No full-text available
To read the full-text of this research,
you can request a copy directly from the author.
A Guide to Computer Network Security
Abstract
The psychology and politics of ownership have historically dictated that individuals and groups tend to protect valuable resources. This grew out of the fact that once a resource has been judged to have value, no matter how much protection given to it, there is always a potential that the security provided for the resource will at some point fail. This notion has driven the concept of system security and defined the disciplines of computer and computer network security. Computer network security is made up of three principles: prevention, detection, and response. Although these three are fundamental ingredients of security, most resources have been devoted to detection and prevention because if we are able to detect all security threats and prevent them, then there is no need for response.
... The number of threats is rising daily, and attacks have been on the increase in both number and complexity. Not only is the number of potential attackers along with the size of networks growing, but the tools available to potential attackers are also becoming more sophisticated, efficient and effective [6, 7]. Therefore, for IoT to achieve fullest potential, it needs protection against threats and vulnerabilities [8]. ...
... Therefore, for IoT to achieve fullest potential, it needs protection against threats and vulnerabilities [8]. Security has been defined as a process to protect an object against physical damage, unauthorized access, theft, or loss, by maintaining high confidentiality and integrity of information about the object and making information about that object available whenever needed [7, 9]. According to Kizza [7] there is no thing as the secure state of any object, tangible or not, because no such object can ever be in a perfectly secure state and still be useful. ...
... Security has been defined as a process to protect an object against physical damage, unauthorized access, theft, or loss, by maintaining high confidentiality and integrity of information about the object and making information about that object available whenever needed [7, 9]. According to Kizza [7] there is no thing as the secure state of any object, tangible or not, because no such object can ever be in a perfectly secure state and still be useful. An object is secure if the process can maintain its maximum intrinsic value under different conditions . ...
Internet of Things (IoT) devices are rapidly becoming ubiquitous while IoT services are becoming pervasive. Their success has not gone unnoticed and the number of threats and attacks against IoT devices and services are on the increase as well. Cyber-attacks are not new to IoT, but as IoT will be deeply interwoven in our lives and societies, it is becoming necessary to step up and take cyber defense seriously. Hence, there is a real need to secure IoT, which has consequently resulted in a need to comprehensively understand the threats and attacks on IoT infrastructure. This paper is an attempt to classify threat types, besides analyze and characterize intruders and attacks facing IoT devices and services.
... O ensino de codificação segura na indústria de tecnologia é uma prática importante para garantir que os desenvolvedores estejam preparados para criar softwares seguros. Kizza [5] ressalta que o treinamento em codificação segura pode ser realizado por meio de cursos, palestras, treinamentos, workshops e outras iniciativas que visem aprimorar as habilidades dos desenvolvedores. ...
... No entanto, é importante notar que houve respostas com pontuações baixas: 5 participantes neutros (3) ou discordando parcialmente (5). Isso pode indicar que há membros da equipe que não estão tão convencidos da importância da segurança de software ou que podem não estar totalmente cientes dos riscos de segurança envolvidos no desenvolvimento de software. ...
Contexto: A educação e a formação de profissionais de segurança da informação são essenciais para garantir a proteção de dados e sistemas, bem como a privacidade e segurança de informações sensíveis. Problema: Este trabalho tem como objetivo explorar o contexto de um hub tecnológico local para responder à seguinte questão de pesquisa: A educação em desenvolvimento de software seguro é necessária na indústria de software? Solução: Para responder a esta pergunta, foi realizado um estudo exploratório para compreender a necessidade de educação em desenvolvimento de software seguro do ponto de vista dos profissionais de software em um centro tecnológico. Método: Um questionário foi elaborado e enviado a profissionais de um polo tecnológico brasileiro. As respostas foram analisadas utilizando métodos de pesquisa qualitativa. Resultados: Obtivemos trinta e oito respostas. De acordo com os resultados obtidos, a maioria dos participantes considera a educação em segurança da informação importante para o desenvolvimento de software seguro. No entanto, a educação em segurança da informação ainda é insuficiente. Contribuições: Conclui-se que as empresas deveriam investir mais em treinamentos adequados e abrangentes sobre o tema, além de incentivar e premiar os profissionais que priorizam a segurança de software em seus projetos. É fundamental disseminar uma cultura de segurança da informação em toda a organização, desde a alta administração até os profissionais de desenvolvimento, para conscientizar todos sobre a importância da segurança da informação e a responsabilidade de cada indivíduo em mantê-la. Por fim, cabe destacar que os desenvolvedores têm um papel crucial na promoção da segurança do software, sendo responsáveis por buscar conhecimento e aprimorar suas habilidades de desenvolver software seguro por meio de treinamento, leitura e prática.
... The definition is that it's a distributed system that consists of multiple computers and other devices that are loosely coupled, which results in said devices gaining the ability to communicate with one another as long as they are following the set of rules or communication protocols configured in the network. Computer networks can be categorized based on their coverage or size (Kizza, 2020): ...
