristics in an error area. Finally, we experiment on mobile and commercial WiFi devices. Our algorithm can effectively distinguish the Sybil devices. The experimental results show that our Sybil attack detection system achieves high accuracy for both static and dynamic scenarios. Therefore, combining the phase and similarity of channel features, the multi-dimensional analysis of CSI can effectively detect Sybil nodes and improve the security of wireless networks.

Accurate Sybil Attack Detection Based on Fine-Grained Physical Channel Information

PubMed Central

Wang, Chundong; Zhao, Zhentang; Yang, Lei; Liu, Zheli; Cheng, Xiaochun

2018-01-01

With the development of the Internet-of-Things (IoT), wireless network security has more and more attention paid to it. The Sybil attack is one of the famous wireless attacks that can forge wireless devices to steal information from clients. These forged devices may constantly attack target access points to crush the wireless network. In this paper, we propose a novel Sybil attack detection based on Channel State Information (CSI). This detection algorithm can tell whether the static devices are Sybil attackers by combining a self-adaptive multiple signal classification algorithm with the Received Signal Strength Indicator (RSSI). Moreover, we develop a novel tracing scheme to cluster the channel characteristics of mobile devices and detect dynamic attackers that change their channel characteristics in an error area. Finally, we experiment on mobile and commercial WiFi devices. Our algorithm can effectively distinguish the Sybil devices. The experimental results show that our Sybil attack detection system achieves high accuracy for both static and dynamic scenarios. Therefore, combining the phase and similarity of channel features, the multi-dimensional analysis of CSI can effectively detect Sybil nodes and improve the security of wireless networks. PMID:29543773

On the routing protocol influence on the resilience of wireless sensor networks to jamming attacks.

PubMed

Del-Valle-Soto, Carolina; Mex-Perera, Carlos; Monroy, Raul; Nolazco-Flores, Juan Arturo

2015-03-27

In this work, we compare a recently proposed routing protocol, the multi-parent hierarchical (MPH) protocol, with two well-known protocols, the ad hoc on-demand distance vector (AODV) and dynamic source routing (DSR). For this purpose, we have developed a simulator, which faithfully reifies the workings of a given protocol, considering a fixed, reconfigurable ad hoc network given by the number and location of participants, and general network conditions. We consider a scenario that can be found in a large number of wireless sensor network applications, a single sink node that collects all of the information generated by the sensors. The metrics used to compare the protocols were the number of packet retransmissions, carrier sense multiple access (CSMA) inner loop retries, the number of nodes answering the queries from the coordinator (sink) node and the energy consumption. We tested the network under ordinary (without attacks) conditions (and combinations thereof) and when it is subject to different types of jamming attacks (in particular, random and reactive jamming attacks), considering several positions for the jammer. Our results report that MPH has a greater ability to tolerate such attacks than DSR and AODV, since it minimizes and encapsulates the network segment under attack. The self-configuring capabilities of MPH derived from a combination of a proactive routes update, on a periodic-time basis, and a reactive behavior provide higher resilience while offering a better performance (overhead and energy consumption) than AODV and DSR, as shown in our simulation results.

An Enhanced Three-Factor User Authentication Scheme Using Elliptic Curve Cryptosystem for Wireless Sensor Networks.

PubMed

Wang, Chenyu; Xu, Guoai; Sun, Jing

2017-12-19

As an essential part of Internet of Things (IoT), wireless sensor networks (WSNs) have touched every aspect of our lives, such as health monitoring, environmental monitoring and traffic monitoring. However, due to its openness, wireless sensor networks are vulnerable to various security threats. User authentication, as the first fundamental step to protect systems from various attacks, has attracted much attention. Numerous user authentication protocols armed with formal proof are springing up. Recently, two biometric-based schemes were proposed with confidence to be resistant to the known attacks including offline dictionary attack, impersonation attack and so on. However, after a scrutinization of these two schemes, we found them not secure enough as claimed, and then demonstrated that these schemes suffer from various attacks, such as offline dictionary attack, impersonation attack, no user anonymity, no forward secrecy, etc. Furthermore, we proposed an enhanced scheme to overcome the identified weaknesses, and proved its security via Burrows-Abadi-Needham (BAN) logic and the heuristic analysis. Finally, we compared our scheme with other related schemes, and the results showed the superiority of our scheme.

An Enhanced Three-Factor User Authentication Scheme Using Elliptic Curve Cryptosystem for Wireless Sensor Networks

PubMed Central

Xu, Guoai; Sun, Jing

2017-01-01

As an essential part of Internet of Things (IoT), wireless sensor networks (WSNs) have touched every aspect of our lives, such as health monitoring, environmental monitoring and traffic monitoring. However, due to its openness, wireless sensor networks are vulnerable to various security threats. User authentication, as the first fundamental step to protect systems from various attacks, has attracted much attention. Numerous user authentication protocols armed with formal proof are springing up. Recently, two biometric-based schemes were proposed with confidence to be resistant to the known attacks including offline dictionary attack, impersonation attack and so on. However, after a scrutinization of these two schemes, we found them not secure enough as claimed, and then demonstrated that these schemes suffer from various attacks, such as offline dictionary attack, impersonation attack, no user anonymity, no forward secrecy, etc. Furthermore, we proposed an enhanced scheme to overcome the identified weaknesses, and proved its security via Burrows–Abadi–Needham (BAN) logic and the heuristic analysis. Finally, we compared our scheme with other related schemes, and the results showed the superiority of our scheme. PMID:29257066

Fuzzy-information-based robustness of interconnected networks against attacks and failures

NASA Astrophysics Data System (ADS)

Zhu, Qian; Zhu, Zhiliang; Wang, Yifan; Yu, Hai

2016-09-01

Cascading failure is fatal in applications and its investigation is essential and therefore became a focal topic in the field of complex networks in the last decade. In this paper, a cascading failure model is established for interconnected networks and the associated data-packet transport problem is discussed. A distinguished feature of the new model is its utilization of fuzzy information in resisting uncertain failures and malicious attacks. We numerically find that the giant component of the network after failures increases with tolerance parameter for any coupling preference and attacking ambiguity. Moreover, considering the effect of the coupling probability on the robustness of the networks, we find that the robustness of the assortative coupling and random coupling of the network model increases with the coupling probability. However, for disassortative coupling, there exists a critical phenomenon for coupling probability. In addition, a critical value that attacking information accuracy affects the network robustness is observed. Finally, as a practical example, the interconnected AS-level Internet in South Korea and Japan is analyzed. The actual data validates the theoretical model and analytic results. This paper thus provides some guidelines for preventing cascading failures in the design of architecture and optimization of real-world interconnected networks.

Topological robustness analysis of protein interaction networks reveals key targets for overcoming chemotherapy resistance in glioma

NASA Astrophysics Data System (ADS)

Azevedo, Hátylas; Moreira-Filho, Carlos Alberto

2015-11-01

Biological networks display high robustness against random failures but are vulnerable to targeted attacks on central nodes. Thus, network topology analysis represents a powerful tool for investigating network susceptibility against targeted node removal. Here, we built protein interaction networks associated with chemoresistance to temozolomide, an alkylating agent used in glioma therapy, and analyzed their modular structure and robustness against intentional attack. These networks showed functional modules related to DNA repair, immunity, apoptosis, cell stress, proliferation and migration. Subsequently, network vulnerability was assessed by means of centrality-based attacks based on the removal of node fractions in descending orders of degree, betweenness, or the product of degree and betweenness. This analysis revealed that removing nodes with high degree and high betweenness was more effective in altering networks’ robustness parameters, suggesting that their corresponding proteins may be particularly relevant to target temozolomide resistance. In silico data was used for validation and confirmed that central nodes are more relevant for altering proliferation rates in temozolomide-resistant glioma cell lines and for predicting survival in glioma patients. Altogether, these results demonstrate how the analysis of network vulnerability to topological attack facilitates target prioritization for overcoming cancer chemoresistance.

Securing internet by eliminating DDOS attacks

NASA Astrophysics Data System (ADS)

Niranchana, R.; Gayathri Devi, N.; Santhi, H.; Gayathri, P.

2017-11-01

The major threat caused to the authorised usage of Internet is Distributed Denial of Service attack. The mechanisms used to prevent the DDoS attacks are said to overcome the attack’s ability in spoofing the IP packets source addresses. By utilising Internet Protocol spoofing, the attackers cause a consequential load over the networks destination for policing attack packets. To overcome the IP Spoofing level on the Internet, We propose an Inter domain Packet Filter (IPF) architecture. The proposed scheme is not based on global routing information. The packets with reliable source addresses are not rejected, the IPF frame work works in such a manner. The spoofing capability of attackers is confined by IPF, and also the filter identifies the source of an attack packet by minimal number of candidate network.

Examining the Security Awareness, Information Privacy, and the Security Behaviors of Home Computer Users

ERIC Educational Resources Information Center

Edwards, Keith

2015-01-01

Attacks on computer systems continue to be a problem. The majority of the attacks target home computer users. To help mitigate the attacks some companies provide security awareness training to their employees. However, not all people work for a company that provides security awareness training and typically, home computer users do not have the…

Cascade-based attacks on complex networks

NASA Astrophysics Data System (ADS)

Motter, Adilson E.; Lai, Ying-Cheng

2002-12-01

We live in a modern world supported by large, complex networks. Examples range from financial markets to communication and transportation systems. In many realistic situations the flow of physical quantities in the network, as characterized by the loads on nodes, is important. We show that for such networks where loads can redistribute among the nodes, intentional attacks can lead to a cascade of overload failures, which can in turn cause the entire or a substantial part of the network to collapse. This is relevant for real-world networks that possess a highly heterogeneous distribution of loads, such as the Internet and power grids. We demonstrate that the heterogeneity of these networks makes them particularly vulnerable to attacks in that a large-scale cascade may be triggered by disabling a single key node. This brings obvious concerns on the security of such systems.

A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems

DTIC Science & Technology

1999-06-01

administrator whenever a system binary file (such as the ps, login , or ls program) is modified. Normal users have no legitimate reason to alter these files...development of EMERALD [46], which combines statistical anomaly detection from NIDES with signature verification. Specification-based intrusion detection...the creation of a single host that can act as many hosts. Daemons that provide network services—including telnetd, ftpd, and login — display banners

Unstable Angina

MedlinePlus

... Women This content was last reviewed July 2015. Heart Attack • Home • About Heart Attacks Acute Coronary Syndrome (ACS) ... Recovery FAQs • Heart Attack Tools & Resources • Support Network Heart Attack Tools & Resources My Cardiac Coach What Is a ...

Acute Coronary Syndrome

MedlinePlus

... angina? This content was last reviewed July 2015. Heart Attack • Home • About Heart Attacks Acute Coronary Syndrome (ACS) ... Recovery FAQs • Heart Attack Tools & Resources • Support Network Heart Attack Tools & Resources My Cardiac Coach What Is a ...

Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security.

PubMed

Kang, Min-Joo; Kang, Je-Won

2016-01-01

A novel intrusion detection system (IDS) using a deep neural network (DNN) is proposed to enhance the security of in-vehicular network. The parameters building the DNN structure are trained with probability-based feature vectors that are extracted from the in-vehicular network packets. For a given packet, the DNN provides the probability of each class discriminating normal and attack packets, and, thus the sensor can identify any malicious attack to the vehicle. As compared to the traditional artificial neural network applied to the IDS, the proposed technique adopts recent advances in deep learning studies such as initializing the parameters through the unsupervised pre-training of deep belief networks (DBN), therefore improving the detection accuracy. It is demonstrated with experimental results that the proposed technique can provide a real-time response to the attack with a significantly improved detection ratio in controller area network (CAN) bus.

Intrusion Detection System Using Deep Neural Network for In-Vehicle Network Security

PubMed Central

Kang, Min-Joo

2016-01-01

A novel intrusion detection system (IDS) using a deep neural network (DNN) is proposed to enhance the security of in-vehicular network. The parameters building the DNN structure are trained with probability-based feature vectors that are extracted from the in-vehicular network packets. For a given packet, the DNN provides the probability of each class discriminating normal and attack packets, and, thus the sensor can identify any malicious attack to the vehicle. As compared to the traditional artificial neural network applied to the IDS, the proposed technique adopts recent advances in deep learning studies such as initializing the parameters through the unsupervised pre-training of deep belief networks (DBN), therefore improving the detection accuracy. It is demonstrated with experimental results that the proposed technique can provide a real-time response to the attack with a significantly improved detection ratio in controller area network (CAN) bus. PMID:27271802

SCA security verification on wireless sensor network node

NASA Astrophysics Data System (ADS)

He, Wei; Pizarro, Carlos; de la Torre, Eduardo; Portilla, Jorge; Riesgo, Teresa

2011-05-01

Side Channel Attack (SCA) differs from traditional mathematic attacks. It gets around of the exhaustive mathematic calculation and precisely pin to certain points in the cryptographic algorithm to reveal confidential information from the running crypto-devices. Since the introduction of SCA by Paul Kocher et al [1], it has been considered to be one of the most critical threats to the resource restricted but security demanding applications, such as wireless sensor networks. In this paper, we focus our work on the SCA-concerned security verification on WSN (wireless sensor network). A detailed setup of the platform and an analysis of the results of DPA (power attack) and EMA (electromagnetic attack) is presented. The setup follows the way of low-cost setup to make effective SCAs. Meanwhile, surveying the weaknesses of WSNs in resisting SCA attacks, especially for the EM attack. Finally, SCA-Prevention suggestions based on Differential Security Strategy for the FPGA hardware implementation in WSN will be given, helping to get an improved compromise between security and cost.

Application distribution model and related security attacks in VANET

NASA Astrophysics Data System (ADS)

Nikaein, Navid; Kanti Datta, Soumya; Marecar, Irshad; Bonnet, Christian

2013-03-01

In this paper, we present a model for application distribution and related security attacks in dense vehicular ad hoc networks (VANET) and sparse VANET which forms a delay tolerant network (DTN). We study the vulnerabilities of VANET to evaluate the attack scenarios and introduce a new attacker`s model as an extension to the work done in [6]. Then a VANET model has been proposed that supports the application distribution through proxy app stores on top of mobile platforms installed in vehicles. The steps of application distribution have been studied in detail. We have identified key attacks (e.g. malware, spamming and phishing, software attack and threat to location privacy) for dense VANET and two attack scenarios for sparse VANET. It has been shown that attacks can be launched by distributing malicious applications and injecting malicious codes to On Board Unit (OBU) by exploiting OBU software security holes. Consequences of such security attacks have been described. Finally, countermeasures including the concepts of sandbox have also been presented in depth.

A secured authentication protocol for wireless sensor networks using elliptic curves cryptography.

PubMed

Yeh, Hsiu-Lien; Chen, Tien-Ho; Liu, Pin-Chuan; Kim, Tai-Hoo; Wei, Hsin-Wen

2011-01-01

User authentication is a crucial service in wireless sensor networks (WSNs) that is becoming increasingly common in WSNs because wireless sensor nodes are typically deployed in an unattended environment, leaving them open to possible hostile network attack. Because wireless sensor nodes are limited in computing power, data storage and communication capabilities, any user authentication protocol must be designed to operate efficiently in a resource constrained environment. In this paper, we review several proposed WSN user authentication protocols, with a detailed review of the M.L Das protocol and a cryptanalysis of Das' protocol that shows several security weaknesses. Furthermore, this paper proposes an ECC-based user authentication protocol that resolves these weaknesses. According to our analysis of security of the ECC-based protocol, it is suitable for applications with higher security requirements. Finally, we present a comparison of security, computation, and communication costs and performances for the proposed protocols. The ECC-based protocol is shown to be suitable for higher security WSNs.

A Secured Authentication Protocol for Wireless Sensor Networks Using Elliptic Curves Cryptography

PubMed Central

Yeh, Hsiu-Lien; Chen, Tien-Ho; Liu, Pin-Chuan; Kim, Tai-Hoo; Wei, Hsin-Wen

2011-01-01

User authentication is a crucial service in wireless sensor networks (WSNs) that is becoming increasingly common in WSNs because wireless sensor nodes are typically deployed in an unattended environment, leaving them open to possible hostile network attack. Because wireless sensor nodes are limited in computing power, data storage and communication capabilities, any user authentication protocol must be designed to operate efficiently in a resource constrained environment. In this paper, we review several proposed WSN user authentication protocols, with a detailed review of the M.L Das protocol and a cryptanalysis of Das’ protocol that shows several security weaknesses. Furthermore, this paper proposes an ECC-based user authentication protocol that resolves these weaknesses. According to our analysis of security of the ECC-based protocol, it is suitable for applications with higher security requirements. Finally, we present a comparison of security, computation, and communication costs and performances for the proposed protocols. The ECC-based protocol is shown to be suitable for higher security WSNs. PMID:22163874

A Novel Friendly Jamming Scheme in Industrial Crowdsensing Networks against Eavesdropping Attack.

PubMed

Li, Xuran; Wang, Qiu; Dai, Hong-Ning; Wang, Hao

2018-06-14

Eavesdropping attack is one of the most serious threats in industrial crowdsensing networks. In this paper, we propose a novel anti-eavesdropping scheme by introducing friendly jammers to an industrial crowdsensing network. In particular, we establish a theoretical framework considering both the probability of eavesdropping attacks and the probability of successful transmission to evaluate the effectiveness of our scheme. Our framework takes into account various channel conditions such as path loss, Rayleigh fading, and the antenna type of friendly jammers. Our results show that using jammers in industrial crowdsensing networks can effectively reduce the eavesdropping risk while having no significant influence on legitimate communications.

