No full-text available
To read the full-text of this research,
you can request a copy directly from the author.
Would an Object Representation Invariant Provide Sufficient State Based Knowledge to Adapt Network Intrusion Detection System Rules With Minimal Impact to System Resources?
ResearchGate has not been able to resolve any citations for this publication.
Distributed firewall systems emerged with the proposal of protecting individual hosts against attacks originating from inside the network. In these systems, firewall rules are centrally created, then distributed and enforced on all servers that compose the firewall, restricting which services will be available. However, this approach lacks protection against software vulnerabilities that can make network services vulnerable to attacks, since firewalls usually do not scan application protocols. In this sense, from the discovery of any vulnerability until the publication and application of patches there is an exposure window that should be reduced. In this context, this article presents Self-Adaptive Distributed Firewall (SADF). Our approach is based on monitoring hosts and using a vulnerability assessment system to detect vulnerable services, integrated with components capable of deciding and applying firewall rules on affected hosts. In this way, SADF can respond to vulnerabilities discovered in these hosts, helping to mitigate the risk of exploiting the vulnerability. Our system was evaluated in the context of a simulated network environment, where the results achieved demonstrate its viability.
Objectives: Cloud is becoming a very assertive computing platform now a days due to the availability of resources in a customized manner. But DDoS attack is a very dangerous as it directly affects the availability of resources. So the objective of the paper is to mitigate DDoS attack in cloud network using threshold based technique. Methods/Statistical Analysis: In the proposed solution a list of faulty IP addresses has been prepared based on their performance during the Turing test and named as black list. If the request is from black list than it is directly rejected else forwarded to next step. At the second stage check whether the number of resources available are greater than the request made and also the request for resources is less than the threshold value of resource m, than the resource are allocated to that request else request is rejected. Findings: Cloud resources can be defended from the DDoS attack by any of the three defense mechanisms, i.e. DDoS attack prevention, DDoS attack detection and DDoS attack mitigation and recovery. But it is found that Attack mitigation is the easiest way to defend against the DDos attack because of easily available resources. The paper presented a technique that will easily detect and mitigate the DDos attack and it is very easy to implement with minimum cost and overhead. Application/Improvements: The proposed work can be implemented in any cloud network to save it from wasting the resources for malicious requests. For further improvement client based protection can also be implemented such that the attacker will not be able to form its army for the purpose of DDoS attack.
Cloud computing is blooming technology and adopted by many companies. But there are many issues and one of them is DDOS. It can effect organizations depending on cloud for their business. This paper explains DDoS attack, its effect in cloud computing and things needs to be considered while selecting defense mechanisms for DDoS.
Firewalls are network devices which enforce an organization's security policy. Since their de-velopment, various methods have been used to implement firewalls. These methods filter network traffic at one or more of the seven layers of the ISO network model, most commonly at the ap-plication, transport, and network, and data-link levels. In addition, researchers have developed some newer methods, such as protocol normalization and distributed firewalls, which have not yet been widely adopted. Firewalls involve more than the technology to implement them. Specifying a set of filtering rules, known as a policy, is typically complicated and error-prone. High-level languages have been developed to simplify the task of correctly defining a firewall's policy. Once a policy has been specified, the firewall needs to be tested to determine if it actually implements the policy correctly. Little work exists in the area of firewall theory; however, this article summarizes what exists. Because some data must be able to pass in and out of a firewall, in order for the protected network to be useful, not all attacks can be stopped by firewalls. Some emerging technologies, such as Virtual Private Networks (VPN) and peer-to-peer networking pose new challenges for firewalls.
This paper will show in detail the differences between safety and security. An argument is made for new system design requirements based on a threat sustainable system (TSS) drawing on threat scanning, flexibility, command and control, system of systems, human factors and population dependencies. Principles of sustainability used in historical design processes are considered alongside the complex changes of technology and emerging threat actors. The paper recognises that technologies and development methods for safety do not work for security. Safety has the notion of a one or two event protection, but cyber-attacks are multi-event situations. The paper recognizes that the behaviour of interconnected systems and modern systems requirements for national sustainability. System security principles for sustainability of critical systems are considered in relation to failure, security architecture, quality of service, authentication and trust and communication of failure to operators. Design principles for operators are discussed along with recognition of human factors failures. These principles are then applied as the basis for recommended changes in systems design and discuss system control dominating the hierarchy of design decisions but with harmonization of safety requirements up to the level of sustaining security. These new approaches are discussed as the basis for future research on adaptive flexible systems that can sustain attacks and the uncertainty of fast-changing technology.
Cloud technology is becoming more and more popular in recent time. With the popularity of the Cloud Computing, Cloud security becomes a vital issue in the Cloud computing domain. Particularly, the new evolving threat to the enterprise cloud makes the firewall systems of enterprise cloud to slow down the operation. On the other hand, one of the central challenges to deploy, Cloud applications into the existing environment is to configure the Cloud firewalls. The state of art technology is to open the ports as many as required. Such firewall policy is so hazardous, and a more dynamic means of checking the firewall is called for. In this report, we offer a dynamic and dependable mechanism to adaptively control the firewall for enterprise cloud computing. Likewise, a conceptual design and its execution have been talked about.
This survey paper describes a focused literature survey of machine learning (ML) and data mining (DM) methods for cyber analytics in support of intrusion detection. Short tutorial descriptions of each ML/DM method are provided. Based on the number of citations or the relevance of an emerging method, papers representing each method were identified, read, and summarized. Because data are so important in ML/DM approaches, some well-known cyber data sets used in ML/DM are described. The complexity of ML/DM algorithms is addressed, discussion of challenges for using ML/DM for cyber security is presented, and some recommendations on when to use a given method are provided.
The security of System Control and Data Acquisition (SCADA) systems is one of the most pressing subjects in industrial systems, particularly for those installations actively using the public network in order to provide new features and services. In this paper, we present an innovative approach to the design of filtering systems based on the state analysis of the system being monitored. The aim is to detect attacks composed of a set of “SCADA” commands that, while licit when considered in isolation on a single-packet basis, can disrupt the correct behavior of the system when executed in particular operating states. The proposed firewall detects these complex attacks thanks to an internal representation of the controlled SCADA system. Furthermore, we detail the design of the architecture of the firewall for systems that use the ModBus and DNP3 protocols, and the implementation of a prototype, providing experimental comparative results that confirm the validity of the proposed approach.
A major issue in many applications is how to preserve the consistency of data in the presence of concurrency and hardware failures. We suggest addressing this problem by implementing applications in terms of abstract data types with two properties: Their objects are atomic (they provide serializability and recoverability for activities using them) and resilient (they survive hardware failures with acceptably high probability). We define what it means for abstract data types to be atomic and resilient. We also discuss issues that arise in implementing such types, and describe a particular linguistic mechanism provided in the Argus programming language.
The firewall is normally an intermediate system between the secure internal networks and the less secure external networks. It is intended to keep corporate systems safe from intruders, hackers, and accidental entry into the corporate system. The primary types of firewalls are screening routers, proxy servers, and stateful inspectors. Before choosing a firewall architecture, a company must have the right mind set regarding the threat. The purpose of this paper is to provide an introduction to firewall concepts and help develop this mind set.
A rest api interface for pfsense 2.3.x and 2.4.x to facilitate devops
- N Jong
Rre: A game-theoretic intrusion response and recovery engine
- S A Zonouz
- H Khurana
- W H Sanders
- T M Yardley