... Wi-Fi is included in the LAN category, reason being LAN is a network that is confined to a small geographic region that has more than one computer or device, and their resources connected by a communication medium that's using the same communication protocols (Kizza, 2020). Then why is Wi-Fi included in LAN? Wi-Fi itself stands for Wireless Fidelity which is one of a kind in the family of network protocols authorized by the Institute of Electrical and Electronics Engineers (IEEE), specifically article 802.11 published in 1997. ...
In the current millennium, human society has immensely improved its ability to obtain and distribute information. This change on the other hand, has caused the majority of daily routines to actively involve the usage of computers and mobile devices, which in turn has made people rely heavily on the availability of internet access. This fact was taken advantage of, causing a massive increase in public networks by people or businesses to draw in customers or just as simple public service. This increase gives both ease and risks which this paper will address, specifically on the security measures in network devices that are nearby, and the solution proposed to provide complementary insight on securing the technologies. The authors of this paper supply the main point of the research through experimental efforts i.e., by testing the solution in a real-life scenario. The solution itself involves the configuration of a Raspberry Pi into a VPN server and rerouting all traffic into the Raspberry server so that it will be encrypted and safe from the dangers that will be mentioned in later parts of this paper. The result of the experiment shows that the proposed solution can successfully encrypt the targeted packet so it can’t be read by malicious attackers. Although the solution works it can’t be simply applied to every public network due to internet connection protocols and its inconvenience. Future research will involve the improvement or rework of the solution until the issues mentioned above are solved.
... Computer Network and Information Security, 2017, 2, 29-35 is four bytes, and the total key timetable is 44 words for the 128 piece key. The cipher comprises of N rounds, where the quantity of rounds relies on upon the key length: 10 rounds for a 16-byte key, 12 rounds for a 24- byte key, and 14 rounds for a 32 byte key [9] [10]. There are four fundamental strides, called layers that are utilized to form the rounds: 1. ...
... This layer has a purpose similar to SR. 4. Add Round Key (ARK): A basic bitwise XOR of the present piece with a part of the extended key. The round key is XORed with the result of the above layer [10] [11]. V. RC4 ALGORITHM RC4 is a stream cipher which was arranged in 1987 by Ron Rivest for RSA Security. ...
Smart phones have become an essential part in the life of the individuals and their priorities at the present time. The most prominent uses are in chatting and conversation applications. Most of these applications do not provide the required protection and privacy of the data exchanged between users. Yet there are very few mobile chat applications that provides an End-to-End (E2E) security and privacy-preserving service to their clients. In this paper, a secure chatting application with end to end encryption for smart phones that use the android OS has been proposed. The proposed application uses the ECDH algorithm to generate the key pair and exchange to produce the shared key that will be used for the encryption of data by symmetric algorithms. The proposed Application allows the users to communicate via text messages, voice messages, as well as exchange photos. For the text message security the standard AES algorithm with a 128 bit key is used. The generated key (160 bit) minimized to 128 bit length in order to be used by the AES algorithm. For the voice and image security processes the proposed application uses the symmetric algorithm RC4 for this purpose. RC4 provides less security than AES, but it performs faster and this is required for such types and sizes of data.
... Intrusion detection refers to the process of monitoring and analyzing computer networks (Kizza, Kizza, and Wheeler 2013) or systems to identify and respond to unauthorized or malicious activities (Chakraborty 2013). It involves using specialized tools and techniques to detect suspicious behaviors, such as unauthorized access attempts, malware infections (Sapalo Sicato et al. 2019), or unusual network traffic patterns. ...
Intrusion detection systems (IDS) play a critical role in ensuring the security and integrity of computer networks. There is a constant demand for the development of powerful, novel, and generalized methods for IDS that can accurately detect and classify intrusions. In this study, we aim to evaluate the benefits of linear classifiers (LC) and nonlinear classifiers (NLC) in IDS. We employed ten machine learning (ML) classifiers, consisting of five LC and five NLC. These classifiers underwent cross-validation for performance evaluation, unseen analysis, statistical tests, and power analysis on measuring the minimum sample size. Four hypotheses were formulated and validated on five processed intrusion attack datasets. NLC outperformed LC, with a mean accuracy (ACC)/area-under-the-curve (AUC) increase of 22.26%/20.3% on the WUSTL-EHMS dataset, with improvements of ACC/AUC by 5.5%/2.3% on the UNSW-NB15 dataset. In the unseen analysis, NLC achieved an ACC/AUC increase of 21.9%/21.8% when trained on WUSTL-EHMS and tested on UNSW-NB15. Lastly, when using a mixed dataset of WUSTL-EHMS and UNSW-NB15, NLC demonstrated an ACC/AUC increase of 11.67%/5.5%. The model performed well in cross-validation protocols, and the statistical tests yielded significant p-values. NLC provides generalized and robust solutions to detect intrusion attacks, ensuring the integrity and security of computer networks.