Quantum measurements of signals from the Alphasat TDP1 laser communication terminal

NASA Astrophysics Data System (ADS)

Elser, D.; Günthner, K.; Khan, I.; Stiller, B.; Bayraktar, Ö.; Müller, C. R.; Saucke, K.; Tröndle, D.; Heine, F.; Seel, S.; Greulich, P.; Zech, H.; Gütlich, B.; Richter, I.; Philipp-May, S.; Marquardt, Ch.; Leuchs, G.

2017-09-01

Quantum optics [1] can be harnessed to implement cryptographic protocols that are verifiably immune against any conceivable attack [2]. Even quantum computers, that will break most current public keys [3, 4], cannot harm quantum encryption. Based on these intriguing quantum features, metropolitan quantum networks have been implemented around the world [5-15]. However, the long-haul link between metropolitan networks is currently missing [16]. Existing fiber infrastructure is not suitable for this purpose since classical telecom repeaters cannot relay quantum states [2]. Therefore, optical satellite-to-ground communication [17-22] lends itself to bridge intercontinental distances for quantum communication [23-40].

The Effects of Observation Errors on the Attack Vulnerability of Complex Networks

DTIC Science & Technology

2012-11-01

more detail, to construct a true network we select a topology (erdos- renyi (Erdos & Renyi , 1959), scale-free (Barabási & Albert, 1999), small world...Efficiency of Scale-Free Networks: Error and Attack Tolerance. Physica A, Volume 320, pp. 622-642. 6. Erdos, P. & Renyi , A., 1959. On Random Graphs, I

AVQS: Attack Route-Based Vulnerability Quantification Scheme for Smart Grid

PubMed Central

Lim, Hyunwoo; Lee, Seokjun; Shon, Taeshik

2014-01-01

A smart grid is a large, consolidated electrical grid system that includes heterogeneous networks and systems. Based on the data, a smart grid system has a potential security threat in its network connectivity. To solve this problem, we develop and apply a novel scheme to measure the vulnerability in a smart grid domain. Vulnerability quantification can be the first step in security analysis because it can help prioritize the security problems. However, existing vulnerability quantification schemes are not suitable for smart grid because they do not consider network vulnerabilities. We propose a novel attack route-based vulnerability quantification scheme using a network vulnerability score and an end-to-end security score, depending on the specific smart grid network environment to calculate the vulnerability score for a particular attack route. To evaluate the proposed approach, we derive several attack scenarios from the advanced metering infrastructure domain. The experimental results of the proposed approach and the existing common vulnerability scoring system clearly show that we need to consider network connectivity for more optimized vulnerability quantification. PMID:25152923

Using new edges for anomaly detection in computer networks

DOEpatents

Neil, Joshua Charles

2017-07-04

Creation of new edges in a network may be used as an indication of a potential attack on the network. Historical data of a frequency with which nodes in a network create and receive new edges may be analyzed. Baseline models of behavior among the edges in the network may be established based on the analysis of the historical data. A new edge that deviates from a respective baseline model by more than a predetermined threshold during a time window may be detected. The new edge may be flagged as potentially anomalous when the deviation from the respective baseline model is detected. Probabilities for both new and existing edges may be obtained for all edges in a path or other subgraph. The probabilities may then be combined to obtain a score for the path or other subgraph. A threshold may be obtained by calculating an empirical distribution of the scores under historical conditions.

A Novel Re-keying Function Protocol (NRFP) For Wireless Sensor Network Security

PubMed Central

Abdullah, Maan Younis; Hua, Gui Wei; Alsharabi, Naif

2008-01-01

This paper describes a novel re-keying function protocol (NRFP) for wireless sensor network security. A re-keying process management system for sensor networks is designed to support in-network processing. The design of the protocol is motivated by decentralization key management for wireless sensor networks (WSNs), covering key deployment, key refreshment, and key establishment. NRFP supports the establishment of novel administrative functions for sensor nodes that derive/re-derive a session key for each communication session. The protocol proposes direct connection, in-direct connection and hybrid connection. NRFP also includes an efficient protocol for local broadcast authentication based on the use of one-way key chains. A salient feature of the authentication protocol is that it supports source authentication without precluding innetwork processing. Security and performance analysis shows that it is very efficient in computation, communication and storage and, that NRFP is also effective in defending against many sophisticated attacks. PMID:27873963

Using new edges for anomaly detection in computer networks

DOEpatents

Neil, Joshua Charles

2015-05-19

Creation of new edges in a network may be used as an indication of a potential attack on the network. Historical data of a frequency with which nodes in a network create and receive new edges may be analyzed. Baseline models of behavior among the edges in the network may be established based on the analysis of the historical data. A new edge that deviates from a respective baseline model by more than a predetermined threshold during a time window may be detected. The new edge may be flagged as potentially anomalous when the deviation from the respective baseline model is detected. Probabilities for both new and existing edges may be obtained for all edges in a path or other subgraph. The probabilities may then be combined to obtain a score for the path or other subgraph. A threshold may be obtained by calculating an empirical distribution of the scores under historical conditions.

A Dynamic Game on Network Topology for Counterinsurgency Applications

DTIC Science & Technology

2015-03-26

scenario. This study creates a dynamic game on network topology to provide insight into the effec- tiveness of offensive targeting strategies determined by...focused upon the diffusion of thoughts and innovations throughout complex social networks. Coleman et al. (1966) and Ryan & Gross (1950) investigated...free networks make them extremely resilient against errors but very vulnerable to attack. Most interest- ingly, a determined attacker can remove well

Combining Concepts: Operational Shock in Insurgencies

DTIC Science & Technology

2013-05-23

individual insurgent put down his arms and walk away; rather its focus is on attacking the insurgency at the operational level. The past decade of... attacking insurgent networks. This section highlights the characteristics of an insurgent system in a state of shock and discusses methods the...command nodes, and rail networks, denying the enemy the ability to operationally maneuver his forces.4 This rapid maneuver, coupled with attacks

Oscillations in interconnected complex networks under intentional attack

NASA Astrophysics Data System (ADS)

Zhang, Wen-Ping; Xia, Yongxiang; Tan, Fei

2016-01-01

Many real-world networks are interconnected with each other. In this paper, we study the traffic dynamics in interconnected complex networks under an intentional attack. We find that with the shortest time delay routing strategy, the traffic dynamics can show the stable state, periodic, quasi-periodic and chaotic oscillations, when the capacity redundancy parameter changes. Moreover, compared with isolated complex networks, oscillations always take place in interconnected networks more easily. Thirdly, in interconnected networks, oscillations are affected strongly by the coupling probability and coupling preference.

Genetic attack on neural cryptography.

PubMed

Ruttor, Andreas; Kinzel, Wolfgang; Naeh, Rivka; Kanter, Ido

2006-03-01

Different scaling properties for the complexity of bidirectional synchronization and unidirectional learning are essential for the security of neural cryptography. Incrementing the synaptic depth of the networks increases the synchronization time only polynomially, but the success of the geometric attack is reduced exponentially and it clearly fails in the limit of infinite synaptic depth. This method is improved by adding a genetic algorithm, which selects the fittest neural networks. The probability of a successful genetic attack is calculated for different model parameters using numerical simulations. The results show that scaling laws observed in the case of other attacks hold for the improved algorithm, too. The number of networks needed for an effective attack grows exponentially with increasing synaptic depth. In addition, finite-size effects caused by Hebbian and anti-Hebbian learning are analyzed. These learning rules converge to the random walk rule if the synaptic depth is small compared to the square root of the system size.

Genetic attack on neural cryptography

DOE Office of Scientific and Technical Information (OSTI.GOV)

Ruttor, Andreas; Kinzel, Wolfgang; Naeh, Rivka

2006-03-15

Different scaling properties for the complexity of bidirectional synchronization and unidirectional learning are essential for the security of neural cryptography. Incrementing the synaptic depth of the networks increases the synchronization time only polynomially, but the success of the geometric attack is reduced exponentially and it clearly fails in the limit of infinite synaptic depth. This method is improved by adding a genetic algorithm, which selects the fittest neural networks. The probability of a successful genetic attack is calculated for different model parameters using numerical simulations. The results show that scaling laws observed in the case of other attacks hold formore » the improved algorithm, too. The number of networks needed for an effective attack grows exponentially with increasing synaptic depth. In addition, finite-size effects caused by Hebbian and anti-Hebbian learning are analyzed. These learning rules converge to the random walk rule if the synaptic depth is small compared to the square root of the system size.« less

Genetic attack on neural cryptography

NASA Astrophysics Data System (ADS)

Ruttor, Andreas; Kinzel, Wolfgang; Naeh, Rivka; Kanter, Ido

2006-03-01

Different scaling properties for the complexity of bidirectional synchronization and unidirectional learning are essential for the security of neural cryptography. Incrementing the synaptic depth of the networks increases the synchronization time only polynomially, but the success of the geometric attack is reduced exponentially and it clearly fails in the limit of infinite synaptic depth. This method is improved by adding a genetic algorithm, which selects the fittest neural networks. The probability of a successful genetic attack is calculated for different model parameters using numerical simulations. The results show that scaling laws observed in the case of other attacks hold for the improved algorithm, too. The number of networks needed for an effective attack grows exponentially with increasing synaptic depth. In addition, finite-size effects caused by Hebbian and anti-Hebbian learning are analyzed. These learning rules converge to the random walk rule if the synaptic depth is small compared to the square root of the system size.

Detecting unknown attacks in wireless sensor networks that contain mobile nodes.

PubMed

Banković, Zorana; Fraga, David; Moya, José M; Vallejo, Juan Carlos

2012-01-01

As wireless sensor networks are usually deployed in unattended areas, security policies cannot be updated in a timely fashion upon identification of new attacks. This gives enough time for attackers to cause significant damage. Thus, it is of great importance to provide protection from unknown attacks. However, existing solutions are mostly concentrated on known attacks. On the other hand, mobility can make the sensor network more resilient to failures, reactive to events, and able to support disparate missions with a common set of sensors, yet the problem of security becomes more complicated. In order to address the issue of security in networks with mobile nodes, we propose a machine learning solution for anomaly detection along with the feature extraction process that tries to detect temporal and spatial inconsistencies in the sequences of sensed values and the routing paths used to forward these values to the base station. We also propose a special way to treat mobile nodes, which is the main novelty of this work. The data produced in the presence of an attacker are treated as outliers, and detected using clustering techniques. These techniques are further coupled with a reputation system, in this way isolating compromised nodes in timely fashion. The proposal exhibits good performances at detecting and confining previously unseen attacks, including the cases when mobile nodes are compromised.

A Model of Biological Attacks on a Realistic Population

NASA Astrophysics Data System (ADS)

Carley, Kathleen M.; Fridsma, Douglas; Casman, Elizabeth; Altman, Neal; Chen, Li-Chiou; Kaminsky, Boris; Nave, Demian; Yahja, Alex

The capability to assess the impacts of large-scale biological attacks and the efficacy of containment policies is critical and requires knowledge-intensive reasoning about social response and disease transmission within a complex social system. There is a close linkage among social networks, transportation networks, disease spread, and early detection. Spatial dimensions related to public gathering places such as hospitals, nursing homes, and restaurants, can play a major role in epidemics [Klovdahl et. al. 2001]. Like natural epidemics, bioterrorist attacks unfold within spatially defined, complex social systems, and the societal and networked response can have profound effects on their outcome. This paper focuses on bioterrorist attacks, but the model has been applied to emergent and familiar diseases as well.

TANDI: threat assessment of network data and information

NASA Astrophysics Data System (ADS)

Holsopple, Jared; Yang, Shanchieh Jay; Sudit, Moises

2006-04-01

Current practice for combating cyber attacks typically use Intrusion Detection Sensors (IDSs) to passively detect and block multi-stage attacks. This work leverages Level-2 fusion that correlates IDS alerts belonging to the same attacker, and proposes a threat assessment algorithm to predict potential future attacker actions. The algorithm, TANDI, reduces the problem complexity by separating the models of the attacker's capability and opportunity, and fuse the two to determine the attacker's intent. Unlike traditional Bayesian-based approaches, which require assigning a large number of edge probabilities, the proposed Level-3 fusion procedure uses only 4 parameters. TANDI has been implemented and tested with randomly created attack sequences. The results demonstrate that TANDI predicts future attack actions accurately as long as the attack is not part of a coordinated attack and contains no insider threats. In the presence of abnormal attack events, TANDI will alarm the network analyst for further analysis. The attempt to evaluate a threat assessment algorithm via simulation is the first in the literature, and shall open up a new avenue in the area of high level fusion.

Secure and Fair Cluster Head Selection Protocol for Enhancing Security in Mobile Ad Hoc Networks

PubMed Central

Paramasivan, B.; Kaliappan, M.

2014-01-01

Mobile ad hoc networks (MANETs) are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP) is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP. PMID:25143986

Secure and fair cluster head selection protocol for enhancing security in mobile ad hoc networks.

PubMed

Paramasivan, B; Kaliappan, M

2014-01-01

Mobile ad hoc networks (MANETs) are wireless networks consisting of number of autonomous mobile devices temporarily interconnected into a network by wireless media. MANETs become one of the most prevalent areas of research in the recent years. Resource limitations, energy efficiency, scalability, and security are the great challenging issues in MANETs. Due to its deployment nature, MANETs are more vulnerable to malicious attack. The secure routing protocols perform very basic security related functions which are not sufficient to protect the network. In this paper, a secure and fair cluster head selection protocol (SFCP) is proposed which integrates security factors into the clustering approach for achieving attacker identification and classification. Byzantine agreement based cooperative technique is used for attacker identification and classification to make the network more attack resistant. SFCP used to solve this issue by making the nodes that are totally surrounded by malicious neighbors adjust dynamically their belief and disbelief thresholds. The proposed protocol selects the secure and energy efficient cluster head which acts as a local detector without imposing overhead to the clustering performance. SFCP is simulated in network simulator 2 and compared with two protocols including AODV and CBRP.

Network Anomaly Detection Based on Wavelet Analysis

NASA Astrophysics Data System (ADS)

Lu, Wei; Ghorbani, Ali A.

2008-12-01

Signal processing techniques have been applied recently for analyzing and detecting network anomalies due to their potential to find novel or unknown intrusions. In this paper, we propose a new network signal modelling technique for detecting network anomalies, combining the wavelet approximation and system identification theory. In order to characterize network traffic behaviors, we present fifteen features and use them as the input signals in our system. We then evaluate our approach with the 1999 DARPA intrusion detection dataset and conduct a comprehensive analysis of the intrusions in the dataset. Evaluation results show that the approach achieves high-detection rates in terms of both attack instances and attack types. Furthermore, we conduct a full day's evaluation in a real large-scale WiFi ISP network where five attack types are successfully detected from over 30 millions flows.

Optimal response to attacks on the open science grids.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Altunay, M.; Leyffer, S.; Linderoth, J. T.

2011-01-01

Cybersecurity is a growing concern, especially in open grids, where attack propagation is easy because of prevalent collaborations among thousands of users and hundreds of institutions. The collaboration rules that typically govern large science experiments as well as social networks of scientists span across the institutional security boundaries. A common concern is that the increased openness may allow malicious attackers to spread more readily around the grid. We consider how to optimally respond to attacks in open grid environments. To show how and why attacks spread more readily around the grid, we first discuss how collaborations manifest themselves in themore » grids and form the collaboration network graph, and how this collaboration network graph affects the security threat levels of grid participants. We present two mixed-integer program (MIP) models to find the optimal response to attacks in open grid environments, and also calculate the threat level associated with each grid participant. Given an attack scenario, our optimal response model aims to minimize the threat levels at unaffected participants while maximizing the uninterrupted scientific production (continuing collaborations). By adopting some of the collaboration rules (e.g., suspending a collaboration or shutting down a site), the model finds optimal response to subvert an attack scenario.« less

Network Design for Reliability and Resilience to Attack

DTIC Science & Technology

2014-03-01

attacker can destroy n arcs in the network SPNI Shortest-Path Network-Interdiction problem TSP Traveling Salesman Problem UB upper bound UKR Ukraine...elimination from the traveling salesman problem (TSP). Literature calls a walk that does not contain a cycle a path [19]. The objective function in...arc lengths as random variables with known probability distributions. The m-median problem seeks to design a network with minimum average travel cost

Attacker-defender game from a network science perspective

NASA Astrophysics Data System (ADS)

Li, Ya-Peng; Tan, Suo-Yi; Deng, Ye; Wu, Jun

2018-05-01

Dealing with the protection of critical infrastructures, many game-theoretic methods have been developed to study the strategic interactions between defenders and attackers. However, most game models ignore the interrelationship between different components within a certain system. In this paper, we propose a simultaneous-move attacker-defender game model, which is a two-player zero-sum static game with complete information. The strategies and payoffs of this game are defined on the basis of the topology structure of the infrastructure system, which is represented by a complex network. Due to the complexity of strategies, the attack and defense strategies are confined by two typical strategies, namely, targeted strategy and random strategy. The simulation results indicate that in a scale-free network, the attacker virtually always attacks randomly in the Nash equilibrium. With a small cost-sensitive parameter, representing the degree to which costs increase with the importance of a target, the defender protects the hub targets with large degrees preferentially. When the cost-sensitive parameter exceeds a threshold, the defender switches to protecting nodes randomly. Our work provides a new theoretical framework to analyze the confrontations between the attacker and the defender on critical infrastructures and deserves further study.

