This research addresses the problem of tracking digital information that is shared using peer-to-peer file transfer and VoIP protocols for the purposes of illicitly disseminating sensitive government information and for covert communication by terrorist cells or criminal organizations. A digital forensic tool is created that searches a network for...
... Schrader et al.  suggested a field programmable gate array (FPGA)-based embedded software TRAPP system designed to process file transfers using the BitTorrent protocol and VoIP phone calls. The TRAPP system is designed to be set up on the gateway between a local area network and the Internet. ...
The BitTorrent Sync client application is the most progressive development in the BitTorrent family. Nevertheless, it can be used for the activities that draw the attention of the forensics invetigators. The BitTorrent Sync client application employs quite largely the encryption for sending data packages. The initiation of the activity is carried out in the plain text only. Therefore, we proposed the methodology that enables to capture the initiation step and to inform the forensics investigator, which then takes the reactive actions. The experiment was carried in two modes: 1) simulating of the use of the BitTorrent Sync application; 2) monitoring of real traffic on the Internet. During the monitoring, it is possible to calculate the public lookup SHA1 hash of the shared file. The comparison of the calculated hash with the list of publicly available hashes allows determination whether sharing of the file is legal or illegal. The presented methodology can be applied to any BitTorrent protocol.
... IPI can be measured from sensors implanted in the body parts or externally without much variation. There are many other related security aspects (Abbes et al., 2010;Chen et al., 2010;Schrader et al., 2010;Zhuang et al., 2010;Kundur et al., 2011;Kalogridis et al., 2011;Li et al., 2011;Ramsey et al., 2011;Xiao, 2011;Zhang and Gunter, 2011). ...
Telemedicine is not medicine, but it is used to compute, to communicate and to deliver high-quality medical care regardless of location. It reduces cost, time and resources. Furthermore, wireless technologies play significant roles in telemedicine, and they are therefore called wireless telemedicine or mobile-health. This paper provides a comprehensive survey on wireless telemedicine, including the relevant wireless technologies, applications and research issues.
SUMMARY Intruders that log in through a series of machines when conducting an attack are hard to trace because of the complex architecture of the Internet. The thumbprinting method provides an efficient way of tracing such intruders by determining whether two connections are part of the same connection chain. Because many connections are transient and therefore short in length, choosing the best time interval to thumbprint over can be an issue. In this paper, we provide a way to shorten the time interval used for thumbprinting. We then study some special properties of the thumbprinting function. We also study another mechanism for tracing intruders in the Internet based on a timestamping approach, which passively monitors flows between source and destination pairs. Given a potentially suspicious source, we identify its true destination. We compute the error probability of our algorithm and show that its value decreases exponentially as the observation time increases. Our simulation results show that our approach performs well. Copyright © 2012 John Wiley & Sons, Ltd.
Network security is an important area in computer science. Although great efforts have already been made regarding security problems, networks are still threatened by all kinds of potential attacks, which may lead to huge damage and loss. Log files are main sources for security analysis. However, log files are not user friendly. It is laborious work to obtain useful information from log files. Compared with log files, visualization systems designed for security purposes provide more perceptive and effective sources for security analysis. Most security visualization systems are based on log files. In this paper, we provide a survey on visualization designs for computer network security. In this survey, we looked into different security visual analytics, and we organized them into five categories. Copyright © 2011 John Wiley & Sons, Ltd.
With the advancement of computer and information technology, cyber crime is now becoming one of the most significant challenges facing law enforcement organizations. Cyber crimes are generally referred as criminal activities that use computers or networks. An understanding of the characteristics and nature of cyber crimes is important in helping research communities find ways to effectively prevent them. Most existing research focuses more on attacks and attack models, including either actual attacks or imaginary/possible attacks over all layers of networks or computers, but there has been less work carried out on a comprehensive survey of cyber crimes. This paper provides a survey of cyber crimes that have actually occurred. First, cyber crimes in the digital world are compared with crimes in the physical world. Then, cyber crimes are categorized according to the roles of computers or networks. Furthermore, we also notice that some cyber crimes are actually traditionally non-cyber crimes that are facilitated by computers or networks. It is surprising that there are so many recurrent cyber crimes. More efforts are needed to protect people from cyber crimes. Copyright © 2011 John Wiley & Sons, Ltd.
In this paper, we propose a quantifiable accountability in wireless networks. We present two methods to evaluate the accountable logging of a network via the users' accepted overhead (called Q-Accountable Logging by Overhead), and P-Accountable Logging. Q-Accountable Logging by Overhead is introduced first time in this work, and P-Accountable Logging derives from our previous work P-Accountability.
The TRacking and Analysis for Peer-to-Peer 2 (TRAPP-2) system is developed on a Xilinx ML510 FPGA. The goals of this research are to evaluate the performance of the TRAPP-2 system as a solution to detect and track malicious packets traversing a gigabit Ethernet network. The TRAPP-2 system detects a BitTorrent, Session Initiation Protocol (SIP), or Domain Name System (DNS) packet, extracts the payload, compares the data against a hash list, and if the packet is suspicious, logs the entire packet for future analysis. Results show that the TRAPP-2 system captures 95.56% of BitTorrent, 20.78% of SIP INVITE, 37.11% of SIP BYE, and 91.89% of DNS packets of interest while under a 93.7% network utilization (937 Mbps). For another experiment, the contraband hash list size is increased from 1,000 to 131,072,000 unique items. The experiment reveals that each doubling of the hash list size results in a mean increase of approximately 16 central processing unit cycles. These results demonstrate the TRAPP-2 system?s ability to detect traffic of interest under a saturated network utilization while maintaining large contraband hash lists.
In this work, we will illustrate our attempt to exploit log files that are recorded locally on each node in a distributed system or a wired/wireless network. In order to improve the efficiency of retrieving data, we propose the idea of building a global view of the system with a clustered log-collecting scheme; this would help the monitoring node gain a whole view of the system by building up and maintaining high-level log files. We also introduce an efficient, tamper-evident scheme to detect whether a local flow-net has been deliberately compromised. We provide both simulation results and implementation of the proposed scheme on Emulab, a network testbed. Copyright © 2011 John Wiley & Sons, Ltd.
MapReduce is a programming model that is capable of processing large data sets in distributed computing environments. The original MapReduce model was designed to be fault-tolerant in case of various network abnormalities. However, fault-tolerance does not guarantee that each working machine will be completely accountable; when nodes are malicious, they may intentionally misrepresent the processing result during mapping or reducing, and they may thus make the final results inaccurate and untrustworthy. In this paper, we propose Accountable MapReduce, which forces each machine to be held responsible for its behaviors. In our approach, we set up a group of auditors to perform an Accountability Test (A-test) that checks all of the working machines and detects malicious nodes in real time. The A-test can be implemented with different options depending upon how the auditors are assigned. To optimize the utilization resource, we also formalize the Optimal Worker and Auditor Assignment (OWAA) problem, which is aimed at finding the optimal number of workers and auditors in order to minimize the total processing time. Our evaluation results show that the A-test can be practically and effectively applied to existing cloud platforms employing Map Reduce.