... Once sufficient information is gathered about the target and vulnerabilities are mapped, the next step is to gain access to the system and finally the actual use of system resources. The software and hardware used for intrusion detection has the ability to safely analyze the collected data and derive useful results to take appropriate protection measures, which is more intelligent than other network security tools [1][2][3][4]. This paper will introduce the concept of "detection" of misuses and specific user behaviors and will recommend the development of intrusion detection systems. ...
Historically, the concept of ownership has dictated that individuals and groups tend to
protect valuable resources. No matter how much protection is given to the property,
there is always a weak point, where the security provided at certain points fails.
This general notion has guided the concept of systems security and defined the
disciplines in cyber security and especially that of computer networks. Computer
network security consists of three principles: prevention, detection and
reaction/response. Although these three are the basic components of security, the main
focus is on detection and prevention resources because if we are able to detect and
prevent all security threats, then there is no need for reaction and response. Intrusion
prevention is the art of preventing unauthorized access to system resources. The two
processes are related in a sense, where intrusion detection passively watches for
intrusions into the system, and intrusion prevention actively filters network traffic to
prevent intrusion attempts. In the continuation of the treatment, we will focus on these
two processes.
... Presently, rectifying any bugs or vulnerabilities has become more manageable, whereas identifying such weaknesses demands substantial dedication and exertion. (Kizza, Kizza, & Wheeler, 2013) Layer protection: Within computer hardware, the establishment of information system security is achieved through the addition of layers. The safeguarding of inner layers serves as the foundation for the security of outer layers. ...
Innovative and sophisticated technologies have been rapidly developing in recent years. These cutting-edge advancements encompass a wide spectrum of devices like mobile phones, PCs and social media trackers. As a consequence of their widespread usage, these technologies have engendered the generation of vast volumes of unstructured data in diverse formats, spanning terabytes (TB) to petabytes (PB).This vast and varied data is called big data. It holds great promise for both public and private industries. Many organizations utilize big data to uncover useful insights, whether for marketing choices, monitoring specific actions, or identifying potential threats.This kind of data processing is made possible using different methods known as Big Data Analytics. It allows you to gain significant advantages by handling large amounts of unorganized, organized, and partially organized information quickly, which would be impossible with traditional database techniques. While big data presents considerable While it offers benefits for businesses and decision-makers, it also puts consumers at risk. This risk results from the use of analytics technologies, which need the preservation, administration, and thorough analysis of enormous volumes of data gathered from many sources. Consequently, individuals face the risk of their personal information being compromised as a result of the collection and revelation of behavioral data. Put simply, the excessive accumulation of data may lead to multiple breaches in security and privacy. Nevertheless, the realm of big data does indeed raise concerns pertaining to security and privacy. Scholars from various disciplines are actively engaged in addressing these concerns. The study will concentrate on large data applications, substantial security hurdles, and privacy concerns. We'll talk about potential methods for enhancing confidentiality and safety in problematic big data scenarios, and we'll also analyze present security practices.
... The huge number of network protocols and applications with their functionality are becoming a source of vulnerabilities in the IT infrastructure. Such vulnerabilities can be exploited by hackers or attackers who seek to benefit from access [7]. ...
... There are several ways that can be used as authentication methods. [10] mentioned six authentication methods that can be used in network security as well as network applications systems such as e-Government. These are: ...
Government organizations spend a lot of time in preparing for the integration processes in e-Government initiatives. This bureaucracy and repeated procedures consume time, effort, and money for all the parties of e-Government (government, business, citizens), and hence, holds back the success of e-Government initiatives. A solution that can overcome these issues is required so that if implemented will help in accelerating the integration process in e-Government and saves a lot of time, money and effort. In this paper, we discuss an SOA-based framework for web service architecture to be used in e-Government integration portals and aims towards achieving higher interoperability in e-Government. The framework is designed to make the integration process in e-Government integration portals faster and more secured.
... A little bit of psychology and some insight into the victim's character or habits is usually enough to mount a successful attack, under the right circumstances [Todd, 2003]. Two elements have been added to the information security department sub layer called: @BULLET cyber crime: A cyber crime is a crime like any other crime, except that in this case, the illegal act must involve a connected computing system either as an object of a crime, an instrument used to commit a crime or a repository of evidence related to a crime [Joseph, 2009]. @BULLET Computer Security Incident Response Team (CSIRT): It is critical for the organization to have a fast and effective means of responding. ...
Abstract
Information security contributes directly to increase the level of trust between the government’s
departments by providing an assurance of confidentiality, integrity, and availability of sensitive
governmental information. Many threats that are caused mainly by malicious acts can shutdown the egovernment
services. Therefore the governments are urged to implement security in e-government projects.