Comparisons of Attacks on Honeypots With Those on Real Networks

DTIC Science & Technology

2006-03-01

Oracle , MySQL , or PostgreSQL. Figure 2 shows an incoming packet and the process involved before and after the Snort engine detects the suspicious...stored on a separate, secured system.”[2]. Honeypots have several other uses besides monitoring attackers. They serve to protect real networks and...interaction vs . high-interaction. Although, both low-interaction and high-interaction honeypots are effective in soliciting attacks, high-interaction

Army Communicator. Volume 37, Number 3, Fall 2012

DTIC Science & Technology

2012-01-01

can our cyber defense experts be expected to stop every attack? Think of it like this: do you expect even the best goalie to stop every shot...responsibili- ties of network/system administrators and users. We are pulling Soldiers with IA skills because they understand what is happening in computer net...September 2010. This became a very unique situation in which we were not allowed to bring our CPN with us because of the GRF mission. We pulled all

HPC Annual Report: Emulytics.

DOE Office of Scientific and Technical Information (OSTI.GOV)

Crussell, Jonathan; Boote, Jeffrey W.; Fritz, David Jakob

Networked Information Technology systems play a key role supporting critical government, military, and private computer installations. Many of today's critical infrastructure systems have strong dependencies on secure information exchange among geographically dispersed facilities. As operations become increasingly dependent on the information exchange they also become targets for exploitation. The need to protect data and defend these systems from external attack has become increasingly vital while the nature of the threats has become sophisticated and pervasive making the challenges daunting. Enter Emulytics.

Towards Countering the Rise of the Silicon Trojan

DTIC Science & Technology

The Trojan Horse has a venerable if unwelcome history and it is still regarded by many as the primary component in Computer Network Attack. Trojans ... Trojans have in the vast majority taken the form of malicious software. However, more recent times have seen the emergence of what has been dubbed by some...as the ’Silicon Trojan ’ these trojans are embedded at the hardware level and can be designed directly into chips and devices. The complexity of the

Cyclic subway networks are less risky in metropolises

NASA Astrophysics Data System (ADS)

Xiao, Ying; Zhang, Hai-Tao; Xu, Bowen; Zhu, Tao; Chen, Guanrong; Chen, Duxin

2018-02-01

Subways are crucial in modern transportation systems of metropolises. To quantitatively evaluate the potential risks of subway networks suffered from natural disasters or deliberate attacks, real data from seven Chinese subway systems are collected and their population distributions and anti-risk capabilities are analyzed. Counterintuitively, it is found that transfer stations with large numbers of connections are not the most crucial, but the stations and lines with large betweenness centrality are essential, if subway networks are being attacked. It is also found that cycles reduce such correlations due to the existence of alternative paths. To simulate the data-based observations, a network model is proposed to characterize the dynamics of subway systems under various intensities of attacks on stations and lines. This study sheds some light onto risk assessment of subway networks in metropolitan cities.

Finite Energy and Bounded Actuator Attacks on Cyber-Physical Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Djouadi, Seddik M; Melin, Alexander M; Ferragut, Erik M

As control system networks are being connected to enterprise level networks for remote monitoring, operation, and system-wide performance optimization, these same connections are providing vulnerabilities that can be exploited by malicious actors for attack, financial gain, and theft of intellectual property. Much effort in cyber-physical system (CPS) protection has focused on protecting the borders of the system through traditional information security techniques. Less effort has been applied to the protection of cyber-physical systems from intelligent attacks launched after an attacker has defeated the information security protections to gain access to the control system. In this paper, attacks on actuator signalsmore » are analyzed from a system theoretic context. The threat surface is classified into finite energy and bounded attacks. These two broad classes encompass a large range of potential attacks. The effect of theses attacks on a linear quadratic (LQ) control are analyzed, and the optimal actuator attacks for both finite and infinite horizon LQ control are derived, therefore the worst case attack signals are obtained. The closed-loop system under the optimal attack signals is given and a numerical example illustrating the effect of an optimal bounded attack is provided.« less

Web Forms and Untraceable DDoS Attacks

NASA Astrophysics Data System (ADS)

Jakobsson, Markus; Menczer, Filippo

We analyze a Web vulnerability that allows an attacker to perform an email-based attack on selected victims, using standard scripts and agents. What differentiates the attack we describe from other, already known forms of distributed denial of service (DDoS) attacks is that an attacker does not need to infiltrate the network in any manner - as is normally required to launch a DDoS attack. Thus, we see this type of attack as a poor man's DDoS. Not only is the attack easy to mount, but it is also almost impossible to trace back to the perpetrator. Along with descriptions of our attack, we demonstrate its destructive potential with (limited and contained) experimental results. We illustrate the potential impact of our attack by describing how an attacker can disable an email account by flooding its inbox; block competition during on-line auctions; harm competitors with an on-line presence; disrupt phone service to a given victim; disconnect mobile corporate leaders from their networks; and disrupt electronic elections. Finally, we propose a set of countermeasures that are light-weight, do not require modifications to the infrastructure, and can be deployed in a gradual manner.

Security Issues in Cross-Organizational Peer-to-Peer Applications and Some Solutions

NASA Astrophysics Data System (ADS)

Gupta, Ankur; Awasthi, Lalit K.

Peer-to-Peer networks have been widely used for sharing millions of terabytes of content, for large-scale distributed computing and for a variety of other novel applications, due to their scalability and fault-tolerance. However, the scope of P2P networks has somehow been limited to individual computers connected to the internet. P2P networks are also notorious for blatant copyright violations and facilitating several kinds of security attacks. Businesses and large organizations have thus stayed away from deploying P2P applications citing security loopholes in P2P systems as the biggest reason for non-adoption. In theory P2P applications can help fulfill many organizational requirements such as collaboration and joint projects with other organizations, access to specialized computing infrastructure and finally accessing the specialized information/content and expert human knowledge available at other organizations. These potentially beneficial interactions necessitate that the research community attempt to alleviate the security shortcomings in P2P systems and ensure their acceptance and wide deployment. This research paper therefore examines the security issues prevalent in enabling cross-organizational P2P interactions and provides some technical insights into how some of these issues can be resolved.

Weighted link graphs: a distributed IDS for secondary intrusion detection and defense

NASA Astrophysics Data System (ADS)

Zhou, Mian; Lang, Sheau-Dong

2005-03-01

While a firewall installed at the perimeter of a local network provides the first line of defense against the hackers, many intrusion incidents are the results of successful penetration of the firewalls. One computer"s compromise often put the entire network at risk. In this paper, we propose an IDS that provides a finer control over the internal network. The system focuses on the variations of connection-based behavior of each single computer, and uses a weighted link graph to visualize the overall traffic abnormalities. The functionality of our system is of a distributed personal IDS system that also provides a centralized traffic analysis by graphical visualization. We use a novel weight assignment schema for the local detection within each end agent. The local abnormalities are quantitatively carried out by the node weight and link weight and further sent to the central analyzer to build the weighted link graph. Thus, we distribute the burden of traffic processing and visualization to each agent and make it more efficient for the overall intrusion detection. As the LANs are more vulnerable to inside attacks, our system is designed as a reinforcement to prevent corruption from the inside.

Value-Range Analysis of C Programs

NASA Astrophysics Data System (ADS)

Simon, Axel

In 1988, Robert T. Morris exploited a so-called buffer-overflow bug in finger (a dæmon whose job it is to return information on local users) to mount a denial-of-service attack on hundreds of VAX and Sun-3 computers [159]. He created what is nowadays called a worm; that is, a crafted stream of bytes that, when sent to a computer over the network, utilises a buffer-overflow bug in the software of that computer to execute code encoded in the byte stream. In the case of a worm, this code will send the very same byte stream to other computers on the network, thereby creating an avalanche of network traffic that ultimately renders the network and all computers involved in replicating the worm inaccessible. Besides duplicating themselves, worms can alter data on the host that they are running on. The most famous example in recent years was the MSBlaster32 worm, which altered the configuration database on many Microsoft Windows machines, thereby forcing the computers to reboot incessantly. Although this worm was rather benign, it caused huge damage to businesses who were unable to use their IT infrastructure for hours or even days after the appearance of the worm. A more malicious worm is certainly conceivable [187] due to the fact that worms are executed as part of a dæmon (also known as "service" on Windows machines) and thereby run at a privileged level, allowing access to any data stored on the remote computer. While the deletion of data presents a looming threat to valuable information, even more serious uses are espionage and theft, in particular because worms do not have to affect the running system and hence may be impossible to detect.

Mobile Transactional Modelling: From Concepts to Incremental Knowledge

NASA Astrophysics Data System (ADS)

Launders, Ivan; Polovina, Simon; Hill, Richard

In 1988, Robert T. Morris exploited a so-called buffer-overflow bug in finger (a dæmon whose job it is to return information on local users) to mount a denial-of-service attack on hundreds of VAX and Sun-3 computers [159]. He created what is nowadays called a worm; that is, a crafted stream of bytes that, when sent to a computer over the network, utilises a buffer-overflow bug in the software of that computer to execute code encoded in the byte stream. In the case of a worm, this code will send the very same byte stream to other computers on the network, thereby creating an avalanche of network traffic that ultimately renders the network and all computers involved in replicating the worm inaccessible. Besides duplicating themselves, worms can alter data on the host that they are running on. The most famous example in recent years was the MSBlaster32 worm, which altered the configuration database on many Microsoft Windows machines, thereby forcing the computers to reboot incessantly. Although this worm was rather benign, it caused huge damage to businesses who were unable to use their IT infrastructure for hours or even days after the appearance of the worm. A more malicious worm is certainly conceivable [187] due to the fact that worms are executed as part of a dæmon (also known as "service" on Windows machines) and thereby run at a privileged level, allowing access to any data stored on the remote computer. While the deletion of data presents a looming threat to valuable information, even more serious uses are espionage and theft, in particular because worms do not have to affect the running system and hence may be impossible to detect.

Multi-Gigabit Free-Space Optical Data Communication and Network System

DTIC Science & Technology

2016-04-01

IR), Ultraviolet ( UV ), Laser Transceiver, Adaptive Beam Tracking, Electronic Attack (EA), Cyber Attack, Multipoint-to-Multipoint Network, Adaptive...FileName.pptx Free Space Optical Datalink Timeline Phase 1 Point-to-point demonstration 2012 Future Adaptive optic & Quantum Cascade Laser

Proactive routing mutation against stealthy Distributed Denial of Service attacks: metrics, modeling, and analysis

DOE Office of Scientific and Technical Information (OSTI.GOV)

Duan, Qi; Al-Shaer, Ehab; Chatterjee, Samrat

The Infrastructure Distributed Denial of Service (IDDoS) attacks continue to be one of the most devastating challenges facing cyber systems. The new generation of IDDoS attacks exploit the inherent weakness of cyber infrastructure including deterministic nature of routes, skew distribution of flows, and Internet ossification to discover the network critical links and launch highly stealthy flooding attacks that are not observable at the victim end. In this paper, first, we propose a new metric to quantitatively measure the potential susceptibility of any arbitrary target server or domain to stealthy IDDoS attacks, and es- timate the impact of such susceptibility onmore » enterprises. Second, we develop a proactive route mutation technique to minimize the susceptibility to these attacks by dynamically changing the flow paths periodically to invalidate the adversary knowledge about the network and avoid targeted critical links. Our proposed approach actively changes these network paths while satisfying security and qualify of service requirements. We present an integrated approach of proactive route mutation that combines both infrastructure-based mutation that is based on reconfiguration of switches and routers, and middle-box approach that uses an overlay of end-point proxies to construct a virtual network path free of critical links to reach a destination. We implemented the proactive path mutation technique on a Software Defined Network using the OpendDaylight controller to demonstrate a feasible deployment of this approach. Our evaluation validates the correctness, effectiveness, and scalability of the proposed approaches.« less

DOE's Computer Incident Advisory Capability (CIAC)

DOE Office of Scientific and Technical Information (OSTI.GOV)

Schultz, E.

1990-09-01

Computer security is essential in maintaining quality in the computing environment. Computer security incidents, however, are becoming more sophisticated. The DOE Computer Incident Advisory Capability (CIAC) team was formed primarily to assist DOE sites in responding to computer security incidents. Among CIAC's other responsibilities are gathering and distributing information to DOE sites, providing training workshops, coordinating with other agencies, response teams, and vendors, creating guidelines for incident handling, and developing software tools. CIAC has already provided considerable assistance to DOE sites faced with virus infections and worm and hacker attacks, has issued over 40 information bulletins, and has developed andmore » presented a workshop on incident handling. CIAC's experience in helping sites has produced several lessons learned, including the need to follow effective procedures to avoid virus infections in small systems and the need for sound password management and system administration in networked systems. CIAC's activity and scope will expand in the future. 4 refs.« less

Quantification of moving target cyber defenses

NASA Astrophysics Data System (ADS)

Farris, Katheryn A.; Cybenko, George

2015-05-01

Current network and information systems are static, making it simple for attackers to maintain an advantage. Adaptive defenses, such as Moving Target Defenses (MTD) have been developed as potential "game-changers" in an effort to increase the attacker's workload. With many new methods being developed, it is difficult to accurately quantify and compare their overall costs and effectiveness. This paper compares the tradeoffs between current approaches to the quantification of MTDs. We present results from an expert opinion survey on quantifying the overall effectiveness, upfront and operating costs of a select set of MTD techniques. We find that gathering informed scientific opinions can be advantageous for evaluating such new technologies as it offers a more comprehensive assessment. We end by presenting a coarse ordering of a set of MTD techniques from most to least dominant. We found that seven out of 23 methods rank as the more dominant techniques. Five of which are techniques of either address space layout randomization or instruction set randomization. The remaining two techniques are applicable to software and computer platforms. Among the techniques that performed the worst are those primarily aimed at network randomization.

Research on invulnerability of equipment support information network

NASA Astrophysics Data System (ADS)

Sun, Xiao; Liu, Bin; Zhong, Qigen; Cao, Zhiyi

2013-03-01

In this paper, the entity composition of equipment support information network is studied, and the network abstract model is built. The influence factors of the invulnerability of equipment support information network are analyzed, and the invulnerability capabilities under random attack are analyzed. According to the centrality theory, the materiality evaluation centralities of the nodes are given, and the invulnerability capabilities under selective attack are analyzed. Finally, the reasons that restrict the invulnerability of equipment support information network are summarized, and the modified principles and methods are given.

Robust-yet-fragile nature of interdependent networks

NASA Astrophysics Data System (ADS)

Tan, Fei; Xia, Yongxiang; Wei, Zhi

2015-05-01

Interdependent networks have been shown to be extremely vulnerable based on the percolation model. Parshani et al. [Europhys. Lett. 92, 68002 (2010), 10.1209/0295-5075/92/68002] further indicated that the more intersimilar networks are, the more robust they are to random failures. When traffic load is considered, how do the coupling patterns impact cascading failures in interdependent networks? This question has been largely unexplored until now. In this paper, we address this question by investigating the robustness of interdependent Erdös-Rényi random graphs and Barabási-Albert scale-free networks under either random failures or intentional attacks. It is found that interdependent Erdös-Rényi random graphs are robust yet fragile under either random failures or intentional attacks. Interdependent Barabási-Albert scale-free networks, however, are only robust yet fragile under random failures but fragile under intentional attacks. We further analyze the interdependent communication network and power grid and achieve similar results. These results advance our understanding of how interdependency shapes network robustness.

Designing a holistic end-to-end intelligent network analysis and security platform

NASA Astrophysics Data System (ADS)

Alzahrani, M.

2018-03-01

Firewall protects a network from outside attacks, however, once an attack entering a network, it is difficult to detect. Recent significance accidents happened. i.e.: millions of Yahoo email account were stolen and crucial data from institutions are held for ransom. Within two year Yahoo’s system administrators were not aware that there are intruder inside the network. This happened due to the lack of intelligent tools to monitor user behaviour in internal network. This paper discusses a design of an intelligent anomaly/malware detection system with proper proactive actions. The aim is to equip the system administrator with a proper tool to battle the insider attackers. The proposed system adopts machine learning to analyse user’s behaviour through the runtime behaviour of each node in the network. The machine learning techniques include: deep learning, evolving machine learning perceptron, hybrid of Neural Network and Fuzzy, as well as predictive memory techniques. The proposed system is expanded to deal with larger network using agent techniques.

Internet firewalls: questions and answers

NASA Astrophysics Data System (ADS)

Ker, Keith

1996-03-01

As organizations consider connecting to the Internet, the issue of internetwork security becomes more important. There are many tools and components that can be used to secure a network, one of which is a firewall. Modern firewalls offer highly flexible private network security by controlling and monitoring all communications passing into or out of the private network. Specifically designed for security, firewalls become the private network's single point of attack from Internet intruders. Application gateways (or proxies) that have been written to be secure against even the most persistent attacks ensure that only authorized users and services access the private network. One-time passwords prevent intruders from `sniffing' and replaying the usernames and passwords of authorized users to gain access to the private network. Comprehensive logging permits constant and uniform system monitoring. `Address spoofing' attacks are prevented. The private network may use registered or unregistered IP addresses behind the firewall. Firewall-to-firewall encryption establishes a `virtual private network' across the Internet, preventing intruders from eavesdropping on private communications, eliminating the need for costly dedicated lines.

