The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In large network environment, in the application of Etrust Intrusion Detection and Netflow Analysis, we need to solve the following problems: data type and acquisition method. An overall comparison between 4 current netflow acquisition technologies based on flow is made in this paper from network application level, flow data comprehensiveness, data acquisition protocol, installation and deployment...
BitTorrent is a widely deployed P2P file sharing protocol, extensively used to distribute digital content and soft- ware updates, among others. Recent actions against torrent and tracker repositories have fostered the move towards a fully distributed solution based on a distributed hash table to support both torrent search and tracker implementation. In this paper we present a security study of the...
The development of cyber society has fostered the emergence of e-commerce, which is active with business and private transactions. Nevertheless, it also emboldened malicious activities that damage users' profit in the society. Among these activities, Distributed Denial of Services (DDoS), which imposes an excessive workload on network entities such as hosts, is one of the most devastating form of...
Our network infrastructure is exposed to persistent threats of DDoS and many unknown attacks. These threats threaten the availability of ISP's network and services. This paper proposes network-based anomalous traffic detection method and presents an anomalous traffic detection system, its architecture and main function blocks. Every five minutes, traffic information and security events are gathered...
On open digital computing infrastructure, various large-scale and complicated malicious behaviors are increasingly threatening the security of digital computing infrastructure. In this paper, a Cooperative Work Model (CRM) is presented by extending the conceptions of the Universal Turing Machine to deal with the threats. Then the Cooperative Work System Framework (CWSF) is derived from the model....
The system of WebMail content and attachments recovery can monitor the network without affecting the performance of the network, check the network for confidential information leakage phenomenon. if found it will store the leak records into the hard disk automatically which will be used as evidence for security sectors. This paper introduces in detail the design and implementation of the WebMail content...
An important problem in current operational environments is the large quantity of monitoring data that has to be processed online. This paper introduces a new metric that leverages spatially and temporally aggregated IP-flow related information. The metric is based on a new kernel function that captures both IP address space distribution as well as volume related traffic information. We assess several...
As the traditional security and defense systems appear some defects, such as wiring problems, higher construction and maintenance expense and delay of receiving alarm messages, a scheme based on Internet of Things is proposed. Embedded ARM9 S3C2440A micro controller is adopted as system master controller, which carries out receiving and processing the transmission alarm message of RF chip worked at...
This paper considers the monitoring of large volumes of IP flow records, typically encountered on large ISP backbone/edge routers. The approach described in our paper aims to detect relevant flow records, where relevancy is related to overall traffic activity and associated applications. The core contribution of the paper consists in a dependency graph that leverages relationships between hosts, as...
Cluster technology has witnessed a tremendous inception in computing world. The technique integrates the standard computing resources to generate more processing power and other hardware strengths. The collection of interconnected stand-alone computers ensures high availability, increased throughput, scalability and improved performance. We have developed a dynamic cluster based approach for high...
Large-scale IP networks present special challenges to security. Such networks consist of a large number of devices with a vast variety of traffic behavior. Finding a suitable line-up for the intrusion detection and monitoring mechanism is challenging. In this paper, we study the Snort and Bro-IDS systems. We have built a test platform, where we put those two detection systems side by side and compare...
Large-scale IP networks cause special challenges to the security. The network consists of a large number of devices with a vast variety of traffic behavior. Implementation of the intrusion detection and monitoring mechanisms are often ineffective or require a lot of hardware and human resources. In this paper we present a methodology to construct communication profiles by making a time series and...
Malicious software often infects a corporate network by exploiting security holes in web browsers to infiltrate a PC when its user visits a dodgy website. Compromised machines can then be linked up to form “Bot-nets” under external control, which are used to send spam e-mails or disable websites with a flood of bogus requests. This Paper looks at identity concealment techniques and Bot-net characteristics...
We present a new solution to protect the widely deployed KAD DHT against localized attacks which can take control over DHT entries. We show through measurements that the IDs distribution of the best peers found after a lookup process follows a geometric distribution. We then use this result to detect DHT attacks by comparing real peers' ID distributions to the theoretical one thanks to the Kullback-Leibler...
With the wide use of Internet, network attacking is also becoming complicated and frequent. Traditional antivirus solutions such as gateway and desk prevention could not meet the requirement of network security of users. This paper proposes a kind of measure which can scan web-virus with advanced virus-scanning engine in collaboration with gateway and firewall. ICAP Client module utilizing ICAP protocol...
The security of Industrial Critical Infrastructures is become a prominent problem with the advent of modern ICT technologies used to improve the performances and the features of the SCADA systems. In this paper we present an innovative approach to the design of Intrusion Detection Systems. The aim is to be able to detect complex attacks to SCADA systems, by monitoring its state evolution. By complex...
Misconfigured P2P traffic caused by bugs in volunteer-developed P2P software or by attackers is prevalent. It influences both end users and ISPs. In this paper, we discover and study address-misconfigured P2P traffic, a major class of such misconfiguration. P2P address misconfiguration is a phenomenon in which a large number of peers send P2P file downloading requests to a ``random'' target on the...
Various tools, which are capable to evade different security mechanisms like firewall, IDS and IPS, exist and that helps the intruders for sending malicious traffic to the network or system. So, inspection of malicious traffic and identification of anomalous activity is very much essential to stop future activity of intruders which can be a possible attack. In this paper we present a flow based system...
Internet is facilitating numerous services while being the most commonly attacked environment. Hackers attack the vulnerabilities in the protocols used and there is a serious need to prevent, detect, mitigate and identify the source of the attacks. Network forensics involves monitoring network traffic and determining if the anomaly in the traffic indicates an attack. The network forensic techniques...
DDoS attacks aim to deny legitimate users of the services. In this paper, we introduce novel dual - level attack detection (D-LAD) scheme for defending against the DDoS attacks. At higher and coarse level, the macroscopic level detectors (MaLAD) attempt to detect congestion inducing attacks which cause apparent slowdown in network functionality. The large volumes attacks are detected early at border...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.