Some modifications were proposed to the security assessment multi-layer model (Sabri model) to be more
comprehensive model and more convenient for the Iraqi government. The proposed model can be used as a
tool to assess the level of security readiness of government departments, a checklist for the required security
measures and as a common security reference in the government organizations of Iraq. In order to make this
model more practical, applicable and to represent the security readiness with a numerical value, evaluation
modeling has been done for this model by using fuzzy logic tool of MATLAB R2010a program.
Since the risk assessment is considered as a major part in the information security management system, an
effective and practical method to assess security risk is proposed by combining FEMRA (fuzzy expert model
risk assessment) and Wavelet Neural Network (WNN). The fuzzy system is used to generate the training data
set in order to make the required training for WNN. The proposed method is applied when a risk assessment
case study is made at the computer center of Baghdad University. It is found from the numerical results that
the risk levels obtained by WNN are (with maximum of 58.23) too close to these calculated from FEMRA
(with maximum of 60), with an average error of 5.51%. According to these results, the proposed method is
effective and reasonable and can provide the support toward establishing the e-government.
... This applies to other remote protocols like COBRA, RMI or RCPC [1,4,25,27]. It should also be noted that in SRP stubs are in control of authorization, communication, and network communication. ...
This study is based on the development of a new secure protocol for remote calls. The secure protocol design specification and descriptions are analysed comparing them with the existing protocols. The protocol is designed in a simple way with in built security features. Cryptographic modules can be exchanged due to the flexibility of the new approach depending on various issues and security matters. The developed protocol in this study is platform independent. The security levels of the new secure protocol are properly analysed with desired results. Comparisons with other existing technologies like CORBA or the RMI were also addressed. The results show that creation of a secure network protocol universally acceptable. Although all the bugs and security issues were not addressed as they keep evolving on a daily basis.
... An intrusion detection system (IDS) monitors events in a network or system, and decides whether each event is legitimate or unauthorized [4] [5]. There are two basic kinds of IDS: signature-based and anomaly-based. ...
Software-based network security is constantly challenged by the increase in network speeds and number of attacks. At the same time, mobile network access underscores the need for energy efficiency. In this paper, we present a new way to improve the throughput and to reduce the energy consumption of an anomaly-based intrusion detection system for probing attacks. Our framework implements the same classifier algorithm in software (C++) and in hardware (synthesizable VHDL), and then compares the energy efficiency of the two approaches. Our results for a decision tree classifier show that the hardware version consumed only 0.03% of the energy used by the same algorithm in software, even though the hardware version operates with a throughput that is 15 times that of the software version.
... In 2001, Microsoft becomes victim of Denial of Service attacks. In May 2006, a Turkish hacker successfully hacked 21,549 websites (Kizza, 2008). In March 2008, around 20 Chinese hackers claim of gaining access to the world's most sensitive sites, including Pentagon. ...
Success of any software system largely looms upon its vigilance efficiency that prompts organizations to meet the set of objectives in the arena of networks. In the highly competitive world, everything appears to be vulnerable; information system is also not an exception to this fact. The security of information system has become a cause of great concern. On the contrary, till time the software security engineers are trying hard to develop fully protected and highly secured information systems but all these developments are at nascent stages. It is quite revelling that in the earlier research studies, little attention is paid to highlight an accurate status of the security alertness for developed software. Hence, keeping all these factors at the backdrop, this paper is an attempt to propose a holistic Security Maturity Model (SMM), in which five levels/stars have been developed, driven on the strength of the security vigilance occurring at the various stages for any software. SMM is in its conceptual stage; the detailed steps will certainly require time to be developed so that every software system can reap out the benefits of this model. To categorize/discriminate the level of potency, SMM will be highlighted through appropriate ranking/star system. It is hoped that if SMM will be followed in its true letter and sprit; undoubtedly, this will restore the clients’ trust and confidence on the software as well as their corresponding vendors. Moreover, this will also enable software industry to follow transparent and ethical practices.
... Some of these are distinguished by features such as detection without prevention, the use of a mechanism (either anomaly-based or signature-based detection/prevention), or the ability to defend the network from outside threats, but they are limited when it comes to detecting threats coming from within the network computer system. Other tools focus on improving latency, or " the time it takes to respond and take appropriate action… this period of time is critical in the success of an attack " , without taking into account any undesirable increase in false negatives: " any malicious traffic that makes it through the security applications to the production network " or false positives: " any legitimate traffic that the security applications drops because it appears to be anomalous " [1]. An IPS is typically used on the outer boundary of a network to prevent any malicious traffic from reaching potentially vulnerable systems inside the network that may contain sensitive information. ...
Intrusion Prevention Systems (IPS) can analyse, detect and prevent intruder attacks. IPS provide a good service in securing the network, which goes further than the functionality of Intrusion Detection Systems (IDS), firewalls, antiviruses and any security applications, by actively responding to attacks and affording great flexibility when dealing with security threats.