SEAODV: A Security Enhanced AODV Routing Protocol for Wireless Mesh Networks

NASA Astrophysics Data System (ADS)

Li, Celia; Wang, Zhuang; Yang, Cungang

In this paper, we propose a Security Enhanced AODV routing protocol (SEAODV) for wireless mesh networks (WMN). SEAODV employs Blom's key pre-distribution scheme to compute the pairwise transient key (PTK) through the flooding of enhanced HELLO message and subsequently uses the established PTK to distribute the group transient key (GTK). PTK and GTK authenticate unicast and broadcast routing messages respectively. In WMN, a unique PTK is shared by each pair of nodes, while GTK is shared secretly between the node and all its one-hop neighbours. A message authentication code (MAC) is attached as the extension to the original AODV routing message to guarantee the message's authenticity and integrity in a hop-by-hop fashion. Security analysis and performance evaluation show that SEAODV is more effective in preventing identified routing attacks and outperforms ARAN and SAODV in terms of computation cost and route acquisition latency.

A Secure Scheme for Distributed Consensus Estimation against Data Falsification in Heterogeneous Wireless Sensor Networks.

PubMed

Mi, Shichao; Han, Hui; Chen, Cailian; Yan, Jian; Guan, Xinping

2016-02-19

Heterogeneous wireless sensor networks (HWSNs) can achieve more tasks and prolong the network lifetime. However, they are vulnerable to attacks from the environment or malicious nodes. This paper is concerned with the issues of a consensus secure scheme in HWSNs consisting of two types of sensor nodes. Sensor nodes (SNs) have more computation power, while relay nodes (RNs) with low power can only transmit information for sensor nodes. To address the security issues of distributed estimation in HWSNs, we apply the heterogeneity of responsibilities between the two types of sensors and then propose a parameter adjusted-based consensus scheme (PACS) to mitigate the effect of the malicious node. Finally, the convergence property is proven to be guaranteed, and the simulation results validate the effectiveness and efficiency of PACS.

Robustness and fragility in coupled oscillator networks under targeted attacks.

PubMed

Yuan, Tianyu; Aihara, Kazuyuki; Tanaka, Gouhei

2017-01-01

The dynamical tolerance of coupled oscillator networks against local failures is studied. As the fraction of failed oscillator nodes gradually increases, the mean oscillation amplitude in the entire network decreases and then suddenly vanishes at a critical fraction as a phase transition. This critical fraction, widely used as a measure of the network robustness, was analytically derived for random failures but not for targeted attacks so far. Here we derive the general formula for the critical fraction, which can be applied to both random failures and targeted attacks. We consider the effects of targeting oscillator nodes based on their degrees. First we deal with coupled identical oscillators with homogeneous edge weights. Then our theory is applied to networks with heterogeneous edge weights and to those with nonidentical oscillators. The analytical results are validated by numerical experiments. Our results reveal the key factors governing the robustness and fragility of oscillator networks.

Cyber War Game in Temporal Networks

PubMed Central

Cho, Jin-Hee; Gao, Jianxi

2016-01-01

In a cyber war game where a network is fully distributed and characterized by resource constraints and high dynamics, attackers or defenders often face a situation that may require optimal strategies to win the game with minimum effort. Given the system goal states of attackers and defenders, we study what strategies attackers or defenders can take to reach their respective system goal state (i.e., winning system state) with minimum resource consumption. However, due to the dynamics of a network caused by a node’s mobility, failure or its resource depletion over time or action(s), this optimization problem becomes NP-complete. We propose two heuristic strategies in a greedy manner based on a node’s two characteristics: resource level and influence based on k-hop reachability. We analyze complexity and optimality of each algorithm compared to optimal solutions for a small-scale static network. Further, we conduct a comprehensive experimental study for a large-scale temporal network to investigate best strategies, given a different environmental setting of network temporality and density. We demonstrate the performance of each strategy under various scenarios of attacker/defender strategies in terms of win probability, resource consumption, and system vulnerability. PMID:26859840

Location-Aware Dynamic Session-Key Management for Grid-Based Wireless Sensor Networks

PubMed Central

Chen, Chin-Ling; Lin, I-Hsien

2010-01-01

Security is a critical issue for sensor networks used in hostile environments. When wireless sensor nodes in a wireless sensor network are distributed in an insecure hostile environment, the sensor nodes must be protected: a secret key must be used to protect the nodes transmitting messages. If the nodes are not protected and become compromised, many types of attacks against the network may result. Such is the case with existing schemes, which are vulnerable to attacks because they mostly provide a hop-by-hop paradigm, which is insufficient to defend against known attacks. We propose a location-aware dynamic session-key management protocol for grid-based wireless sensor networks. The proposed protocol improves the security of a secret key. The proposed scheme also includes a key that is dynamically updated. This dynamic update can lower the probability of the key being guessed correctly. Thus currently known attacks can be defended. By utilizing the local information, the proposed scheme can also limit the flooding region in order to reduce the energy that is consumed in discovering routing paths. PMID:22163606

Location-aware dynamic session-key management for grid-based Wireless Sensor Networks.

PubMed

Chen, Chin-Ling; Lin, I-Hsien

2010-01-01

Security is a critical issue for sensor networks used in hostile environments. When wireless sensor nodes in a wireless sensor network are distributed in an insecure hostile environment, the sensor nodes must be protected: a secret key must be used to protect the nodes transmitting messages. If the nodes are not protected and become compromised, many types of attacks against the network may result. Such is the case with existing schemes, which are vulnerable to attacks because they mostly provide a hop-by-hop paradigm, which is insufficient to defend against known attacks. We propose a location-aware dynamic session-key management protocol for grid-based wireless sensor networks. The proposed protocol improves the security of a secret key. The proposed scheme also includes a key that is dynamically updated. This dynamic update can lower the probability of the key being guessed correctly. Thus currently known attacks can be defended. By utilizing the local information, the proposed scheme can also limit the flooding region in order to reduce the energy that is consumed in discovering routing paths.

Cross-layer design for intrusion detection and data security in wireless ad hoc sensor networks

NASA Astrophysics Data System (ADS)

Hortos, William S.

2007-09-01

A wireless ad hoc sensor network is a configuration for area surveillance that affords rapid, flexible deployment in arbitrary threat environments. There is no infrastructure support and sensor nodes communicate with each other only when they are in transmission range. The nodes are severely resource-constrained, with limited processing, memory and power capacities and must operate cooperatively to fulfill a common mission in typically unattended modes. In a wireless sensor network (WSN), each sensor at a node can observe locally some underlying physical phenomenon and sends a quantized version of the observation to sink (destination) nodes via wireless links. Since the wireless medium can be easily eavesdropped, links can be compromised by intrusion attacks from nodes that may mount denial-of-service attacks or insert spurious information into routing packets, leading to routing loops, long timeouts, impersonation, and node exhaustion. A cross-layer design based on protocol-layer interactions is proposed for detection and identification of various intrusion attacks on WSN operation. A feature set is formed from selected cross-layer parameters of the WSN protocol to detect and identify security threats due to intrusion attacks. A separate protocol is not constructed from the cross-layer design; instead, security attributes and quantified trust levels at and among nodes established during data exchanges complement customary WSN metrics of energy usage, reliability, route availability, and end-to-end quality-of-service (QoS) provisioning. Statistical pattern recognition algorithms are applied that use observed feature-set patterns observed during network operations, viewed as security audit logs. These algorithms provide the "best" network global performance in the presence of various intrusion attacks. A set of mobile (software) agents distributed at the nodes implement the algorithms, by moving among the layers involved in the network response at each active node and trust neighborhood, collecting parametric information and executing assigned decision tasks. The communications overhead due to security mechanisms and the latency in network response are thus minimized by reducing the need to move large amounts of audit data through resource-limited nodes and by locating detection/identification programs closer to audit data. If network partitioning occurs due to uncoordinated node exhaustion, data compromise or other effects of the attacks, the mobile agents can continue to operate, thereby increasing fault tolerance in the network response to intrusions. Since the mobile agents behave like an ant colony in securing the WSN, published ant colony optimization (ACO) routines and other evolutionary algorithms are adapted to protect network security, using data at and through nodes to create audit records to detect and respond to denial-of-service attacks. Performance evaluations of algorithms are performed by simulation of a few intrusion attacks, such as black hole, flooding, Sybil and others, to validate the ability of the cross-layer algorithms to enable WSNs to survive the attacks. Results are compared for the different algorithms.

Data modeling of network dynamics

NASA Astrophysics Data System (ADS)

Jaenisch, Holger M.; Handley, James W.; Faucheux, Jeffery P.; Harris, Brad

2004-01-01

This paper highlights Data Modeling theory and its use for text data mining as a graphical network search engine. Data Modeling is then used to create a real-time filter capable of monitoring network traffic down to the port level for unusual dynamics and changes in business as usual. This is accomplished in an unsupervised fashion without a priori knowledge of abnormal characteristics. Two novel methods for converting streaming binary data into a form amenable to graphics based search and change detection are introduced. These techniques are then successfully applied to 1999 KDD Cup network attack data log-on sessions to demonstrate that Data Modeling can detect attacks without prior training on any form of attack behavior. Finally, two new methods for data encryption using these ideas are proposed.

Sonification of network traffic flow for monitoring and situational awareness

PubMed Central

2018-01-01

Maintaining situational awareness of what is happening within a computer network is challenging, not only because the behaviour happens within machines, but also because data traffic speeds and volumes are beyond human ability to process. Visualisation techniques are widely used to present information about network traffic dynamics. Although they provide operators with an overall view and specific information about particular traffic or attacks on the network, they often still fail to represent the events in an understandable way. Also, because they require visual attention they are not well suited to continuous monitoring scenarios in which network administrators must carry out other tasks. Here we present SoNSTAR (Sonification of Networks for SiTuational AwaReness), a real-time sonification system for monitoring computer networks to support network administrators’ situational awareness. SoNSTAR provides an auditory representation of all the TCP/IP traffic within a network based on the different traffic flows between between network hosts. A user study showed that SoNSTAR raises situational awareness levels by enabling operators to understand network behaviour and with the benefit of lower workload demands (as measured by the NASA TLX method) than visual techniques. SoNSTAR identifies network traffic features by inspecting the status flags of TCP/IP packet headers. Combinations of these features define particular traffic events which are mapped to recorded sounds to generate a soundscape that represents the real-time status of the network traffic environment. The sequence, timing, and loudness of the different sounds allow the network to be monitored and anomalous behaviour to be detected without the need to continuously watch a monitor screen. PMID:29672543

Sonification of network traffic flow for monitoring and situational awareness.

PubMed

Debashi, Mohamed; Vickers, Paul

2018-01-01

Maintaining situational awareness of what is happening within a computer network is challenging, not only because the behaviour happens within machines, but also because data traffic speeds and volumes are beyond human ability to process. Visualisation techniques are widely used to present information about network traffic dynamics. Although they provide operators with an overall view and specific information about particular traffic or attacks on the network, they often still fail to represent the events in an understandable way. Also, because they require visual attention they are not well suited to continuous monitoring scenarios in which network administrators must carry out other tasks. Here we present SoNSTAR (Sonification of Networks for SiTuational AwaReness), a real-time sonification system for monitoring computer networks to support network administrators' situational awareness. SoNSTAR provides an auditory representation of all the TCP/IP traffic within a network based on the different traffic flows between between network hosts. A user study showed that SoNSTAR raises situational awareness levels by enabling operators to understand network behaviour and with the benefit of lower workload demands (as measured by the NASA TLX method) than visual techniques. SoNSTAR identifies network traffic features by inspecting the status flags of TCP/IP packet headers. Combinations of these features define particular traffic events which are mapped to recorded sounds to generate a soundscape that represents the real-time status of the network traffic environment. The sequence, timing, and loudness of the different sounds allow the network to be monitored and anomalous behaviour to be detected without the need to continuously watch a monitor screen.

Secure data exchange between intelligent devices and computing centers

NASA Astrophysics Data System (ADS)

Naqvi, Syed; Riguidel, Michel

2005-03-01

The advent of reliable spontaneous networking technologies (commonly known as wireless ad-hoc networks) has ostensibly raised stakes for the conception of computing intensive environments using intelligent devices as their interface with the external world. These smart devices are used as data gateways for the computing units. These devices are employed in highly volatile environments where the secure exchange of data between these devices and their computing centers is of paramount importance. Moreover, their mission critical applications require dependable measures against the attacks like denial of service (DoS), eavesdropping, masquerading, etc. In this paper, we propose a mechanism to assure reliable data exchange between an intelligent environment composed of smart devices and distributed computing units collectively called 'computational grid'. The notion of infosphere is used to define a digital space made up of a persistent and a volatile asset in an often indefinite geographical space. We study different infospheres and present general evolutions and issues in the security of such technology-rich and intelligent environments. It is beyond any doubt that these environments will likely face a proliferation of users, applications, networked devices, and their interactions on a scale never experienced before. It would be better to build in the ability to uniformly deal with these systems. As a solution, we propose a concept of virtualization of security services. We try to solve the difficult problems of implementation and maintenance of trust on the one hand, and those of security management in heterogeneous infrastructure on the other hand.

A robust trust establishment scheme for wireless sensor networks.

PubMed

Ishmanov, Farruh; Kim, Sung Won; Nam, Seung Yeob

2015-03-23

Security techniques like cryptography and authentication can fail to protect a network once a node is compromised. Hence, trust establishment continuously monitors and evaluates node behavior to detect malicious and compromised nodes. However, just like other security schemes, trust establishment is also vulnerable to attack. Moreover, malicious nodes might misbehave intelligently to trick trust establishment schemes. Unfortunately, attack-resistance and robustness issues with trust establishment schemes have not received much attention from the research community. Considering the vulnerability of trust establishment to different attacks and the unique features of sensor nodes in wireless sensor networks, we propose a lightweight and robust trust establishment scheme. The proposed trust scheme is lightweight thanks to a simple trust estimation method. The comprehensiveness and flexibility of the proposed trust estimation scheme make it robust against different types of attack and misbehavior. Performance evaluation under different types of misbehavior and on-off attacks shows that the detection rate of the proposed trust mechanism is higher and more stable compared to other trust mechanisms.

Sleep Deprivation Attack Detection in Wireless Sensor Network

NASA Astrophysics Data System (ADS)

Bhattasali, Tapalina; Chaki, Rituparna; Sanyal, Sugata

2012-02-01

Deployment of sensor network in hostile environment makes it mainly vulnerable to battery drainage attacks because it is impossible to recharge or replace the battery power of sensor nodes. Among different types of security threats, low power sensor nodes are immensely affected by the attacks which cause random drainage of the energy level of sensors, leading to death of the nodes. The most dangerous type of attack in this category is sleep deprivation, where target of the intruder is to maximize the power consumption of sensor nodes, so that their lifetime is minimized. Most of the existing works on sleep deprivation attack detection involve a lot of overhead, leading to poor throughput. The need of the day is to design a model for detecting intrusions accurately in an energy efficient manner. This paper proposes a hierarchical framework based on distributed collaborative mechanism for detecting sleep deprivation torture in wireless sensor network efficiently. Proposed model uses anomaly detection technique in two steps to reduce the probability of false intrusion.

On detection and visualization techniques for cyber security situation awareness

NASA Astrophysics Data System (ADS)

Yu, Wei; Wei, Shixiao; Shen, Dan; Blowers, Misty; Blasch, Erik P.; Pham, Khanh D.; Chen, Genshe; Zhang, Hanlin; Lu, Chao

2013-05-01

Networking technologies are exponentially increasing to meet worldwide communication requirements. The rapid growth of network technologies and perversity of communications pose serious security issues. In this paper, we aim to developing an integrated network defense system with situation awareness capabilities to present the useful information for human analysts. In particular, we implement a prototypical system that includes both the distributed passive and active network sensors and traffic visualization features, such as 1D, 2D and 3D based network traffic displays. To effectively detect attacks, we also implement algorithms to transform real-world data of IP addresses into images and study the pattern of attacks and use both the discrete wavelet transform (DWT) based scheme and the statistical based scheme to detect attacks. Through an extensive simulation study, our data validate the effectiveness of our implemented defense system.

A Taxonomy of Attacks on the DNP3 Protocol

NASA Astrophysics Data System (ADS)

East, Samuel; Butts, Jonathan; Papa, Mauricio; Shenoi, Sujeet

Distributed Network Protocol (DNP3) is the predominant SCADA protocol in the energy sector - more than 75% of North American electric utilities currently use DNP3 for industrial control applications. This paper presents a taxonomy of attacks on the protocol. The attacks are classified based on targets (control center, outstation devices and network/communication paths) and threat categories (interception, interruption, modification and fabrication). To facilitate risk analysis and mitigation strategies, the attacks are associated with the specific DNP3 protocol layers they exploit. Also, the operational impact of the attacks is categorized in terms of three key SCADA objectives: process confi- dentiality, process awareness and process control. The attack taxonomy clarifies the nature and scope of the threats to DNP3 systems, and can provide insights into the relative costs and benefits of implementing mitigation strategies.

