The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Our network infrastructure is exposed to persistent threats of DDoS and many unknown attacks. These threats threaten the availability of ISP's network and services. This paper proposes network-based anomalous traffic detection method and presents an anomalous traffic detection system, its architecture and main function blocks. Every five minutes, traffic information and security events are gathered...
The configuration and management of security policies in enterprise networks becoming hard due to complex policy constraints of the organizations and dynamic changes in the network topologies. Typically, the organizational security policy is defined as a collection of rules for allowing/denying service accesses between various network zones. Implementation of the policy is realized in a distributed...
This paper describes an attempt to identify the relationships between the using of a mobile device and an online shopper's trust in use of electronic payment systems in order to see how the adoption of a mobile device can contributes positively to increase shoppers' trust in their used of electronic payment systems. Therefore, this trust will increase shopper's intention to purchase online. It also...
The primary goal of the secure socket layer protocol (SSL) is to provide confidentiality and data integrity between two communicating entities. Since the most computationally expensive step in the SSL handshake protocol is the server's RSA decryption, it is introduced that the proposed secret exchange algorithm can be used to speedup SSL session initialization. The optimization strategy, which is...
Strand space inherits the merit of algebra method, which can prove the security of protocol more precisely. Meanwhile, it overcomes the shortcoming of inconvenience. But because of shortage of primitives, it can't describe some protocols as IKE, let alone verification. This paper makes an improvement to the original strand space by adding the description of hash function and some definitions and lemmas...
In recent years, network worm that had a dramatic increase in the frequency and virulence of such outbreaks have become one of the major threats to the security of the Internet. To develop appropriate tools for thwarting quick spread of worms, researchers are trying to understand the behavior of the worm propagation with the aid of epidemiological models. In this paper, a new worm propagation model...
Botnets have become one of top threats to the Internet. Many detection methods have been developed to distinguish botnet behaviors from normal human behaviors. Future botnets, however, may incorporate the characteristics of human beings and weaken the existing detection techniques. In this work, we study an intelligent botnet, called the delay-tolerant botnet, that intentionally adds random delays...
In recent years, there has been a constant barrage of worms over the Internet. To develop appropriate tools for thwarting quick spread of worms, researchers are trying to understand the behavior of the worm propagation with the aid of epidemiological models. In this paper, two improvements of classical SIS (susceptible-infectious-susceptible) and SIR (susceptible-infectious-recovered) models with...
As the number of VoIP users increase and as the deployment of SIP devices gains ground, security has risen as a potential issue worthy of our consideration. VoIP is an application running on the data network and as such, inherits the security issues common to IP. The man-in-the-middle (MitM) attacks and the denial of service (DoS) attacks are the hackneyed and evil cyber attacks in the IP which can...
SYN flooding has been a serious security threat to Internet. For a host server, it is necessary to take some kind of admission control in defense against SYN flooding attacks. In this paper, a probabilistic drop scheme is presented for implementation in a host server to mitigate SYN flooding attacks. An analytical model is proposed for this scheme, and a general principle for evaluating the probability...
Reliable Server Pooling (RSerPool) denotes the new IETF standard for a lightweight server redundancy and session failover framework for availability-critical applications. A number of research papers have already addressed the service and pool management performance of RSerPool in general. However, the important topic of security, including the system robustness against intentional attacks, has not...
Mobile IPv6 requires periodic return routability (RR) procedures to avoid different types of security attacks. In this paper, we analyze the optimal binding-management-key refresh interval in mobile IPv6 networks. We first derive the expected binding-management-key exposal time in the RR procedure. After that, the optimal binding-management-key refresh interval, which minimizes additional signaling...
Convenient, rapid, efficient and anonymous characteristic of P2P technology, enables P2P network gathering enormous users very quickly, and P2P traffic has occupied 60~80% bandwidth of Internet. Such giant traffic has formed a threat to the service quality of other Internet application and the security of Internet itself. However, most study about P2P traffic focuses on traffic monitoring and characteristic...
Biological systems exhibit remarkable adaptation and robustness in the face of widely changing environments. Currently speaking, we often imitate the properties of biological systems. Based on this thought, it also exists the analogous situation in the WSNs (wireless sensor networks). Survivability is the ability to provide essential services in the presence of attacks and failures, and recover full...
Recently, active worms such as the Code Red worm of 2001 and the Slammer worm of 2003, both of which adopted the uniform scanning approach, have caused significant financial loss due to their rapid propagation over the Internet. Current defense mechanisms, due to their inherent drawbacks, respond too slowly compared to the propagation of active worms which scan uniformly. This paper presents the results...
This paper analyzes the problems within current anti-spoofing mechanisms and proposes a new SSL protected trust model. Then, this paper describes the attacks on SSL protected trust model. This paper also proposes the new automatic detecting security indicator (ADSI) scheme to defend against spoofing attacks on SSL protected Web servers. This paper describes the ADSI-based trust model. In a secure...
Distributed defense of distributed denial of service (DDoS) is one of the main research areas in DDoS recently. It is preferred to be conducted as the control-based defense. However, some existed methods have their respective disadvantages, such as efficiency, privacy. Therefore, a DDoS-oriented distributed defense framework based on the edge router feedbacks in autonomous systems (AS) is proposed...
Overlay networks enable applications to communicate with users without disclosing their IP addresses; hence overlay networks are used to protect applications against DoS attacks by hiding an applicationpsilas location. This paper analyzes three popular overlay networks (Chord, CAN, and Pastry) by simulation to answer to this question: which topology is more favorable for location-hiding and resisting...
While a lot of important information is being sent and received on the Internet, the information could be exposed to many threats, and the more the multicast service is various and generalized, the more the service range is widened. When a new member joins in or leaves from the multicast group, the group key, which the existing member used, should be newly updated. The existing method had a problem...
Denial-of-service (DoS) attacks remain a challenging problem in the Internet. By making resources unavailable to intended legitimate clients, DoS attacks have resulted in significant loss of time and money for many organizations, thus, many DoS defense mechanisms have been proposed. In this paper we propose live baiting, a novel approach for detecting the identities of DoS attackers. Live baiting...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.