... In this section, we draw attention to some key aspects of fixing known SIP vulnerabilities, particularly the complexity to be patched and managed adequately. 1) Rising number of vulnerabilities and reluctant administrators: The major problem facing the fixing of vulnerabilities is their rising number and the inability of users to efficiently cope with the number of patches issued for these vulnera- bilities [21]. As this number rises, the time to patch becomes high, up to the order of months [5]. ...
We propose a prevention system for SIP-based networks which adopts a rule-based approach to build prevention specifications on SIP protocol activities that stop attacks exploiting an existing vulnerability before reaching their targets. Our approach innovates from existing solutions by making use of the contextual information of a vulnerability targeted by an attack to apply the prevention specification. Manually coding these prevention specifications is tedious and error-prone. Our method automatically infers prevention specifications by analyzing captured SIP exploit traffic. The detection engine uses an efficient method based on event graphs to match protocol activities against available prevention specifications. We describe the different components of our approach and show through an extended performance study of the implemented system its applicability to enterprise level VoIP protection.
IT Security has come to the forefront lately due to the huge number of attacks on IT assets, many of them high profile and showing how successful and financially rewarding these can be. Though the basic principles of IT Security have not changed that much, the manner in their application, tools, and operationalization has, due to the ever-changing methods of attack and technology itself. One of the challenges to a newcomer to IT Security is the immense amount of data available out there, dealing with specific security challenges, the problem is really where to start. This chapter talks about the basic architectures, methods, and measures used in IT Security to protect one’s assets which will serve as a launchpad to the reader to know where he can further explore and understand.
As usual, process, methodology, and policies are essential for the proper implementation of IT Security, as well as the different technology components which are the manifestation of these policies, and all these are discussed.
Root-cause analysis for integrated systems has become increasingly challenging due to their growing complexity. To tackle these challenges, machine learning (ML) has been applied to enhance root-cause analysis. Nonetheless, ML-based root-cause analysis usually requires abundant training data with root causes labeled by human experts, which are difficult or even impossible to obtain. To overcome this drawback, a semi-supervised co-training method is proposed for root-cause-analysis in this paper, which only requires a small portion of labeled data. First, a random forest is trained with labeled data. Next, we propose a co-training technique to learn from unlabeled data with semi-supervised learning, which pre-labels a subset of these data automatically and then retrains each decision tree in the random forest. In addition, a robust framework is proposed to avoid over-fitting. We further apply initialization by clustering and feature selection to improve the diagnostic performance. With two case studies from industry, the proposed approach shows superior performance against other state-of-the-art methods by saving up to 67% of labeling efforts.
The prevalence of cyber risks presents an ever-increasing threat to the security of networks, systems, and sensitive data in an era where digital connectivity rules. This study explores the complex field of cybersecurity with the goal of offering a thorough grasp of the tactics used to defend against cyberattacks.The first section of the study examines the historical background of cybersecurity, showing how it developed from simple computer security measures to the complex array of modern threats. The focus is on describing the wide range of cyberthreats, such as ransomware, phishing, and malware, and illustrating how they appear and what happens in the real world. A large amount of research is devoted to analyzing the vulnerabilities present in operating systems, networks, and data storage, providing insight into the complex interactions between technological flaws and human variables. The paper explores the role of human error as a crucial trigger for cybersecurity breaches in addition to clarifying the various attack surfaces.
Penelitian ini dilakukan atas dasar perkembangan teknologi informasi dan komunikasi pada saat ini membawa kemudahan bagi kehidupan manusia. Salah satu hal yang berkembang cukup pesat adalah aplikasi berbasis web. Menjamurnya aplikasi berbasis web menjadi tantangan sendiri bagi para pengembang aplikasi berbasis web dalam mengembangkan aspek keamanan. Vulnerability Assesment terhadap web aplikasi E-Learning bertujuan untuk mendeteksi kerentanan, mendeskripsikan kerentanan, menilai kerentanan berdasarkan CVSS (Common Vulnerability Scoring System), dan memberikan solusi. Tahapan penelitian yang digunakan adalah Vulnerability Assesment and Penetration Testing (VAPT) Life Cycle. Dalam mencari kerentanan pada penelitian ini menggunakan nessus vulnerability scanning versi home.Dari hasil vulnerability scanning ditemukan kerentanan critical, kerentanan high, kerentanan medium, dan keretanan low. Pada masing-masing kerentanan tentunya memiliki dampak kerentanan yang berbeda, namun pada kerentanan critical yaitu Elasticsearch Transport Protocol Unspecified Remote Code Execution memiliki dampak yang paling serius dengan base score 9.8, sehingga overall risk level pada Web aplikasi E-Learning adalah High. Jadi dapat disimpulkan Web aplikasi E-Learning pada Universitas XYZ dikatakan rentan, karena memiliki dampak serius yang mempengaruhi Confidentiality, Integrity, dan Availability pada Web Aplikasi E-Learning melalui kerentanan yang dimilikinya. Maka pihak Universitas XYZ harus segera melakukan perbaikan dan evaluasi terhadap keamanan pada Web Aplikasi E-Learning agar resiko kerentanan pada Web Aplikasi E-Learning dapat dikurangi.