A hybrid protection approaches for denial of service (DoS) attacks in wireless sensor networks

NASA Astrophysics Data System (ADS)

Gunasekaran, Mahalakshmi; Periakaruppan, Subathra

2017-06-01

Wireless sensor network (WSN) contains the distributed autonomous devices with the sensing capability of physical and environmental conditions. During the clustering operation, the consumption of more energy causes the draining in battery power that leads to minimum network lifetime. Hence, the WSN devices are initially operated on low-power sleep mode to maximise the lifetime. But, the attacks arrival cause the disruption in low-power operating called denial of service (DoS) attacks. The conventional intrusion detection (ID) approaches such as rule-based and anomaly-based methods effectively detect the DoS attacks. But, the energy consumption and false detection rate are more. The absence of attack information and broadcast of its impact to the other cluster head (CH) leads to easy DoS attacks arrival. This article combines the isolation and routing tables to detect the attack in the specific cluster and broadcasts the information to other CH. The intercommunication between the CHs prevents the DoS attacks effectively. In addition, the swarm-based defence approach is proposed to migrate the fault channel to normal operating channel through frequency hop approaches. The comparative analysis between the proposed table-based intrusion detection systems (IDSs) and swarm-based defence approaches with the traditional IDS regarding the parameters of transmission overhead/efficiency, energy consumption, and false positive/negative rates proves the capability of DoS prediction/prevention in WSN.

Semantic policy and adversarial modeling for cyber threat identification and avoidance

NASA Astrophysics Data System (ADS)

DeFrancesco, Anton; McQueary, Bruce

2009-05-01

Today's enterprise networks undergo a relentless barrage of attacks from foreign and domestic adversaries. These attacks may be perpetrated with little to no funding, but may wreck incalculable damage upon the enterprises security, network infrastructure, and services. As more services come online, systems that were once in isolation now provide information that may be combined dynamically with information from other systems to create new meaning on the fly. Security issues are compounded by the potential to aggregate individual pieces of information and infer knowledge at a higher classification than any of its constituent parts. To help alleviate these challenges, in this paper we introduce the notion of semantic policy and discuss how it's use is evolving from a robust approach to access control to preempting and combating attacks in the cyber domain, The introduction of semantic policy and adversarial modeling to network security aims to ask 'where is the network most vulnerable', 'how is the network being attacked', and 'why is the network being attacked'. The first aspect of our approach is integration of semantic policy into enterprise security to augment traditional network security with an overall awareness of policy access and violations. This awareness allows the semantic policy to look at the big picture - analyzing trends and identifying critical relations in system wide data access. The second aspect of our approach is to couple adversarial modeling with semantic policy to move beyond reactive security measures and into a proactive identification of system weaknesses and areas of vulnerability. By utilizing Bayesian-based methodologies, the enterprise wide meaning of data and semantic policy is applied to probability and high-level risk identification. This risk identification will help mitigate potential harm to enterprise networks by enabling resources to proactively isolate, lock-down, and secure systems that are most vulnerable.

Fast Fragmentation of Networks Using Module-Based Attacks

PubMed Central

Requião da Cunha, Bruno; González-Avella, Juan Carlos; Gonçalves, Sebastián

2015-01-01

In the multidisciplinary field of Network Science, optimization of procedures for efficiently breaking complex networks is attracting much attention from a practical point of view. In this contribution, we present a module-based method to efficiently fragment complex networks. The procedure firstly identifies topological communities through which the network can be represented using a well established heuristic algorithm of community finding. Then only the nodes that participate of inter-community links are removed in descending order of their betweenness centrality. We illustrate the method by applying it to a variety of examples in the social, infrastructure, and biological fields. It is shown that the module-based approach always outperforms targeted attacks to vertices based on node degree or betweenness centrality rankings, with gains in efficiency strongly related to the modularity of the network. Remarkably, in the US power grid case, by deleting 3% of the nodes, the proposed method breaks the original network in fragments which are twenty times smaller in size than the fragments left by betweenness-based attack. PMID:26569610

Hiding Critical Targets in Smart Grid Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Bao, Wei; Li, Qinghua

With the integration of advanced communication technologies, the power grid is expected to greatly enhance efficiency and reliability of future power systems. However, since most electrical devices in power grid substations are connected via communication networks, cyber security of these communication networks becomes a critical issue. Real-World incidents such as Stuxnet have shown the feasibility of compromising a device in the power grid network to further launch more sophisticated attacks. To deal with security attacks of this spirit, this paper aims to hide critical targets from compromised internal nodes and hence protect them from further attacks launched by those compromisedmore » nodes. In particular, we consider substation networks and propose to add carefully-controlled dummy traffic to a substation network to make critical target nodes indistinguishable from other nodes in network traffic patterns. This paper describes the design and evaluation of such a scheme. Evaluations show that the scheme can effectively protect critical nodes with acceptable communication cost.« less

Using Reputation Systems and Non-Deterministic Routing to Secure Wireless Sensor Networks

PubMed Central

Moya, José M.; Vallejo, Juan Carlos; Fraga, David; Araujo, Álvaro; Villanueva, Daniel; de Goyeneche, Juan-Mariano

2009-01-01

Security in wireless sensor networks is difficult to achieve because of the resource limitations of the sensor nodes. We propose a trust-based decision framework for wireless sensor networks coupled with a non-deterministic routing protocol. Both provide a mechanism to effectively detect and confine common attacks, and, unlike previous approaches, allow bad reputation feedback to the network. This approach has been extensively simulated, obtaining good results, even for unrealistically complex attack scenarios. PMID:22412345

Cooperating attackers in neural cryptography.

PubMed

Shacham, Lanir N; Klein, Einat; Mislovaty, Rachel; Kanter, Ido; Kinzel, Wolfgang

2004-06-01

A successful attack strategy in neural cryptography is presented. The neural cryptosystem, based on synchronization of neural networks by mutual learning, has been recently shown to be secure under different attack strategies. The success of the advanced attacker presented here, called the "majority-flipping attacker," does not decay with the parameters of the model. This attacker's outstanding success is due to its using a group of attackers which cooperate throughout the synchronization process, unlike any other attack strategy known. An analytical description of this attack is also presented, and fits the results of simulations.

Research on information security in big data era

NASA Astrophysics Data System (ADS)

Zhou, Linqi; Gu, Weihong; Huang, Cheng; Huang, Aijun; Bai, Yongbin

2018-05-01

Big data is becoming another hotspot in the field of information technology after the cloud computing and the Internet of Things. However, the existing information security methods can no longer meet the information security requirements in the era of big data. This paper analyzes the challenges and a cause of data security brought by big data, discusses the development trend of network attacks under the background of big data, and puts forward my own opinions on the development of security defense in technology, strategy and product.

Computer Network Attack and the Use of Force in International Law: Thoughts on a Normative Framework

DTIC Science & Technology

1999-06-01

U.S. and its allies on the battlefield, but a credible threat to employ chemical or biological weapons in pursuit of national objectives would give...injury. 18 Instrumentalities that produce them are weapons. There is little debate about whether the use of chemicals or biologicals falls...282. 50 For an interesting projection of factors likely to affect the use of force in the future, see Anthony D’Amato, Megatrends in the Use of

Security Systems Consideration: A Total Security Approach

NASA Astrophysics Data System (ADS)

Margariti, S. V.; Meletiou, G.; Stergiou, E.; Vasiliadis, D. C.; Rizos, G. E.

2007-12-01

The "safety" problem for protection systems is to determine in a given situation whether a subject can acquire a particular right to an object. Security and audit operation face the process of securing the application on computing and network environment; however, storage security has been somewhat overlooked due to other security solutions. This paper identifies issues for data security, threats and attacks, summarizes security concepts and relationships, and also describes storage security strategies. It concludes with recommended storage security plan for a total security solution.

Improving the Rainbow Attack by Reusing Colours

NASA Astrophysics Data System (ADS)

Ågren, Martin; Johansson, Thomas; Hell, Martin

Hashing or encrypting a key or a password is a vital part in most network security protocols. The most practical generic attack on such schemes is a time memory trade-off attack. Such an attack inverts any one-way function using a trade-off between memory and execution time. Existing techniques include the Hellman attack and the rainbow attack, where the latter uses different reduction functions ("colours") within a table.

Network information attacks on the control systems of power facilities belonging to the critical infrastructure

NASA Astrophysics Data System (ADS)

Loginov, E. L.; Raikov, A. N.

2015-04-01

The most large-scale accidents occurred as a consequence of network information attacks on the control systems of power facilities belonging to the United States' critical infrastructure are analyzed in the context of possibilities available in modern decision support systems. Trends in the development of technologies for inflicting damage to smart grids are formulated. A volume matrix of parameters characterizing attacks on facilities is constructed. A model describing the performance of a critical infrastructure's control system after an attack is developed. The recently adopted measures and legislation acts aimed at achieving more efficient protection of critical infrastructure are considered. Approaches to cognitive modeling and networked expertise of intricate situations for supporting the decision-making process, and to setting up a system of indicators for anticipatory monitoring of critical infrastructure are proposed.

Cyber War Game in Temporal Networks

DTIC Science & Technology

2016-02-09

Boston, Massachusetts 02115, United States of America * jianxi.gao@gmail.com Abstract In a cyber war game where a network is fully distributed and... game with minimum effort. Given the system goal states of attackers and defenders, we study what strategies attackers or defenders can take to reach

Error and attack tolerance of complex networks

NASA Astrophysics Data System (ADS)

Albert, Réka; Jeong, Hawoong; Barabási, Albert-László

2000-07-01

Many complex systems display a surprising degree of tolerance against errors. For example, relatively simple organisms grow, persist and reproduce despite drastic pharmaceutical or environmental interventions, an error tolerance attributed to the robustness of the underlying metabolic network. Complex communication networks display a surprising degree of robustness: although key components regularly malfunction, local failures rarely lead to the loss of the global information-carrying ability of the network. The stability of these and other complex systems is often attributed to the redundant wiring of the functional web defined by the systems' components. Here we demonstrate that error tolerance is not shared by all redundant systems: it is displayed only by a class of inhomogeneously wired networks, called scale-free networks, which include the World-Wide Web, the Internet, social networks and cells. We find that such networks display an unexpected degree of robustness, the ability of their nodes to communicate being unaffected even by unrealistically high failure rates. However, error tolerance comes at a high price in that these networks are extremely vulnerable to attacks (that is, to the selection and removal of a few nodes that play a vital role in maintaining the network's connectivity). Such error tolerance and attack vulnerability are generic properties of communication networks.

An improved anonymous authentication scheme for roaming in ubiquitous networks.

PubMed

Lee, Hakjun; Lee, Donghoon; Moon, Jongho; Jung, Jaewook; Kang, Dongwoo; Kim, Hyoungshick; Won, Dongho

2018-01-01

With the evolution of communication technology and the exponential increase of mobile devices, the ubiquitous networking allows people to use our data and computing resources anytime and everywhere. However, numerous security concerns and complicated requirements arise as these ubiquitous networks are deployed throughout people's lives. To meet the challenge, the user authentication schemes in ubiquitous networks should ensure the essential security properties for the preservation of the privacy with low computational cost. In 2017, Chaudhry et al. proposed a password-based authentication scheme for the roaming in ubiquitous networks to enhance the security. Unfortunately, we found that their scheme remains insecure in its protection of the user privacy. In this paper, we prove that Chaudhry et al.'s scheme is vulnerable to the stolen-mobile device and user impersonation attacks, and its drawbacks comprise the absence of the incorrect login-input detection, the incorrectness of the password change phase, and the absence of the revocation provision. Moreover, we suggest a possible way to fix the security flaw in Chaudhry et al's scheme by using the biometric-based authentication for which the bio-hash is applied in the implementation of a three-factor authentication. We prove the security of the proposed scheme with the random oracle model and formally verify its security properties using a tool named ProVerif, and analyze it in terms of the computational and communication cost. The analysis result shows that the proposed scheme is suitable for resource-constrained ubiquitous environments.

An improved anonymous authentication scheme for roaming in ubiquitous networks

PubMed Central

Lee, Hakjun; Lee, Donghoon; Moon, Jongho; Jung, Jaewook; Kang, Dongwoo; Kim, Hyoungshick

2018-01-01

With the evolution of communication technology and the exponential increase of mobile devices, the ubiquitous networking allows people to use our data and computing resources anytime and everywhere. However, numerous security concerns and complicated requirements arise as these ubiquitous networks are deployed throughout people’s lives. To meet the challenge, the user authentication schemes in ubiquitous networks should ensure the essential security properties for the preservation of the privacy with low computational cost. In 2017, Chaudhry et al. proposed a password-based authentication scheme for the roaming in ubiquitous networks to enhance the security. Unfortunately, we found that their scheme remains insecure in its protection of the user privacy. In this paper, we prove that Chaudhry et al.’s scheme is vulnerable to the stolen-mobile device and user impersonation attacks, and its drawbacks comprise the absence of the incorrect login-input detection, the incorrectness of the password change phase, and the absence of the revocation provision. Moreover, we suggest a possible way to fix the security flaw in Chaudhry et al’s scheme by using the biometric-based authentication for which the bio-hash is applied in the implementation of a three-factor authentication. We prove the security of the proposed scheme with the random oracle model and formally verify its security properties using a tool named ProVerif, and analyze it in terms of the computational and communication cost. The analysis result shows that the proposed scheme is suitable for resource-constrained ubiquitous environments. PMID:29505575

A Distributed Signature Detection Method for Detecting Intrusions in Sensor Systems

PubMed Central

Kim, Ilkyu; Oh, Doohwan; Yoon, Myung Kuk; Yi, Kyueun; Ro, Won Woo

2013-01-01

Sensor nodes in wireless sensor networks are easily exposed to open and unprotected regions. A security solution is strongly recommended to prevent networks against malicious attacks. Although many intrusion detection systems have been developed, most systems are difficult to implement for the sensor nodes owing to limited computation resources. To address this problem, we develop a novel distributed network intrusion detection system based on the Wu–Manber algorithm. In the proposed system, the algorithm is divided into two steps; the first step is dedicated to a sensor node, and the second step is assigned to a base station. In addition, the first step is modified to achieve efficient performance under limited computation resources. We conduct evaluations with random string sets and actual intrusion signatures to show the performance improvement of the proposed method. The proposed method achieves a speedup factor of 25.96 and reduces 43.94% of packet transmissions to the base station compared with the previously proposed method. The system achieves efficient utilization of the sensor nodes and provides a structural basis of cooperative systems among the sensors. PMID:23529146

A distributed signature detection method for detecting intrusions in sensor systems.

PubMed

Kim, Ilkyu; Oh, Doohwan; Yoon, Myung Kuk; Yi, Kyueun; Ro, Won Woo

2013-03-25

Sensor nodes in wireless sensor networks are easily exposed to open and unprotected regions. A security solution is strongly recommended to prevent networks against malicious attacks. Although many intrusion detection systems have been developed, most systems are difficult to implement for the sensor nodes owing to limited computation resources. To address this problem, we develop a novel distributed network intrusion detection system based on the Wu-Manber algorithm. In the proposed system, the algorithm is divided into two steps; the first step is dedicated to a sensor node, and the second step is assigned to a base station. In addition, the first step is modified to achieve efficient performance under limited computation resources. We conduct evaluations with random string sets and actual intrusion signatures to show the performance improvement of the proposed method. The proposed method achieves a speedup factor of 25.96 and reduces 43.94% of packet transmissions to the base station compared with the previously proposed method. The system achieves efficient utilization of the sensor nodes and provides a structural basis of cooperative systems among the sensors.

Direct trust-based security scheme for RREQ flooding attack in mobile ad hoc networks

NASA Astrophysics Data System (ADS)

Kumar, Sunil; Dutta, Kamlesh

2017-06-01

The routing algorithms in MANETs exhibit distributed and cooperative behaviour which makes them easy target for denial of service (DoS) attacks. RREQ flooding attack is a flooding-type DoS attack in context to Ad hoc On Demand Distance Vector (AODV) routing protocol, where the attacker broadcasts massive amount of bogus Route Request (RREQ) packets to set up the route with the non-existent or existent destination in the network. This paper presents direct trust-based security scheme to detect and mitigate the impact of RREQ flooding attack on the network, in which, every node evaluates the trust degree value of its neighbours through analysing the frequency of RREQ packets originated by them over a short period of time. Taking the node's trust degree value as the input, the proposed scheme is smoothly extended for suppressing the surplus RREQ and bogus RREQ flooding packets at one-hop neighbours during the route discovery process. This scheme distinguishes itself from existing techniques by not directly blocking the service of a normal node due to increased amount of RREQ packets in some unusual conditions. The results obtained throughout the simulation experiments clearly show the feasibility and effectiveness of the proposed defensive scheme.

Automated Network Anomaly Detection with Learning, Control and Mitigation

ERIC Educational Resources Information Center

Ippoliti, Dennis

2014-01-01

Anomaly detection is a challenging problem that has been researched within a variety of application domains. In network intrusion detection, anomaly based techniques are particularly attractive because of their ability to identify previously unknown attacks without the need to be programmed with the specific signatures of every possible attack.…

A Wild Weasel Penetration Model.

DTIC Science & Technology

1982-03-01

event 13, and node WM. Global variable XX(48) counts the WWs as they reach the home point. The network logic for WWI and WW2 is identical. Each WW...the same no matter if the aircraft is WWI or WW2 . Radar-Attack Profile In the radar-attack po. tion of the network threat radars engage both attack...Systems Dispersion on LOC XX(52) *State Variable--see text. * 94 variable. (The entry positions of WW1 and WW2 are changed with state variables SS(25) and

Why Does Mptcp Have To Make Things So Complicated : Cross Path Nids Evasion And Countermeasures

DTIC Science & Technology

2016-09-01

previously only establish communication channels over single network paths to communicate over multiple network paths. MPTCP is an enhancement toTCP that...the attacker would fail to create a Command and Control (C2) channel unless the attacker had created a new mapping to the target on the splicing...machine. This would allow the attacker to conduct C2 over a spliced channel . This may even make the attacker’s C2 more evasive. In fact, the effect

Research on Network Defense Strategy Based on Honey Pot Technology

NASA Astrophysics Data System (ADS)

Hong, Jianchao; Hua, Ying

2018-03-01

As a new network security technology of active defense, The honeypot technology has become a very effective and practical method of decoy attackers. The thesis discusses the theory, structure, characteristic, design and implementation of Honeypot in detail. Aiming at the development of means of attack, put forward a kind of network defense technology based on honeypot technology, constructing a virtual Honeypot demonstrate the honeypot’s functions.

