After tightening up network perimeter for dealing with external threats, organizations have woken up to the
threats from inside Local Area Networks (LAN) over the past several years. It is thus important to design
and implement LAN security strategies in order to secure assets on LAN by filtering traffic and thereby
protecting them from malicious access and insider attacks. Banking Financial Services and Insurance
(BFSI) industry is one such segment that faces increased risks and security challenges. The typical
architecture of this segment includes several thousands of users connecting from various branches over
Wide Area Network (WAN) links crossing national and international boundaries with varying network
speed to access data center resources. The objective of this work is to deploy LAN security solution to
protect the data center located at headquarters from the end user machines. A LAN security solution should
ideally provide Network Access Control (NAC) along with cleaning (securing) the traffic going through it.
Traffic cleaning itself includes various features like firewall, intrusion detection/prevention, traffic anomaly
detection, validation of asset ownership etc. LANenforcer (LE) is a device deployed in front of the data
center such that the traffic from end-user machines necessarily passes through it so that it can enforce
security. The goal of this system is to enhance the security features of a LANenforcer security system with
Intrusion Prevention System (IPS) to enable it to detect and prevent malicious network activities. IPS is
plugged into the packet path based on the configuration in such a way that the entire traffic passes through
the IPS on LE.
Survey on Host and Network Based Intrusion Detection System
With invent of new technologies and devices, Intrusion has become an area of concern because of security issues, in the ever growing area of cyber-attack. An intrusion detection system (IDS) is defined as a device or software application which monitors system or network activities for malicious activities or policy violations. It produces reports to a management station [1]. In this paper we are mainly focused on different IDS concepts based on Host and Network systems.
The nature of wireless networks itself created new vulnerabilities that in the classical wired networks do
not exist. This results in an evolutional requirement to implement new sophisticated security mechanism in
form of Intrusion Detection and Prevention Systems. This paper deals with security issues of small office
and home office wireless networks. The goal of our work is to design and evaluate wireless IDPS with use
of packet injection method. Decrease of attacker’s traffic by 95% was observed when compared to
attacker’s traffic without deployment of proposed IDPS system.
Co-operative Wireless Intrusion Detection System Using MIBs From SNMP
In emerging technology of Internet, security issues are becoming more challenging. In case of wired LAN it is somewhat in control, but in case of wireless networks due to exponential growth in attacks, it has made difficult to detect such security loopholes. Wireless network security is being addressed using firewalls, encryption techniques and wired IDS (Intrusion Detection System) methods. But the approaches which were used in wired network were not successful in producing effective results for wireless networks. It is so because of features of wireless network such as open medium, dynamic changing topology, cooperative algorithms, lack of centralized monitoring and management point, and lack of a clear line of defense etc. So, there is need for new approach which will efficiently detect intrusion in wireless network. Efficiency can be achieved by implementing distributive, co-operative based, multi-agent IDS. The proposed system supports all these three features. It includes mobile agents for intrusion detection which uses SNMP (Simple network Management Protocol) and MIB (Management Information Base) variables for mobile wireless networks.
Report: Study and Implementation of Advance Intrusion Detection and Preventio...
This document discusses building an intrusion detection system that combines network-based and log-based detection. It proposes using the Security Onion distribution and its included tools like Snort, Sguil, Squert and OSSEC. It describes configuring Security Onion sensors to monitor network traffic and logs, storing alerts in databases, and using the management consoles to analyze alerts. The goal is to create a comprehensive security monitoring platform through centralized log management and correlation of network and host-based events.
This document discusses network intrusion detection systems (NIDS) and their ability to handle high-speed traffic. It introduces NIDS and their role in monitoring network traffic. The document presents an experiment that tests the open-source NIDS Snort under high-volume traffic. The experiment shows that Snort drops more packets as traffic speed and volume increases, demonstrating a weakness of NIDS in high-speed environments. It suggests using a parallel NIDS technique to help NIDS better handle high-speed network traffic and reduce packet dropping.