Internet of things (IoT) is an inventive innovation subject to all sorts of nonexistent and science anecdotal arrangements. Dreams and hypotheses are as yet conceivable about it. An innovation joining genuine items and virtual life (Internet) is to be sure a rich pitch of imagination and unique thoughts.. The Internet of Things (IoT) is a developing worldview concentrating on the association of gadgets, articles, or "things" to one another, to the Internet, and to clients. IoT innovation is foreseen to turn into a basic prerequisite in the advancement of savvy homes, smart grid, smart health, and smart gadgets as it offers comfort and proficiency to home inhabitants with the goal that they can accomplish better personal satisfaction. Use of the IoT model to savvy homes, smart health, smart gadgets by interfacing items to the Internet, presents new security and protection challenges as far as the classification, genuineness, and honesty of the information detected, gathered, and traded by the IoT objects. These difficulties make shrewd homes, shrewd health, and shrewd gadgets amazingly powerless against various kinds of security assaults, coming about in IoT-based brilliant homes being shaky. Hence, it is important to distinguish the conceivable security dangers to build up a total image of the security status. The purpose of this study is to identify security threats in IOT layers and provides solutions for each layer.
The global development industry is in the midst of a transformation to meet today’s more complex and highly competitive industry demands. With the rapid advances in technology, a new phenomenon has emerged in the current era, Industry 4.0. The integration of information technology and operational technology brings newer challenges, especially cyber security. In this chapter, one of the most popular topics of recent times, cyber security issue, has been investigated. The occurrence of the Internet of Things (IoT), has also dramatically altered the appearance of cyber threat. Security threats and vulnerabilities of IoT, industrial challenges, main reasons of cyber-attacks, cyber security requirement and some cyber security measures/methods are discussed with a global perspective involving both the public and private sector in the IoT context.
Before discussing the actual detection and prevention of network traffic anomalies, we must introduce fundamental concepts on networks, network traffic, and traffic measurement. Therefore, this chapter is comprised of two parts. The first part discusses components of networks, topologies, and layered architectures followed by protocols used, metrics to quantify network performance, and ideas in network traffic management. It also introduces how we represent normal and attack traffic. The second part of this chapter discusses network anomalies, causes of anomalies, and sources of anomalies followed by a taxonomy of network attacks, a note on precursors to network anomalies, and other aspects of network traffic anomalies.
In this chapter, we will introduce fundamental knowledge of network communications including the infrastructure of computer networks as well as network security, monitoring and forensics; we also analyze scrambling and descrambling techniques in data security, finally we will review the technologies of data secure transmissions over Internet
and Intranet
. By the end of this chapter, we hope the major components of surveillance data transmission could be critically compared and evaluated.
Several studies regarding security testing for corporate environments, networks, and systems were developed in the past years. Therefore, to understand how methodologies and tools for security testing have evolved is an important task. One of the reasons for this evolution is due to penetration test, also known as Pentest. The main objective of this work is to provide an overview on Pentest, showing its application scenarios, models, methodologies, and tools from published papers. Thereby, this work may help researchers and people that work with security to understand the aspects and existing solutions related to Pentest. A systematic mapping study was conducted, with an initial gathering of 1145 papers, represented by 1090 distinct papers that have been evaluated. At the end, 54 primary studies were selected to be analyzed in a quantitative and qualitative way. As a result, we classified the tools and models that are used on Pentest. We also show the main scenarios in which these tools and methodologies are applied to. Finally, we present some open issues and research opportunities on Pentest.
Access control has long been a central topic in software security. Having proposed a number of different control mechanisms, including MAC, DAC, and RBAC, researchers are now introducing control models that make use of new context information, such as time, and location. Unfortunately, because these have been based on existing security paradigms, their use of context is often unintuitive, and insufficiently separated from business and processing logic. This paper proposes a new model for access control called CIAAC (Context Information-based Application Access Control). CIAAC is specifically designed to separate context awareness and access control policies from business and processing logic, allowing operators of business applications to change access control policies more freely in response to the external security environment.
The chapter presents wide variety of topics concerning security in Big Data systems. Security from end user side, data owner, and data uploader point of view is considered. Selected methods for the assuring confidentiality, integrity, and availability are described. Presented solutions are divided into those adopted from traditional systems and methods dedicated for Big Data environment only. The data life cycle in Big Data is presented. The emphasis is put on the problem of security of data being sent, data at rest and data being processed and deleted from the system. Different kind of techniques to assure authenticity and provenance are also presented. The need for third-party trust centers is explained. The necessity for external control as far as international low obedience is justified.