Continuous Security Metrics for Prevalent Network Threats: Introduction and First Four Metrics

DTIC Science & Technology

2012-05-22

cyber at- tack. Recently, high -prole successful attacks have been detected against the International Mon- etary Fund, Citibank, Lockheed Martin, Google...RSA Security, Sony, and Oak Ridge National Laboratory[13]. These and other attacks have heightened securing networks as a high priority for many...of high -severity vulnerabilities found by network vulnerability scanners (e.g., [40]) and the numbers or percentages of hosts that are are not

Distributed clone detection in static wireless sensor networks: random walk with network division.

PubMed

Khan, Wazir Zada; Aalsalem, Mohammed Y; Saad, N M

2015-01-01

Wireless Sensor Networks (WSNs) are vulnerable to clone attacks or node replication attacks as they are deployed in hostile and unattended environments where they are deprived of physical protection, lacking physical tamper-resistance of sensor nodes. As a result, an adversary can easily capture and compromise sensor nodes and after replicating them, he inserts arbitrary number of clones/replicas into the network. If these clones are not efficiently detected, an adversary can be further capable to mount a wide variety of internal attacks which can emasculate the various protocols and sensor applications. Several solutions have been proposed in the literature to address the crucial problem of clone detection, which are not satisfactory as they suffer from some serious drawbacks. In this paper we propose a novel distributed solution called Random Walk with Network Division (RWND) for the detection of node replication attack in static WSNs which is based on claimer-reporter-witness framework and combines a simple random walk with network division. RWND detects clone(s) by following a claimer-reporter-witness framework and a random walk is employed within each area for the selection of witness nodes. Splitting the network into levels and areas makes clone detection more efficient and the high security of witness nodes is ensured with moderate communication and memory overheads. Our simulation results show that RWND outperforms the existing witness node based strategies with moderate communication and memory overheads.

Security management based on trust determination in cognitive radio networks

NASA Astrophysics Data System (ADS)

Li, Jianwu; Feng, Zebing; Wei, Zhiqing; Feng, Zhiyong; Zhang, Ping

2014-12-01

Security has played a major role in cognitive radio networks. Numerous researches have mainly focused on attacking detection based on source localization and detection probability. However, few of them took the penalty of attackers into consideration and neglected how to implement effective punitive measures against attackers. To address this issue, this article proposes a novel penalty mechanism based on cognitive trust value. The main feature of this mechanism has been realized by six functions: authentication, interactive, configuration, trust value collection, storage and update, and punishment. Data fusion center (FC) and cluster heads (CHs) have been put forward as a hierarchical architecture to manage trust value of cognitive users. Misbehaving users would be punished by FC by declining their trust value; thus, guaranteeing network security via distinguishing attack users is of great necessity. Simulation results verify the rationality and effectiveness of our proposed mechanism.

Brain network alterations and vulnerability to simulated neurodegeneration in breast cancer.

PubMed

Kesler, Shelli R; Watson, Christa L; Blayney, Douglas W

2015-08-01

Breast cancer and its treatments are associated with mild cognitive impairment and brain changes that could indicate an altered or accelerated brain aging process. We applied diffusion tensor imaging and graph theory to measure white matter organization and connectivity in 34 breast cancer survivors compared with 36 matched healthy female controls. We also investigated how brain networks (connectomes) in each group responded to simulated neurodegeneration based on network attack analysis. Compared with controls, the breast cancer group demonstrated significantly lower fractional anisotropy, altered small-world connectome properties, lower brain network tolerance to systematic region (node), and connection (edge) attacks and significant cognitive impairment. Lower tolerance to network attack was associated with cognitive impairment in the breast cancer group. These findings provide further evidence of diffuse white matter pathology after breast cancer and extend the literature in this area with unique data demonstrating increased vulnerability of the post-breast cancer brain network to future neurodegenerative processes. Copyright © 2015 Elsevier Inc. All rights reserved.

Comparison analysis on vulnerability of metro networks based on complex network

NASA Astrophysics Data System (ADS)

Zhang, Jianhua; Wang, Shuliang; Wang, Xiaoyuan

2018-04-01

This paper analyzes the networked characteristics of three metro networks, and two malicious attacks are employed to investigate the vulnerability of metro networks based on connectivity vulnerability and functionality vulnerability. Meanwhile, the networked characteristics and vulnerability of three metro networks are compared with each other. The results show that Shanghai metro network has the largest transport capacity, Beijing metro network has the best local connectivity and Guangzhou metro network has the best global connectivity, moreover Beijing metro network has the best homogeneous degree distribution. Furthermore, we find that metro networks are very vulnerable subjected to malicious attacks, and Guangzhou metro network has the best topological structure and reliability among three metro networks. The results indicate that the proposed methodology is feasible and effective to investigate the vulnerability and to explore better topological structure of metro networks.

Attack Detection in Sensor Network Target Localization Systems With Quantized Data

NASA Astrophysics Data System (ADS)

Zhang, Jiangfan; Wang, Xiaodong; Blum, Rick S.; Kaplan, Lance M.

2018-04-01

We consider a sensor network focused on target localization, where sensors measure the signal strength emitted from the target. Each measurement is quantized to one bit and sent to the fusion center. A general attack is considered at some sensors that attempts to cause the fusion center to produce an inaccurate estimation of the target location with a large mean-square-error. The attack is a combination of man-in-the-middle, hacking, and spoofing attacks that can effectively change both signals going into and coming out of the sensor nodes in a realistic manner. We show that the essential effect of attacks is to alter the estimated distance between the target and each attacked sensor to a different extent, giving rise to a geometric inconsistency among the attacked and unattacked sensors. Hence, with the help of two secure sensors, a class of detectors are proposed to detect the attacked sensors by scrutinizing the existence of the geometric inconsistency. We show that the false alarm and miss probabilities of the proposed detectors decrease exponentially as the number of measurement samples increases, which implies that for sufficiently large number of samples, the proposed detectors can identify the attacked and unattacked sensors with any required accuracy.

Information spread in networks: Games, optimal control, and stabilization

NASA Astrophysics Data System (ADS)

Khanafer, Ali

This thesis focuses on designing efficient mechanisms for controlling information spread in networks. We consider two models for information spread. The first one is the well-known distributed averaging dynamics. The second model is a nonlinear one that describes virus spread in computer and biological networks. We seek to design optimal, robust, and stabilizing controllers under practical constraints. For distributed averaging networks, we study the interaction between a network designer and an adversary. We consider two types of attacks on the network. In Attack-I, the adversary strategically disconnects a set of links to prevent the nodes from reaching consensus. Meanwhile, the network designer assists the nodes in reaching consensus by changing the weights of a limited number of links in the network. We formulate two problems to describe this competition where the order in which the players act is reversed in the two problems. Although the canonical equations provided by the Pontryagin's Maximum Principle (MP) seem to be intractable, we provide an alternative characterization for the optimal strategies that makes connection to potential theory. Further, we provide a sufficient condition for the existence of a saddle-point equilibrium (SPE) for the underlying zero-sum game. In Attack-II, the designer and the adversary are both capable of altering the measurements of all nodes in the network by injecting global signals. We impose two constraints on both players: a power constraint and an energy constraint. We assume that the available energy to each player is not sufficient to operate at maximum power throughout the horizon of the game. We show the existence of an SPE and derive the optimal strategies in closed form for this attack scenario. As an alternative to the "network designer vs. adversary" framework, we investigate the possibility of stabilizing unknown network diffusion processes using a distributed mechanism, where the uncertainty is due to an attack on the network. To this end, we propose a distributed version of the classical logic-based supervisory control scheme. Given a network of agents whose dynamics contain unknown parameters, the distributed supervisory control scheme is used to assist the agents to converge to a certain set-point without requiring them to have explicit knowledge of that set-point. Unlike the classical supervisory control scheme where a centralized supervisor makes switching decisions among the candidate controllers, in our scheme, each agent is equipped with a local supervisor that switches among the available controllers. The switching decisions made at a certain agent depend only on the information from its neighboring agents. We provide sufficient conditions for stabilization and apply our framework to the distributed averaging problem in the presence of large modeling uncertainty. For infected networks, we study the stability properties of a susceptible-infected-susceptible (SIS) diffusion model, so-called the n-intertwined Markov model, over arbitrary network topologies. Similar to the majority of infection spread dynamics, this model exhibits a threshold phenomenon. When the curing rates in the network are high, the all-healthy state is the unique equilibrium over the network. Otherwise, an endemic equilibrium state emerges, where some infection remains within the network. Using notions from positive systems theory, we provide conditions for the global asymptotic stability of the equilibrium points in both cases over strongly and weakly connected directed networks based on the value of the basic reproduction number, a fundamental quantity in the study of epidemics. Furthermore, we demonstrate that the n-intertwined Markov model can be viewed as a best-response dynamical system of a concave game among the nodes. This characterization allows us to cast new infection spread dynamics; additionally, we provide a sufficient condition, for the global convergence to the all-healthy state, that can be checked in a distributed fashion. Moreover, we investigate the problem of stabilizing the network when the curing rates of a limited number of nodes can be controlled. In particular, we characterize the number of controllers required for a class of undirected graphs. We also design optimal controllers capable of minimizing the total infection in the network at minimum cost. Finally, we outline a set of open problems in the area of information spread control.

Automatic analysis of attack data from distributed honeypot network

NASA Astrophysics Data System (ADS)

Safarik, Jakub; Voznak, MIroslav; Rezac, Filip; Partila, Pavol; Tomala, Karel

2013-05-01

There are many ways of getting real data about malicious activity in a network. One of them relies on masquerading monitoring servers as a production one. These servers are called honeypots and data about attacks on them brings us valuable information about actual attacks and techniques used by hackers. The article describes distributed topology of honeypots, which was developed with a strong orientation on monitoring of IP telephony traffic. IP telephony servers can be easily exposed to various types of attacks, and without protection, this situation can lead to loss of money and other unpleasant consequences. Using a distributed topology with honeypots placed in different geological locations and networks provides more valuable and independent results. With automatic system of gathering information from all honeypots, it is possible to work with all information on one centralized point. Communication between honeypots and centralized data store use secure SSH tunnels and server communicates only with authorized honeypots. The centralized server also automatically analyses data from each honeypot. Results of this analysis and also other statistical data about malicious activity are simply accessible through a built-in web server. All statistical and analysis reports serve as information basis for an algorithm which classifies different types of used VoIP attacks. The web interface then brings a tool for quick comparison and evaluation of actual attacks in all monitored networks. The article describes both, the honeypots nodes in distributed architecture, which monitor suspicious activity, and also methods and algorithms used on the server side for analysis of gathered data.

Considerations on Visible Light Communication security by applying the Risk Matrix methodology for risk assessment

PubMed Central

Rabadan, Jose; Perez-Jimenez, Rafael

2017-01-01

Visible Light Communications (VLC) is a cutting edge technology for data communication that is being considered to be implemented in a wide range of applications such as Inter-vehicle communication or Local Area Network (LAN) communication. As a novel technology, some aspects of the implementation of VLC have not been deeply considered or tested. Among these aspects, security and its implementation may become an obstacle for VLCs broad usage. In this article, we have used the well-known Risk Matrix methodology to determine the relative risk that several common attacks have in a VLC network. Four examples: a War Driving, a Queensland alike Denial of Service, a Preshared Key Cracking, and an Evil Twin attack, illustrate the utilization of the methodology over a VLC implementation. The used attacks also covered the different areas delimited by the attack taxonomy used in this work. By defining and determining which attacks present a greater risk, the results of this work provide a lead into which areas should be invested to increase the safety of VLC networks. PMID:29186184

Considerations on Visible Light Communication security by applying the Risk Matrix methodology for risk assessment.

PubMed

Marin-Garcia, Ignacio; Chavez-Burbano, Patricia; Guerra, Victor; Rabadan, Jose; Perez-Jimenez, Rafael

2017-01-01

Visible Light Communications (VLC) is a cutting edge technology for data communication that is being considered to be implemented in a wide range of applications such as Inter-vehicle communication or Local Area Network (LAN) communication. As a novel technology, some aspects of the implementation of VLC have not been deeply considered or tested. Among these aspects, security and its implementation may become an obstacle for VLCs broad usage. In this article, we have used the well-known Risk Matrix methodology to determine the relative risk that several common attacks have in a VLC network. Four examples: a War Driving, a Queensland alike Denial of Service, a Preshared Key Cracking, and an Evil Twin attack, illustrate the utilization of the methodology over a VLC implementation. The used attacks also covered the different areas delimited by the attack taxonomy used in this work. By defining and determining which attacks present a greater risk, the results of this work provide a lead into which areas should be invested to increase the safety of VLC networks.

Detection of complex cyber attacks

NASA Astrophysics Data System (ADS)

Gregorio-de Souza, Ian; Berk, Vincent H.; Giani, Annarita; Bakos, George; Bates, Marion; Cybenko, George; Madory, Doug

2006-05-01

One significant drawback to currently available security products is their inabilty to correlate diverse sensor input. For instance, by only using network intrusion detection data, a root kit installed through a weak username-password combination may go unnoticed. Similarly, an administrator may never make the link between deteriorating response times from the database server and an attacker exfiltrating trusted data, if these facts aren't presented together. Current Security Information Management Systems (SIMS) can collect and represent diverse data but lack sufficient correlation algorithms. By using a Process Query System, we were able to quickly bring together data flowing from many sources, including NIDS, HIDS, server logs, CPU load and memory usage, etc. We constructed PQS models that describe dynamic behavior of complicated attacks and failures, allowing us to detect and differentiate simultaneous sophisticated attacks on a target network. In this paper, we discuss the benefits of implementing such a multistage cyber attack detection system using PQS. We focus on how data from multiple sources can be combined and used to detect and track comprehensive network security events that go unnoticed using conventional tools.

A performance study of unmanned aerial vehicle-based sensor networks under cyber attack

NASA Astrophysics Data System (ADS)

Puchaty, Ethan M.

In UAV-based sensor networks, an emerging area of interest is the performance of these networks under cyber attack. This study seeks to evaluate the performance trade-offs from a System-of-Systems (SoS) perspective between various UAV communications architecture options in the context two missions: tracking ballistic missiles and tracking insurgents. An agent-based discrete event simulation is used to model a sensor communication network consisting of UAVs, military communications satellites, ground relay stations, and a mission control center. Network susceptibility to cyber attack is modeled with probabilistic failures and induced data variability, with performance metrics focusing on information availability, latency, and trustworthiness. Results demonstrated that using UAVs as routers increased network availability with a minimal latency penalty and communications satellite networks were best for long distance operations. Redundancy in the number of links between communication nodes helped mitigate cyber-caused link failures and add robustness in cases of induced data variability by an adversary. However, when failures were not independent, redundancy and UAV routing were detrimental in some cases to network performance. Sensitivity studies indicated that long cyber-caused downtimes and increasing failure dependencies resulted in build-ups of failures and caused significant degradations in network performance.

ReTrust: attack-resistant and lightweight trust management for medical sensor networks.

PubMed

He, Daojing; Chen, Chun; Chan, Sammy; Bu, Jiajun; Vasilakos, Athanasios V

2012-07-01

Wireless medical sensor networks (MSNs) enable ubiquitous health monitoring of users during their everyday lives, at health sites, without restricting their freedom. Establishing trust among distributed network entities has been recognized as a powerful tool to improve the security and performance of distributed networks such as mobile ad hoc networks and sensor networks. However, most existing trust systems are not well suited for MSNs due to the unique operational and security requirements of MSNs. Moreover, similar to most security schemes, trust management methods themselves can be vulnerable to attacks. Unfortunately, this issue is often ignored in existing trust systems. In this paper, we identify the security and performance challenges facing a sensor network for wireless medical monitoring and suggest it should follow a two-tier architecture. Based on such an architecture, we develop an attack-resistant and lightweight trust management scheme named ReTrust. This paper also reports the experimental results of the Collection Tree Protocol using our proposed system in a network of TelosB motes, which show that ReTrust not only can efficiently detect malicious/faulty behaviors, but can also significantly improve the network performance in practice.

Message Integrity Model for Wireless Sensor Networks

ERIC Educational Resources Information Center

Qleibo, Haider W.

