The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In this paper, a realtime testbed for Software Defined Networks (SDN) was implemented using Raspberry Pi as OpenFlow (OF) switches. The implemented testbed provides practical development and testing environment for SDNs. Open vSwitch (OVS) was used to observe the flows and events in the network. With the POX integration, this paper easily provide detailed analysis results for any testing process....
Port-knocking is the concept of hiding remote services behind a firewall which allows access to the services'listening ports only after the client has successfully authenticatedto the firewall. This helps in preventing scanners from learningwhat services are currently available on a host and also servesas a defense against zero-day attacks. Existing port-knockingimplementations are not scalable in...
Data theft and espionage attacks, which is evolved rapidly, impose the need to develop new and stealthy communication techniques to protect sensitive data that is transferred over the Internet. These new techniques should be built in different way than traditional and known communication techniques, in order to eschew detection and monitoring tools. This paper proposes a new covert channel for stealthy...
In a community cloud, infrastructure is shared among several organizations from a specific community with common concerns (security, compliance, jurisdiction, etc.). In such a computing model, the security responsibilities rest mostly with the third-party infrastructure provider. Security violations may occur if local access policies from different organizations are not implemented correctly. Therefore,...
The paper is devoted to an analysis of a one-year-long period of operation of a honeynet composed of 6 Dionaea honeypots emulating Windows services. The analysis focused on the frequency of attacks according to the location of individual honeypots (sensors) as well as to the geographical location of attackers. From the statistical processing of the results, it was demonstrated that the most frequently...
In this paper we present a time behavioral analysis of a simulated botnet network traffic, collected and discovered from NetFlow messages. More specifically said - lifespans. The technique, which we used, is focused on to model command and control communication in a botnet network. The lifespan of this referred traffic is modeled by lifelines using Python language.
Once pervasive, the File Transfer Protocol (FTP) has been largely supplanted by HTTP, SCP, and BitTorrent for transferring data between hosts. Yet, in a comprehensive analysis of the FTP ecosystem as of 2015, we find that there are still more than 13~million FTP servers in the IPv4 address space, 1.1~million of which allow "anonymous" (public) access. These anonymous FTP servers leak sensitive...
With the prosperity of network applications, traffic classification serves as a crucial role in network management and malicious attack detection. The widely used encryption transmission protocols, such as the Secure Socket Layer/Transport Layer Security (SSL/TLS) protocols, leads to the failure of traditional payload-based classification methods. Existing methods for encrypted traffic classification...
In complex networks, filters may be applied at different nodes to control how packets flow. In this paper, we study how to locate filtering functionality within a network. We show how to enforce a set of security goals while allowing maximal service subject to the security constraints. To implement our results we present a tool that given a network specification and a set of control rules automatically...
Virtualized access to M2M (Machine-to-Machine) devices can offer to operators various benefits in terms of hardware and management costs. However, it is often impeded by the inability to efficiently handle the traffic from the devices towards servers that are appropriate to serve as virtual hosts for the given devices. In this paper we present a solution which can be applied in a virtual Home Gateway...
Software defined networks create new opportunities for an implementation of the intrusion detection and protection methods. Therefore, special data collections called datasets are necessary for the development, testing and evaluation of such mechanisms. For the SDN environment, there are no prepared datasets that could be used directly to develop IDS methods. These sets contain tuples with features,...
Billions of devices are projected for deployment in the Internet of Things (IoT). Deploying these devices and their associated services is impossible manually, thus a seamless and scalable service discovery mechanism is mandatory for realizing the IoT vision. In this paper, we propose a lightweight application-layer service discovery protocol for IPv6 Low-power Personal Area Networks (6LoWPAN) called...
Internet Protocol version 6 (IPv6) is a new routing protocol which has been deploying dramatically over the past years. This is introduced by IETF to overcome some of IPv4 limitations. People believe that IPv6 is secure more than IPv4, which this idea is not correct. IPv6 requires attention because of develop a secure and safe IPv6 deployment. It is important to know that it should be assessed regularly...
Software Defined Networking (SDN) became a popular concept where a flexible network architecture is required. One of the widely used approaches to SDN is based on the OpenFlow (OF) protocol that allows controllers to configure OF capable network switches. The OF protocol is focused on a flow-based control of a switch. Besides OF itself, Open Networking Foundation (ONF) has introduced the OF-CONFIG...
The aim of this paper is to understand the dynamics and tools required to develop a software-based L4–L7 traffic generator. The main goal of this paper is to provide a simple, efficient and complete framework for fast packet processing in data plane applications. Conventional techniques of packet processing are rather slow, time-consuming and inefficient. Fast packet processing on the other hand,...
The majority of Internet services today are client-serverbased, where the server is often designed to be a centralizedsystem that serves many clients. In this model mostuser credentials and profiles are stored in corporate servers. There have been many security and privacy breaches happeningin the latter model that cause a lot of personal identifiableinformation and private content exposure. The peer-to-peermodel...
In OpenFlow, a network as a whole can be controlled from one or more external entities (controllers) using in-band or out-of-band control networks. In this article, we propose in-band control, queuing, and failure recovery functionalities for OpenFlow. In addition, we report experimental studies and practical challenges for implementing these functionalities in existing software packages containing...
This paper describes the results of a full-scale experiment, in which the data from a Thing of Internet is redirected to a false cloud. This paper also suggests methods of protection which can prevent this type of an attack and secure the connection between a Thing of Internet and Public communication network — Cloud service.
Virtual Private Networks (VPNs) provide a secure encrypted communication between remote networks worldwide by using Internet Protocol(IP) tunnels and a shared medium like the Internet. End-to-end connectivity is established by tunneling. OpenVPN and OpenSSH are cross-platform, secure, highly configurable VPN solutions. The performance comparison however between OpenVPN and OpenSSH VPN has not yet...
It has obvious advantage to adopt 802.1x authentication for network access control. This paper analyzes 802.1x protocol, EAP protocol and RADIUS protocol, and constructs AAA which is based on 802.1x authentication at the end. Using software the messages of the whole authentication process have been captured. According to AAA mechanism it analyzes EAP messages and RADIUS messages detailedly. The analysis...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.