Terminal communication systems are often confronted with undesired e-mails, which reach their destination, while cloaking the real sender. Thus, in order to develop appropriate security software, it is necessary to know how to write identity-concealing software. This paper seeks to describe how the identity of undesired e-mail senders can be hidden. The final aim of the work is to detect adequate means of defense against unwanted e-mails, by generating, in the future, strong security (or filtering) algorithms and methodologies, adapted to diverse situations.
In recent years, Mobile Ad hoc NETworks (MANETs) have generated great interest among researchers in the development of theoretical and practical concepts, and their implementation under several computing environments. However, MANETs are highly susceptible to various security attacks due to their inherent characteristics. In order to provide adequate security against multi-level attacks, the researchers are of the opinion that detection-based schemes should be incorporated in addition to traditionally used prevention techniques because prevention-based techniques cannot prevent the attacks from compromised internal nodes. Intrusion detection system is an effective defense mechanism that detects and prevents the security attacks at various levels. This paper tries to provide a structured and comprehensive survey of most prominent intrusion detection techniques of recent past and present for MANETs in accordance with technology layout and detection algorithms. These detection techniques are broadly classified into nine categories based on their primary detection engine/(s). Further, an attempt has been made to compare different intrusion detection techniques with their operational strengths and limitations. Finally, the paper concludes with a number of future research directions in the design and implementation of intrusion detection systems for MANETs.
In this chapter, we present five patterns that provide services for all the other patterns in this book. The services are often not directly visible to end-users, but are essentials for the effective and efficient functioning of an ICT environment.
It is crucial in image forensics to prove the authenticity of the digital images. Due to the availability of the using sophisticated image editing software programs, anyone can manipulate the images easily. There are various types of digital image manipulation or tampering possible; like image compositing, splicing, copy-paste, etc. In this paper, we propose a passive scaling robust algorithm for the detection of Copy-Paste tampering. Sometimes the copied region of an image is scaled before pasting to some other location in the image. In such cases, the normal Copy-Paste detection algorithm fails to detect the forgeries. We have implemented and used an improved customized Normalized Cross Correlation for detecting highly correlated areas from the image and the image blocks, thereby detecting the tampered regions from an image. The experimental results demonstrate that the proposed approach can be effectively used to detect copy-paste forgeries accurately and is scaling robust.
The main objective of this research paper is to observe whether the selected Indian Banks have any effective Disaster Management System with reference to Disaster Avoidance, Disaster Recovery Plan (DRP) and Business Continuity Plan (BCP) as per RBI guidelines and other international standards. This was pursued by conducting structured interview of branch heads of the selected 16 scheduled banks of Meerut (U.P.). The researcher with the help of a questionnaire inquired from the branch heads of selected banks and compared the responses with the desired state using GAP Analysis Worksheet. The study indicated that the most of the banks selected by the researcher in his research backup its data at a Remote offsite location, have a BCP / DRP Plan available with them on software but they do not apply Disaster Management System as per RBI -“Guidelines on information security, Electronic Banking, Technology risk management and cyber frauds” and other international standards. The study concludes by providing recommendations to the Indian Banks.
A memory dump and forensic analysis algorithm is proposed based on virtual machine in the paper, including the virtual machine process search module, virtual machine memory dump module and virtual machine memory forensics analysis modules. First of all, the virtual machine process search module by traversal searching all the running processes in system, according to the process owner user to identify the process of the virtual machine. And then, using the virtual machine memory dump module to dump the memory of the virtual machine process and the memory files is occupied. Finally, using the memory forensics analysis module to analyze accessed memory files, obtain evidence of the virtual machine information, such as process information, network information, user information, etc. This method can neither rewriting memory of the virtual machine and the system, ensure the integrity and efficiency of the virtual machine memory and forensic analysis, at the same time the dump memory files can be repeated analysis, guarantee the credibility of forensic results.
The Cloud Computing paradigm provides a new model for the more flexible utilization of computing and storage services. However, such enhanced flexibility, which implies outsourcing the data and business applications to a third party, may introduce critical security issues. Therefore, there is a clear necessity of new security paradigms able to face all the problems introduced by the cloud approach. Although, in the last years, several solutions have been proposed, the implementation of secure cloud applications and services is still a complex and far from consolidated task. Starting from these considerations, this work fosters the development of a methodology that considers security concerns as an integral part of cloud-based applications design and implementation. Accordingly, we present a set of stereotypes that defines a vocabulary for annotating Unified Modeling Language based models with information relevant for integrating the specification of security requirements into cloud architectures. This approach can be used to significantly improve productivity and overall success in the development of secure distributed cloud applications and systems. Copyright © 2014 John Wiley & Sons, Ltd.
