Serwis Infona wykorzystuje pliki cookies (ciasteczka). Są to wartości tekstowe, zapamiętywane przez przeglądarkę na urządzeniu użytkownika. Nasz serwis ma dostęp do tych wartości oraz wykorzystuje je do zapamiętania danych dotyczących użytkownika, takich jak np. ustawienia (typu widok ekranu, wybór języka interfejsu), zapamiętanie zalogowania. Korzystanie z serwisu Infona oznacza zgodę na zapis informacji i ich wykorzystanie dla celów korzytania z serwisu. Więcej informacji można znaleźć w Polityce prywatności oraz Regulaminie serwisu. Zamknięcie tego okienka potwierdza zapoznanie się z informacją o plikach cookies, akceptację polityki prywatności i regulaminu oraz sposobu wykorzystywania plików cookies w serwisie. Możesz zmienić ustawienia obsługi cookies w swojej przeglądarce.
This paper designs a high-speed network data acquisition system based on big data platform with good expansibility and high real-time, aiming at the need of enterprises or organizations to acquire high-speed network data efficiently in network intrusion detection. Taking into account the storage capacity and computing power requirements of high-speed network traffic capture and processing, the whole...
This paper focuses on one type of Covert Storage Channel (CSC) that uses the 6-bit TCP flag header in TCP/IP network packets to transmit secret messages between accomplices. We use relative entropy to characterize the irregularity of network flows in comparison to normal traffic. A normal profile is created by the frequency distribution of TCP flags in regular traffic packets. In detection, the TCP...
Technological advancement of Industrial Control Systems (ICS) and control systems automation over the past decade has brought greater interconnections of the control components. Increased interconnection provides end users with more information which facilitates improved system reliability. Modern control communication systems such as ModbusTCP are based on open standards that leverage Ethernet to...
Network intrusion detection system (NIDS) takes necessary measures when detecting threats. Since most of the malicious contents like phishing sites and advanced persistent threats are transmitted on transmission control protocol (TCP), existing measures are usually injection-based, such as injecting a reset (RST) packet to terminate the connection or a HTTP 302 response to redirect users' requests...
The botnet, which mainly consists of bots that are remotely controlled that provide the platform for most of the cyber threats. The effective countermeasure against such botnet is provided by IDS (Intrusion detection system). IDS regularly observes and identify the presence of active attack by inspecting the vulnerabilities in network traffic. A payload-inspection-based IDS (PI-IDS) recognizes active...
Browser-to-browser real-time communication is making rapid progress in the standardization process, both in the Internet Engineering Task Force (IETF) and the World Wide Web Consortium (W3C). These advancements cover many aspects, such as interface definitions, protocol mechanisms and security. Many scenarios discussed show that interfaces and standards can serve as a foundation for interoperable...
For transmission of packetised media, real-time communications rely on the real-time protocol (RTP). RTP traffic, however, is transmitted over datagram-based transport that allows fast delivery of media. Internet firewalls are typically configured to allow web friendly traffic that uses stream-based transport instead and, simultaneously as security measure, reject any other type of transport. A mechanism...
This paper describes a new collaborative approach to detect two different types of Covert Storage Channels (CSCs) that utilize TCP flag and packet sequence number in network packets. Tested in Software-defined networking (SDN), a multistage detection mechanism coordinates monitors, correlators and SDN controllers to first quickly alert traffic anomalies, then to conduct on demand selective deep-inspection...
Ternary Content Addressable Memory (TCAM) is widely used for caching flow entries in Software Defined Network (SDN). However, limited by the current technology level and hardware cost, the capacity of TCAM is difficult to meet the needs for caching flow entries of large scale SDN, which would seriously affect the scalability of SDN. Aimed at the problem, some researches improve the efficiency of TCAM...
Current practices in network security deployment require multiple specialised devices as firewalls, traffic shapers, sensors or Intrusion Detection Systems (IDSs) to handle malicious traffic. This practice not only increases the overall operational costs but also makes network administration complicated. The high cost of Distributed Denial of Service (DDoS) mitigation devices empowers centralised...
The current network anomaly traffic detection technologies usually focus on the rules matching and statistical method which are suitable for the general network environment. For the communication characteristics of the controlled network environment, this paper puts forward a network anomaly traffic detection method based on the flow template, which captures and analyses the real-time network traffic...
In order to improve the classification efficiency of large scale imbalanced network traffic, a classification method based on ensemble feature selection is proposed. The method firstly based on the characteristics of SU algorithm on different data sets to generate the feature subset. According to the data set of support degree and the threshold to produce integrated feature subset, based on the accuracy...
The Internet of Things (IoT) expects to link billions of devices to the Internet, which will produce massive amounts of data. Current approaches move the IoT data out of the network for processing. It results in long delays and increases the network traffic. The Named Function Networking (NFN) proposes a generic computation architecture for in-network data processing. But it does not consider a scheduling...
HTTP is becoming the most preferred channel for command and control (C&C) communication of botnets. One of the main reasons is that it is very easy to hide the C&C traffic in the massive amount of browser generated Web traffic. However, detecting these HTTP-based C&C packets which constitute only a minuscule portion of the overall everyday HTTP traffic is a formidable task. In this paper,...
Non Path Anonymous P2P protocol is called Rumor Riding(RR). In RR protocol the initiator sends the key message and cipher text to different neighbors. The key and cipher text takes random walks separately in the system. Each walk is called rumor. Through the random walk rumor automatically constructs the anonymous path. The initiator nor the responder need not be concerned with the path structure...
We conduct the analysis of the traffic measured on the backbone link between the WIDE network that connects a number of leading universities in Japan and the upstream internet service provider. We study its statistical properties such as the packet sizes and time distributions between packets. To reveal the laws governing the end user activity and its impact on the network traffic dynamics, we next...
PHAD basically works only over the attacks which are based on the Transport, Network and Data link Layer protocols i.e. Ethernet, IP, TCP, UDP, and ICMP protocols. The most important purpose of intrusion detection system is to detect attacks against information systems. It is a security method attempting to identify various attacks. In this paper we discussed PHAD (Packet Header Anomaly detection)...
The most important purpose of intrusion detection system is to identify attacks against information systems. It is a security method attempting to identify various attacks. In this paper, we reviewed snort as misuse based intrusion detection system as well as ALAD, PHAD, LERAD, NETAD as anomaly based statistical algorithms.
In this paper, we introduce a novel approach called seamless Ethernet to allow Ethernet switches to provide seamless redundancy with zero recovery time and without the need to modify the standard Ethernet frame layout or even use RSTP protocol. The idea is to flood the frame whose destination is unknown until it reaches the destination switch. The destination switch will consume the first fast frame...
In this paper, we present evaluation results of Service Function Chaining implementation scheme using multiple flow tables of OpenFlow. With a single flow table in the implementation, the number of flow entries in the flow table significantly increases as the number of service chains increases. This results in looking up larger flow table and higher processing time in processing packets. We have addressed...
Podaj zakres dat dla filtrowania wyświetlonych wyników. Możesz podać datę początkową, końcową lub obie daty. Daty możesz wpisać ręcznie lub wybrać za pomocą kalendarza.