2009-01-01

WSNs are susceptible to a variety of attacks. These attacks vary in the way they are performed and executed; they include but not limited to node capture, physical tampering, denial of service, and message alteration. It is of paramount importance to protect gathered data by WSNs and defend the network against illegal access and malicious…

Network Analysis of Reconnaissance and Intrusion of an Industrial Control System

DTIC Science & Technology

2016-09-01

simulated a plant engineer using the engineering workstation web browser to authenticate to the vegetable cooker HMI. While the engineer established the...observed the vegetable cooker HMI web display, the attacker stopped capturing network traffic. Acting as the attacker, we searched the attacker’s pcap...manually controlled by human activity. In this testbed network, only web browser traffic (HTTP) is created by an operator to view an HMI status

A complex network for studying the transmission mechanisms in stock market

NASA Astrophysics Data System (ADS)

Long, Wen; Guan, Lijing; Shen, Jiangjian; Song, Linqiu; Cui, Lingxiao

2017-10-01

This paper introduces a new complex network to describe the volatility transmission mechanisms in stock market. The network can not only endogenize stock market's volatility but also figure out the direction of volatility spillover. In this model, we first use BEKK-GARCH to estimate the volatility spillover effects among Chinese 18 industry sectors. Then, based on the ARCH coefficients and GARCH coefficients, the directional shock networks and variance networks in different stages are constructed separately. We find that the spillover effects and network structures changes in different stages. The results of the topological stability test demonstrate that the connectivity of networks becomes more fragile to selective attacks than stochastic attacks.

Defending networks against denial-of-service attacks

NASA Astrophysics Data System (ADS)

Gelenbe, Erol; Gellman, Michael; Loukas, George

2004-11-01

Denial of service attacks, viruses and worms are common tools for malicious adversarial behavior in networks. Experience shows that over the last few years several of these techniques have probably been used by governments to impair the Internet communications of various entities, and we can expect that these and other information warfare tools will be used increasingly as part of hostile behavior either independently, or in conjunction with other forms of attack in conventional or asymmetric warfare, as well as in other forms of malicious behavior. In this paper we concentrate on Distributed Denial of Service Attacks (DDoS) where one or more attackers generate flooding traffic and direct it from multiple sources towards a set of selected nodes or IP addresses in the Internet. We first briefly survey the literature on the subject, and discuss some examples of DDoS incidents. We then present a technique that can be used for DDoS protection based on creating islands of protection around a critical information infrastructure. This technique, that we call the CPN-DoS-DT (Cognitive Packet Networks DoS Defence Technique), creates a self-monitoring sub-network surrounding each critical infrastructure node. CPN-DoS-DT is triggered by a DDoS detection scheme, and generates control traffic from the objects of the DDoS attack to the islands of protection where DDOS packet flows are destroyed before they reach the critical infrastructure. We use mathematical modelling, simulation and experiments on our test-bed to show the positive and negative outcomes that may result from both the attack, and the CPN-DoS-DT protection mechanism, due to imperfect detection and false alarms.

Multiple operating system rotation environment moving target defense

DOE Office of Scientific and Technical Information (OSTI.GOV)

Evans, Nathaniel; Thompson, Michael

Systems and methods for providing a multiple operating system rotation environment ("MORE") moving target defense ("MTD") computing system are described. The MORE-MTD system provides enhanced computer system security through a rotation of multiple operating systems. The MORE-MTD system increases attacker uncertainty, increases the cost of attacking the system, reduces the likelihood of an attacker locating a vulnerability, and reduces the exposure time of any located vulnerability. The MORE-MTD environment is effectuated by rotation of the operating systems at a given interval. The rotating operating systems create a consistently changing attack surface for remote attackers.

Challenges in Securing the Interface Between the Cloud and Pervasive Systems

DOE Office of Scientific and Technical Information (OSTI.GOV)

Lagesse, Brent J

2011-01-01

Cloud computing presents an opportunity for pervasive systems to leverage computational and storage resources to accomplish tasks that would not normally be possible on such resource-constrained devices. Cloud computing can enable hardware designers to build lighter systems that last longer and are more mobile. Despite the advantages cloud computing offers to the designers of pervasive systems, there are some limitations of leveraging cloud computing that must be addressed. We take the position that cloud-based pervasive system must be secured holistically and discuss ways this might be accomplished. In this paper, we discuss a pervasive system utilizing cloud computing resources andmore » issues that must be addressed in such a system. In this system, the user's mobile device cannot always have network access to leverage resources from the cloud, so it must make intelligent decisions about what data should be stored locally and what processes should be run locally. As a result of these decisions, the user becomes vulnerable to attacks while interfacing with the pervasive system.« less

48 CFR 1852.223-75 - Major breach of safety or security.

Code of Federal Regulations, 2012 CFR

2012-10-01

... of safeguarding against espionage, sabotage, crime (including computer crime), or attack. A major... of safeguarding against espionage, sabotage, crime (including computer crime), or attack. A major...

48 CFR 1852.223-75 - Major breach of safety or security.

Code of Federal Regulations, 2013 CFR

2013-10-01

... of safeguarding against espionage, sabotage, crime (including computer crime), or attack. A major... of safeguarding against espionage, sabotage, crime (including computer crime), or attack. A major...

48 CFR 1852.223-75 - Major breach of safety or security.

Code of Federal Regulations, 2014 CFR

2014-10-01

... of safeguarding against espionage, sabotage, crime (including computer crime), or attack. A major... of safeguarding against espionage, sabotage, crime (including computer crime), or attack. A major...

48 CFR 1852.223-75 - Major breach of safety or security.

Code of Federal Regulations, 2011 CFR

2011-10-01

... of safeguarding against espionage, sabotage, crime (including computer crime), or attack. A major... of safeguarding against espionage, sabotage, crime (including computer crime), or attack. A major...

Utilizing Maximal Independent Sets as Dominating Sets in Scale-Free Networks

NASA Astrophysics Data System (ADS)

Derzsy, N.; Molnar, F., Jr.; Szymanski, B. K.; Korniss, G.

Dominating sets provide key solution to various critical problems in networked systems, such as detecting, monitoring, or controlling the behavior of nodes. Motivated by graph theory literature [Erdos, Israel J. Math. 4, 233 (1966)], we studied maximal independent sets (MIS) as dominating sets in scale-free networks. We investigated the scaling behavior of the size of MIS in artificial scale-free networks with respect to multiple topological properties (size, average degree, power-law exponent, assortativity), evaluated its resilience to network damage resulting from random failure or targeted attack [Molnar et al., Sci. Rep. 5, 8321 (2015)], and compared its efficiency to previously proposed dominating set selection strategies. We showed that, despite its small set size, MIS provides very high resilience against network damage. Using extensive numerical analysis on both synthetic and real-world (social, biological, technological) network samples, we demonstrate that our method effectively satisfies four essential requirements of dominating sets for their practical applicability on large-scale real-world systems: 1.) small set size, 2.) minimal network information required for their construction scheme, 3.) fast and easy computational implementation, and 4.) resiliency to network damage. Supported by DARPA, DTRA, and NSF.

Competition in the domain of wireless networks security

NASA Astrophysics Data System (ADS)

Bednarczyk, Mariusz

2017-04-01

Wireless networks are very popular and have found wide spread usage amongst various segments, also in military environment. The deployment of wireless infrastructures allow to reduce the time it takes to install and dismantle communications networks. With wireless, users are more mobile and can easily get access to the network resources all the time. However, wireless technologies like WiFi or Bluetooth have security issues that hackers have extensively exploited over the years. In the paper several serious security flaws in wireless technologies are presented. Most of them enable to get access to the internal networks and easily carry out man-in-the-middle attacks. Very often, they are used to launch massive denial of service attacks that target the physical infrastructure as well as the RF spectrum. For instance, there are well known instances of Bluetooth connection spoofing in order to steal WiFi password stored in the mobile device. To raise the security awareness and protect wireless networks against an adversary attack, an analysis of attack methods and tools over time is presented in the article. The particular attention is paid to the severity, possible targets as well as the ability to persist in the context of protective measures. Results show that an adversary can take complete control of the victims' mobile device features if the users forget to use simple safety principles.

A Study of Practical Proxy Reencryption with a Keyword Search Scheme considering Cloud Storage Structure

PubMed Central

Lee, Im-Yeong

2014-01-01

Data outsourcing services have emerged with the increasing use of digital information. They can be used to store data from various devices via networks that are easy to access. Unlike existing removable storage systems, storage outsourcing is available to many users because it has no storage limit and does not require a local storage medium. However, the reliability of storage outsourcing has become an important topic because many users employ it to store large volumes of data. To protect against unethical administrators and attackers, a variety of cryptography systems are used, such as searchable encryption and proxy reencryption. However, existing searchable encryption technology is inconvenient for use in storage outsourcing environments where users upload their data to be shared with others as necessary. In addition, some existing schemes are vulnerable to collusion attacks and have computing cost inefficiencies. In this paper, we analyze existing proxy re-encryption with keyword search. PMID:24693240

A study of practical proxy reencryption with a keyword search scheme considering cloud storage structure.

PubMed

Lee, Sun-Ho; Lee, Im-Yeong

2014-01-01

Data outsourcing services have emerged with the increasing use of digital information. They can be used to store data from various devices via networks that are easy to access. Unlike existing removable storage systems, storage outsourcing is available to many users because it has no storage limit and does not require a local storage medium. However, the reliability of storage outsourcing has become an important topic because many users employ it to store large volumes of data. To protect against unethical administrators and attackers, a variety of cryptography systems are used, such as searchable encryption and proxy reencryption. However, existing searchable encryption technology is inconvenient for use in storage outsourcing environments where users upload their data to be shared with others as necessary. In addition, some existing schemes are vulnerable to collusion attacks and have computing cost inefficiencies. In this paper, we analyze existing proxy re-encryption with keyword search.

Research on techniques for computer three-dimensional simulation of satellites and night sky

NASA Astrophysics Data System (ADS)

Yan, Guangwei; Hu, Haitao

2007-11-01

To study space attack-defense technology, a simulation of satellites is needed. We design and implement a 3d simulating system of satellites. The satellites are rendered under the Night sky background. The system structure is as follows: one computer is used to simulate the orbital of satellites, the other computers are used to render 3d simulation scene. To get a realistic effect, a three-channel multi-projector display system is constructed. We use MultiGen Creator to construct satellite and star models. We use MultiGen Distributed Vega to render the three-channel scene. There are one master and three slaves. The master controls the three slaves to render three channels separately. To get satellites' positions and attitudes, the master communicates with the satellite orbit simulator based on TCP/IP protocol. Then it calculates the observer's position, the satellites' position, the moon's and the sun's position and transmits the data to the slaves. To get a smooth orbit of target satellites, an orbit prediction method is used. Because the target satellite data packets and the attack satellite data packets cannot keep synchronization in the network, a target satellite dithering phenomenon will occur when the scene is rendered. To resolve this problem, an anti-dithering algorithm is designed. To render Night sky background, a file which stores stars' position and brightness data is used. According to the brightness of each star, the stars are classified into different magnitude. The star model is scaled according to the magnitude. All the stars are distributed on a celestial sphere. Experiments show, the whole system can run correctly, and the frame rate can reach 30Hz. The system can be used in a space attack-defense simulation field.

What's Next in Complex Networks? Capturing the Concept of Attacking Play in Invasive Team Sports.

PubMed

Ramos, João; Lopes, Rui J; Araújo, Duarte

2018-01-01

The evolution of performance analysis within sports sciences is tied to technology development and practitioner demands. However, how individual and collective patterns self-organize and interact in invasive team sports remains elusive. Social network analysis has been recently proposed to resolve some aspects of this problem, and has proven successful in capturing collective features resulting from the interactions between team members as well as a powerful communication tool. Despite these advances, some fundamental team sports concepts such as an attacking play have not been properly captured by the more common applications of social network analysis to team sports performance. In this article, we propose a novel approach to team sports performance centered on sport concepts, namely that of an attacking play. Network theory and tools including temporal and bipartite or multilayered networks were used to capture this concept. We put forward eight questions directly related to team performance to discuss how common pitfalls in the use of network tools for capturing sports concepts can be avoided. Some answers are advanced in an attempt to be more precise in the description of team dynamics and to uncover other metrics directly applied to sport concepts, such as the structure and dynamics of attacking plays. Finally, we propose that, at this stage of knowledge, it may be advantageous to build up from fundamental sport concepts toward complex network theory and tools, and not the other way around.

Distributed Clone Detection in Static Wireless Sensor Networks: Random Walk with Network Division

PubMed Central

Khan, Wazir Zada; Aalsalem, Mohammed Y.; Saad, N. M.

2015-01-01

Wireless Sensor Networks (WSNs) are vulnerable to clone attacks or node replication attacks as they are deployed in hostile and unattended environments where they are deprived of physical protection, lacking physical tamper-resistance of sensor nodes. As a result, an adversary can easily capture and compromise sensor nodes and after replicating them, he inserts arbitrary number of clones/replicas into the network. If these clones are not efficiently detected, an adversary can be further capable to mount a wide variety of internal attacks which can emasculate the various protocols and sensor applications. Several solutions have been proposed in the literature to address the crucial problem of clone detection, which are not satisfactory as they suffer from some serious drawbacks. In this paper we propose a novel distributed solution called Random Walk with Network Division (RWND) for the detection of node replication attack in static WSNs which is based on claimer-reporter-witness framework and combines a simple random walk with network division. RWND detects clone(s) by following a claimer-reporter-witness framework and a random walk is employed within each area for the selection of witness nodes. Splitting the network into levels and areas makes clone detection more efficient and the high security of witness nodes is ensured with moderate communication and memory overheads. Our simulation results show that RWND outperforms the existing witness node based strategies with moderate communication and memory overheads. PMID:25992913

Toward a Scalable Visualization System for Network Traffic Monitoring

NASA Astrophysics Data System (ADS)

Malécot, Erwan Le; Kohara, Masayoshi; Hori, Yoshiaki; Sakurai, Kouichi

With the multiplication of attacks against computer networks, system administrators are required to monitor carefully the traffic exchanged by the networks they manage. However, that monitoring task is increasingly laborious because of the augmentation of the amount of data to analyze. And that trend is going to intensify with the explosion of the number of devices connected to computer networks along with the global rise of the available network bandwidth. So system administrators now heavily rely on automated tools to assist them and simplify the analysis of the data. Yet, these tools provide limited support and, most of the time, require highly skilled operators. Recently, some research teams have started to study the application of visualization techniques to the analysis of network traffic data. We believe that this original approach can also allow system administrators to deal with the large amount of data they have to process. In this paper, we introduce a tool for network traffic monitoring using visualization techniques that we developed in order to assist the system administrators of our corporate network. We explain how we designed the tool and some of the choices we made regarding the visualization techniques to use. The resulting tool proposes two linked representations of the network traffic and activity, one in 2D and the other in 3D. As 2D and 3D visualization techniques have different assets, we resulted in combining them in our tool to take advantage of their complementarity. We finally tested our tool in order to evaluate the accuracy of our approach.

A Probabilistic Risk Mitigation Model for Cyber-Attacks to PMU Networks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Mousavian, Seyedamirabbas; Valenzuela, Jorge; Wang, Jianhui

The power grid is becoming more dependent on information and communication technologies. Complex networks of advanced sensors such as phasor measurement units (PMUs) are used to collect real time data to improve the observability of the power system. Recent studies have shown that the power grid has significant cyber vulnerabilities which could increase when PMUs are used extensively. Therefore, recognizing and responding to vulnerabilities are critical to the security of the power grid. This paper proposes a risk mitigation model for optimal response to cyber-attacks to PMU networks. We model the optimal response action as a mixed integer linear programmingmore » (MILP) problem to prevent propagation of the cyber-attacks and maintain the observability of the power system.« less

Preserving Source Location Privacy for Energy Harvesting WSNs.

PubMed

Huang, Changqin; Ma, Ming; Liu, Yuxin; Liu, Anfeng

2017-03-30

Fog (From cOre to edGe) computing employs a huge number of wireless embedded devices to enable end users with anywhere-anytime-to-anything connectivity. Due to their operating nature, wireless sensor nodes often work unattended, and hence are exposed to a variety of attacks. Preserving source-location privacy plays a key role in some wireless sensor network (WSN) applications. In this paper, a redundancy branch convergence-based preserved source location privacy scheme (RBCPSLP) is proposed for energy harvesting sensor networks, with the following advantages: numerous routing branches are created in non-hotspot areas with abundant energy, and those routing branches can merge into a few routing paths before they reach the hotspot areas. The generation time, the duration of routing, and the number of routing branches are then decided independently based on the amount of energy obtained, so as to maximize network energy utilization, greatly enhance privacy protection, and provide long network lifetimes. Theoretical analysis and experimental results show that the RBCPSLP scheme allows a several-fold improvement of the network energy utilization as well as the source location privacy preservation, while maximizing network lifetimes.

Preserving Source Location Privacy for Energy Harvesting WSNs

PubMed Central

Huang, Changqin; Ma, Ming; Liu, Yuxin; Liu, Anfeng

2017-01-01

Fog (From cOre to edGe) computing employs a huge number of wireless embedded devices to enable end users with anywhere-anytime-to-anything connectivity. Due to their operating nature, wireless sensor nodes often work unattended, and hence are exposed to a variety of attacks. Preserving source-location privacy plays a key role in some wireless sensor network (WSN) applications. In this paper, a redundancy branch convergence-based preserved source location privacy scheme (RBCPSLP) is proposed for energy harvesting sensor networks, with the following advantages: numerous routing branches are created in non-hotspot areas with abundant energy, and those routing branches can merge into a few routing paths before they reach the hotspot areas. The generation time, the duration of routing, and the number of routing branches are then decided independently based on the amount of energy obtained, so as to maximize network energy utilization, greatly enhance privacy protection, and provide long network lifetimes. Theoretical analysis and experimental results show that the RBCPSLP scheme allows a several-fold improvement of the network energy utilization as well as the source location privacy preservation, while maximizing network lifetimes. PMID:28358341

Worldnet

NASA Technical Reports Server (NTRS)

Denning, Peter J.