Cloud Computing represents both a technology for using computing infrastructures in a more efficient way, and a business model for selling computing resources and services. On the other hand, such complex and distributed architectures become an attractive target for intruders. Cyberattacks represent a serious danger, which can compromise the quality of service delivered to the customers. In this paper, we investigate the key research topics for supporting distributed intrusion detection in Cloud environments. Moreover, we present a distributed architecture for providing intrusion detection in Cloud Computing, which enables Cloud providers to offer security solutions as a service. It is a hierarchical and multi-layer architecture designed to collect information in the Cloud environment, using multiple distributed security components, which can be used to perform complex event correlation analysis.
Information, communication and knowledge creation are at the core of urban stakeholder interactions enabling the identification of vulnerabilities and the design of adequate responses to them. Urban infostructures play a crucial role within these processes, interfacing between a city’s ecological, social, technical, economic and political networks. Against this backdrop, this paper discusses the governance and design of urban infostructures from a socio-technical systems perspective. It, therefore, reviews pertinent technology components, as well as institutional and discursive frameworks and their respective influence on the identification and assessment of vulnerabilities and resilience building in cities. It concludes that approaches to developing urban infostructures should be a major concern when addressing urban resilience. There is a need to fully account for the hybrid character of urban infostructures as socio-technical systems, while also seizing opportunities for targeted transformation.
In this paper, we discussed the development of Attack Graph-Based Security Metrics that will be used to evaluate the security of a network. Attack Graph-Based Security Metrics recently used simultaneously to form a Multiple Attack Graph-Based Security Metrics. Furthermore, Multiple Attack Graph-Based Security Metrics were used to evaluate the two networks so it can be inferred which network is more secure than other one.
Network based intrusion detection system use the models of attacks to identify intrusive behavior ability of systems to detect attacks by quality of models which are called signatures. Some attacks exploits in different ways. For this reason we use testing tools that able to detect goodness of signatures. This technique describes test and evaluate misuse detection models in the case of network-based intrusion detection systems. we use Mutant Exploits are working against vulnerability applications. This mutant exploit is based on mechanism to generate large no. of exploit by applying mutant operators. The results of the systems in detecting these variations pro-vide a quantitative basis for the evaluation of the quality of the corresponding detection model. but here we are going to find defects of this testing and is this test will provide 100% security for this system (or) not. and also which technique gives much security among these techniques fuzzy logic, neural networks, hybrid fuzzy and neural networks, naïve bayes, genetic algorithms and data mining.
Abstract A fundamental,problem,for network,intrusion detection systems is the ability of a skilled attacker to evade detection by exploiting ambiguities in the traffic stream as seen by the mo,nitor. We discuss the viability of addressing this problem,by introducing a new network forwarding element called a traffi c normalizer. The normalizer sits directly in the path of traffic into a site and patches up the packet stream to eliminate potential ambiguities before the traffic is seen by the monitor, removing evasion opportunities. We examine a number of tradeoffs in designing a normalizer, emphasizing the important question of the degree to which normalizations undermine end-to-end protocol semantics. We discuss the key practical issues of “cold start” and attacks on the normalizer, and develop a methodology,for systematically examining,the ambiguities present in a protocol based on walking the protocol’ s header. We then present norm, a publicly available user-level implementation,of a normalizer that can normalize a TCP traffic stream at 100,000 pkts/sec in memory-to-memory copies, suggesting that a kernel implementation,using PC hardware could keep pace with a bidirectional 100 Mbps link with sufficient headroom,to weather a high-speed flooding attack of small packets.
Network Intrusion detection system (NIDS) is one of the most widely used toots in securing the network. Not like Firewall, it can detect intrusion from in and out of the system, trace for any unexpected packets that could be send by hackers, and alert the administrator in some ways. NWS detect the intrusion that match the pattern that hackers use to attach. In order to secure the local area network, a few IDSs was testing. The practical results showed that the IDSs monitors network and system activities for malicious activities or policy violations and produces reports to a management station.
The explosive growth of networked and internetworked computer systems during the past decade has brought about a need for increased protection mechanisms. This paper discusses three authentication protocols that incorporate the use of methods that present ...
Several information security techniques are available today to protect information systems against unauthorized use, duplication, alteration, destruction and virus attacks. An Intrusion Detection System (IDS) is a program that analyzes what happens or has happened during an execution and tries to find indications that the computer has been misused. This article presents some of the challenges in designing efficient intrusion detection systems which could provide high accuracy, low false alarm rate and reduced number of features. Finally, we present how some of the computational intelligence paradigms could be used in designing intrusion detection systems in a distributed environment.
A Taxonomy of Anti-Intrusion Techniques
- K R Bauer
- Misbehaving
An Introduction to Intrusion Detection ACM Crossroads: Student Magazine. Electronic Publication
- A Sundaram
Implementing a network intrusion detection system
- M Mullins