1989-01-01

The expanding use of powerful workstations coupled to ubiquitous networks is transforming scientific and engineering research and the the ways organizations around the world do business. By the year 2000, few enterprises will be able to succeed without mastery of this technology, which will be embodied in an information infrastructure based on a worldwide network. A recurring theme in all the discussions of what might be possible within the emerging Worldnet is people and machines working together in new ways across distance and time. A review is presented of the basic concepts on which the architecture of Worldnet must be built: coordination of action, authentication, privacy, and naming. Worldnet must provide additional functions to support the ongoing processes of suppliers and consumers: help services, aids for designing and producing subsystems, spinning off new machines, and resistance to attack. This discussion begins to reveal the constituent elements of a theory for Worldnet, a theory focused on what people will do with computers rather than on what computers do.

Typed Linear Chain Conditional Random Fields and Their Application to Intrusion Detection

NASA Astrophysics Data System (ADS)

Elfers, Carsten; Horstmann, Mirko; Sohr, Karsten; Herzog, Otthein

Intrusion detection in computer networks faces the problem of a large number of both false alarms and unrecognized attacks. To improve the precision of detection, various machine learning techniques have been proposed. However, one critical issue is that the amount of reference data that contains serious intrusions is very sparse. In this paper we present an inference process with linear chain conditional random fields that aims to solve this problem by using domain knowledge about the alerts of different intrusion sensors represented in an ontology.

Study of Threat Scenario Reconstruction based on Multiple Correlation

NASA Astrophysics Data System (ADS)

Yuan, Xuejun; Du, Jing; Qin, Futong; Zhou, Yunyan

2017-10-01

The emergence of intrusion detection technology has solved many network attack problems, ensuring the safety of computer systems. However, because of the isolated output alarm information, large amount of data, and mixed events, it is difficult for the managers to understand the deep logic relationship between the alarm information, thus they cannot deduce the attacker’s true intentions. This paper presents a method of online threat scene reconstruction to handle the alarm information, which reconstructs of the threat scene. For testing, the standard data set is used.

MAC layer security issues in wireless mesh networks

NASA Astrophysics Data System (ADS)

Reddy, K. Ganesh; Thilagam, P. Santhi

2016-03-01

Wireless Mesh Networks (WMNs) have emerged as a promising technology for a broad range of applications due to their self-organizing, self-configuring and self-healing capability, in addition to their low cost and easy maintenance. Securing WMNs is more challenging and complex issue due to their inherent characteristics such as shared wireless medium, multi-hop and inter-network communication, highly dynamic network topology and decentralized architecture. These vulnerable features expose the WMNs to several types of attacks in MAC layer. The existing MAC layer standards and implementations are inadequate to secure these features and fail to provide comprehensive security solutions to protect both backbone and client mesh. Hence, there is a need for developing efficient, scalable and integrated security solutions for WMNs. In this paper, we classify the MAC layer attacks and analyze the existing countermeasures. Based on attacks classification and countermeasures analysis, we derive the research directions to enhance the MAC layer security for WMNs.

ICS logging solution for network-based attacks using Gumistix technology

NASA Astrophysics Data System (ADS)

Otis, Jeremy R.; Berman, Dustin; Butts, Jonathan; Lopez, Juan

2013-05-01

Industrial Control Systems (ICS) monitor and control operations associated with the national critical infrastructure (e.g., electric power grid, oil and gas pipelines and water treatment facilities). These systems rely on technologies and architectures that were designed for system reliability and availability. Security associated with ICS was never an inherent concern, primarily due to the protections afforded by network isolation. However, a trend in ICS operations is to migrate to commercial networks via TCP/IP in order to leverage commodity benefits and cost savings. As a result, system vulnerabilities are now exposed to the online community. Indeed, recent research has demonstrated that many exposed ICS devices are being discovered using readily available applications (e.g., ShodanHQ search engine and Google-esque queries). Due to the lack of security and logging capabilities for ICS, most knowledge about attacks are derived from real world incidents after an attack has already been carried out and the damage has been done. This research provides a method for introducing sensors into the ICS environment that collect information about network-based attacks. The sensors are developed using an inexpensive Gumstix platform that can be deployed and incorporated with production systems. Data obtained from the sensors provide insight into attack tactics (e.g., port scans, Nessus scans, Metasploit modules, and zero-day exploits) and characteristics (e.g., attack origin, frequency, and level of persistence). Findings enable security professionals to draw an accurate, real-time awareness of the threats against ICS devices and help shift the security posture from reactionary to preventative.

X-33 Computational Aeroheating/Aerodynamic Predictions and Comparisons With Experimental Data

NASA Technical Reports Server (NTRS)

Hollis, Brian R.; Thompson, Richard A.; Berry, Scott A.; Horvath, Thomas J.; Murphy, Kelly J.; Nowak, Robert J.; Alter, Stephen J.

2003-01-01

This report details a computational fluid dynamics study conducted in support of the phase II development of the X-33 vehicle. Aerodynamic and aeroheating predictions were generated for the X-33 vehicle at both flight and wind-tunnel test conditions using two finite-volume, Navier-Stokes solvers. Aerodynamic computations were performed at Mach 6 and Mach 10 wind-tunnel conditions for angles of attack from 10 to 50 with body-flap deflections of 0 to 20. Additional aerodynamic computations were performed over a parametric range of free-stream conditions at Mach numbers of 4 to 10 and angles of attack from 10 to 50. Laminar and turbulent wind-tunnel aeroheating computations were performed at Mach 6 for angles of attack of 20 to 40 with body-flap deflections of 0 to 20. Aeroheating computations were performed at four flight conditions with Mach numbers of 6.6 to 8.9 and angles of attack of 10 to 40. Surface heating and pressure distributions, surface streamlines, flow field information, and aerodynamic coefficients from these computations are presented, and comparisons are made with wind-tunnel data.

An Efficient and Practical Smart Card Based Anonymity Preserving User Authentication Scheme for TMIS using Elliptic Curve Cryptography.

PubMed

Amin, Ruhul; Islam, S K Hafizul; Biswas, G P; Khan, Muhammad Khurram; Kumar, Neeraj

2015-11-01

In the last few years, numerous remote user authentication and session key agreement schemes have been put forwarded for Telecare Medical Information System, where the patient and medical server exchange medical information using Internet. We have found that most of the schemes are not usable for practical applications due to known security weaknesses. It is also worth to note that unrestricted number of patients login to the single medical server across the globe. Therefore, the computation and maintenance overhead would be high and the server may fail to provide services. In this article, we have designed a medical system architecture and a standard mutual authentication scheme for single medical server, where the patient can securely exchange medical data with the doctor(s) via trusted central medical server over any insecure network. We then explored the security of the scheme with its resilience to attacks. Moreover, we formally validated the proposed scheme through the simulation using Automated Validation of Internet Security Schemes and Applications software whose outcomes confirm that the scheme is protected against active and passive attacks. The performance comparison demonstrated that the proposed scheme has lower communication cost than the existing schemes in literature. In addition, the computation cost of the proposed scheme is nearly equal to the exiting schemes. The proposed scheme not only efficient in terms of different security attacks, but it also provides an efficient login, mutual authentication, session key agreement and verification and password update phases along with password recovery.

Implementing Diffie-Hellman key exchange using quantum EPR pairs

NASA Astrophysics Data System (ADS)

Mandal, Sayonnha; Parakh, Abhishek

2015-05-01

This paper implements the concepts of perfect forward secrecy and the Diffie-Hellman key exchange using EPR pairs to establish and share a secret key between two non-authenticated parties and transfer messages between them without the risk of compromise. Current implementations of quantum cryptography are based on the BB84 protocol, which is susceptible to siphoning attacks on the multiple photons emitted by practical laser sources. This makes BB84-based quantum cryptography protocol unsuitable for network computing environments. Diffie-Hellman does not require the two parties to be mutually authenticated to each other, yet it can provide a basis for a number of authenticated protocols, most notably the concept of perfect forward secrecy. The work proposed in this paper provides a new direction in utilizing quantum EPR pairs in quantum key exchange. Although, classical cryptography boasts of efficient and robust protocols like the Diffie-Hellman key exchange, in the current times, with the advent of quantum computing they are very much vulnerable to eavesdropping and cryptanalytic attacks. Using quantum cryptographic principles, however, these classical encryption algorithms show more promise and a more robust and secure structure for applications. The unique properties of quantum EPR pairs also, on the other hand, go a long way in removing attacks like eavesdropping by their inherent nature of one particle of the pair losing its state if a measurement occurs on the other. The concept of perfect forward secrecy is revisited in this paper to attribute tighter security to the proposed protocol.

Network overload due to massive attacks

NASA Astrophysics Data System (ADS)

Kornbluth, Yosef; Barach, Gilad; Tuchman, Yaakov; Kadish, Benjamin; Cwilich, Gabriel; Buldyrev, Sergey V.

2018-05-01

We study the cascading failure of networks due to overload, using the betweenness centrality of a node as the measure of its load following the Motter and Lai model. We study the fraction of survived nodes at the end of the cascade pf as a function of the strength of the initial attack, measured by the fraction of nodes p that survive the initial attack for different values of tolerance α in random regular and Erdös-Renyi graphs. We find the existence of a first-order phase-transition line pt(α ) on a p -α plane, such that if p pt , pf is large and the giant component of the network is still present. Exactly at pt, the function pf(p ) undergoes a first-order discontinuity. We find that the line pt(α ) ends at a critical point (pc,αc) , in which the cascading failures are replaced by a second-order percolation transition. We find analytically the average betweenness of nodes with different degrees before and after the initial attack, we investigate their roles in the cascading failures, and we find a lower bound for pt(α ) . We also study the difference between localized and random attacks.

Consensus-Based Cooperative Spectrum Sensing with Improved Robustness Against SSDF Attacks

NASA Astrophysics Data System (ADS)

Liu, Quan; Gao, Jun; Guo, Yunwei; Liu, Siyang

2011-05-01

Based on the consensus algorithm, an attack-proof cooperative spectrum sensing (CSS) scheme is presented for decentralized cognitive radio networks (CRNs), where a common fusion center is not available and some malicious users may launch attacks with spectrum sensing data falsification (SSDF). Local energy detection is firstly performed by each secondary user (SU), and then, utilizing the consensus notions, each SU can make its own decision individually only by local information exchange with its neighbors rather than any centralized fusion used in most existing schemes. With the help of some anti-attack tricks, each authentic SU can generally identify and exclude those malicious reports during the interactions within the neighborhood. Compared with the existing solutions, the proposed scheme is proved to have much better robustness against three categories of SSDF attack, without requiring any a priori knowledge of the whole network.

Vulnerability Assessment of IPv6 Websites to SQL Injection and Other Application Level Attacks

PubMed Central

Cho, Ying-Chiang; Pan, Jen-Yi

2013-01-01

Given the proliferation of internet connected devices, IPv6 has been proposed to replace IPv4. Aside from providing a larger address space which can be assigned to internet enabled devices, it has been suggested that the IPv6 protocol offers increased security due to the fact that with the large number of addresses available, standard IP scanning attacks will no longer become feasible. However, given the interest in attacking organizations rather than individual devices, most initial points of entry onto an organization's network and their attendant devices are visible and reachable through web crawling techniques, and, therefore, attacks on the visible application layer may offer ways to compromise the overall network. In this evaluation, we provide a straightforward implementation of a web crawler in conjunction with a benign black box penetration testing system and analyze the ease at which SQL injection attacks can be carried out. PMID:24574863

Vulnerability assessment of IPv6 websites to SQL injection and other application level attacks.

PubMed

Cho, Ying-Chiang; Pan, Jen-Yi

2013-01-01

Given the proliferation of internet connected devices, IPv6 has been proposed to replace IPv4. Aside from providing a larger address space which can be assigned to internet enabled devices, it has been suggested that the IPv6 protocol offers increased security due to the fact that with the large number of addresses available, standard IP scanning attacks will no longer become feasible. However, given the interest in attacking organizations rather than individual devices, most initial points of entry onto an organization's network and their attendant devices are visible and reachable through web crawling techniques, and, therefore, attacks on the visible application layer may offer ways to compromise the overall network. In this evaluation, we provide a straightforward implementation of a web crawler in conjunction with a benign black box penetration testing system and analyze the ease at which SQL injection attacks can be carried out.

Modeling inter-signal arrival times for accurate detection of CAN bus signal injection attacks

DOE Office of Scientific and Technical Information (OSTI.GOV)

Moore, Michael Roy; Bridges, Robert A; Combs, Frank L

Modern vehicles rely on hundreds of on-board electronic control units (ECUs) communicating over in-vehicle networks. As external interfaces to the car control networks (such as the on-board diagnostic (OBD) port, auxiliary media ports, etc.) become common, and vehicle-to-vehicle / vehicle-to-infrastructure technology is in the near future, the attack surface for vehicles grows, exposing control networks to potentially life-critical attacks. This paper addresses the need for securing the CAN bus by detecting anomalous traffic patterns via unusual refresh rates of certain commands. While previous works have identified signal frequency as an important feature for CAN bus intrusion detection, this paper providesmore » the first such algorithm with experiments on five attack scenarios. Our data-driven anomaly detection algorithm requires only five seconds of training time (on normal data) and achieves true positive / false discovery rates of 0.9998/0.00298, respectively (micro-averaged across the five experimental tests).« less

Two-Dimensional High-Lift Aerodynamic Optimization Using Neural Networks

NASA Technical Reports Server (NTRS)

Greenman, Roxana M.

1998-01-01

The high-lift performance of a multi-element airfoil was optimized by using neural-net predictions that were trained using a computational data set. The numerical data was generated using a two-dimensional, incompressible, Navier-Stokes algorithm with the Spalart-Allmaras turbulence model. Because it is difficult to predict maximum lift for high-lift systems, an empirically-based maximum lift criteria was used in this study to determine both the maximum lift and the angle at which it occurs. The 'pressure difference rule,' which states that the maximum lift condition corresponds to a certain pressure difference between the peak suction pressure and the pressure at the trailing edge of the element, was applied and verified with experimental observations for this configuration. Multiple input, single output networks were trained using the NASA Ames variation of the Levenberg-Marquardt algorithm for each of the aerodynamic coefficients (lift, drag and moment). The artificial neural networks were integrated with a gradient-based optimizer. Using independent numerical simulations and experimental data for this high-lift configuration, it was shown that this design process successfully optimized flap deflection, gap, overlap, and angle of attack to maximize lift. Once the neural nets were trained and integrated with the optimizer, minimal additional computer resources were required to perform optimization runs with different initial conditions and parameters. Applying the neural networks within the high-lift rigging optimization process reduced the amount of computational time and resources by 44% compared with traditional gradient-based optimization procedures for multiple optimization runs.

Estimation of Anonymous Email Network Characteristics through Statistical Disclosure Attacks

PubMed Central

Portela, Javier; García Villalba, Luis Javier; Silva Trujillo, Alejandra Guadalupe; Sandoval Orozco, Ana Lucila; Kim, Tai-Hoon

2016-01-01

Social network analysis aims to obtain relational data from social systems to identify leaders, roles, and communities in order to model profiles or predict a specific behavior in users’ network. Preserving anonymity in social networks is a subject of major concern. Anonymity can be compromised by disclosing senders’ or receivers’ identity, message content, or sender-receiver relationships. Under strongly incomplete information, a statistical disclosure attack is used to estimate the network and node characteristics such as centrality and clustering measures, degree distribution, and small-world-ness. A database of email networks in 29 university faculties is used to study the method. A research on the small-world-ness and Power law characteristics of these email networks is also developed, helping to understand the behavior of small email networks. PMID:27809275

Estimation of Anonymous Email Network Characteristics through Statistical Disclosure Attacks.

PubMed

Portela, Javier; García Villalba, Luis Javier; Silva Trujillo, Alejandra Guadalupe; Sandoval Orozco, Ana Lucila; Kim, Tai-Hoon

2016-11-01

Social network analysis aims to obtain relational data from social systems to identify leaders, roles, and communities in order to model profiles or predict a specific behavior in users' network. Preserving anonymity in social networks is a subject of major concern. Anonymity can be compromised by disclosing senders' or receivers' identity, message content, or sender-receiver relationships. Under strongly incomplete information, a statistical disclosure attack is used to estimate the network and node characteristics such as centrality and clustering measures, degree distribution, and small-world-ness. A database of email networks in 29 university faculties is used to study the method. A research on the small-world-ness and Power law characteristics of these email networks is also developed, helping to understand the behavior of small email networks.

Tabu Search enhances network robustness under targeted attacks

NASA Astrophysics Data System (ADS)

Sun, Shi-wen; Ma, Yi-lin; Li, Rui-qi; Wang, Li; Xia, Cheng-yi

2016-03-01

We focus on the optimization of network robustness with respect to intentional attacks on high-degree nodes. Given an existing network, this problem can be considered as a typical single-objective combinatorial optimization problem. Based on the heuristic Tabu Search optimization algorithm, a link-rewiring method is applied to reconstruct the network while keeping the degree of every node unchanged. Through numerical simulations, BA scale-free network and two real-world networks are investigated to verify the effectiveness of the proposed optimization method. Meanwhile, we analyze how the optimization affects other topological properties of the networks, including natural connectivity, clustering coefficient and degree-degree correlation. The current results can help to improve the robustness of existing complex real-world systems, as well as to provide some insights into the design of robust networks.