A honeynet framework to promote enterprise network security
This document describes a honeynet framework to promote enterprise network security. The framework consists of two high-interaction honeypot servers connected by a switch to a monitoring station. The honeypots provide real operating systems and services to attract attackers. When an attacker attempts to access a honeypot, its data is captured by a packet sniffer and stored in a database. This data is then sent securely to the monitoring station using web services. The monitoring station analyzes the data, generates an alert report, and provides a GUI to monitor extracted information. The goal is to identify attack traffic and profile attackers to improve network defense.
Whenyour computer isconnected to the Internet, you expose your computer to a variety of potentialthreats. The Internet isdesigned in such a waythat if you have access to the Internet, all other computers on the Internet canconnect to yourcomputer.Thisleavesyouvulnerable to variouscommonattacks. This isespeciallytroubling as severalpopular programs open services on your computer thatallowothers to view files on your computer! Whilethisfunctionalityisexpected, the difficultyisthatsecurityerrors are detectedthatalwaysallow hackers to attackyour computer with the ability to view or destroy sensitive information stored on your computer. To protectyour computer fromsuchattacksyouneed to "teach" your computer to ignore or resistexternaltestingattempts. The commonname for such a program is Firewall. A firewall is software thatcreates a secureenvironmentwhosefunctionis to block or restrictincoming and outgoing information over a network. These firewalls actually do not work and are not suitable for business premises to maintain information securitywhilesupporting free exchange of ideas. Firewall are becoming more and more sophisticated in the day, and new features are beingadded all the time, sothat, despitecriticism and intimidatingdevelopmentmethods, they are still a powerfuldefense. In thispaper, weread a network firewall thathelps the corporateenvironment and other networks thatwant to exchange information over the network. The firewall protects the flow of trafficthrough the internet and limits the amount of external and internal information and provides the internal user with the illusion of anonymous FTP and www online communications.
Modern information security management best practices dictate that an enterprise assumes full
configuration control of end user computer systems (laptops, deskside computers, etc.). The benefit of this
explicit control yields lower support costs since there are less variation of machines, operating systems,
and applications to provide support on, but more importantly today, dictating specifically what software,
hardware, and security configurations exist on an end user's machine can help reduce the occurrence of
infection by malicious software significantly. If the data pertaining to end user systems is organized and
catalogued as part of normal information security logging activities, an extended picture of what the end
system actually is may be available to the investigator at a moment's notice to enhance incident response
and mitigation. The purpose of this research is to provide a way of cataloguing this data by using and
augmenting existing tools and open source software deployed in an enterprise network.
Analytical survey of active intrusion detection techniques in mobile ad hoc n...
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
This document summarizes a research paper that classifies different types of networks and discusses their associated security issues. It categorizes networks based on size (LAN, MAN, WAN), design (peer-to-peer, client-server, standalone), layering (layered, non-layered), and provides examples such as Ethernet, Wi-Fi, VPNs. It also discusses common security threats for different network types like viruses, denial of service attacks, and evaluates security measures including encryption, firewalls, access control. The paper aims to provide a comprehensive classification of networks and analyze how security needs vary depending on the network and software development stages.
IRJET- A Review on Intrusion Detection SystemIRJET Journal
This document provides a review of intrusion detection systems (IDS). It discusses the purpose of IDS in monitoring networks to detect anomalous behavior and security exploits. The document outlines the basic components and architecture of IDS, including sensors to collect data, an analyzer to examine data for intrusions, a knowledgebase of activity logs and signatures, and a user interface. It also covers different types of attacks IDS aims to detect, such as denial-of-service, spoofing and probing attacks. Finally, the document summarizes the typical workflow of an IDS in collecting data, selecting relevant features for analysis, analyzing data for intrusions, and taking appropriate actions in response.
Survey on Host and Network Based Intrusion Detection SystemEswar Publications
With invent of new technologies and devices, Intrusion has become an area of concern because of security issues, in the ever growing area of cyber-attack. An intrusion detection system (IDS) is defined as a device or software application which monitors system or network activities for malicious activities or policy violations. It produces reports to a management station [1]. In this paper we are mainly focused on different IDS concepts based on Host and Network systems.
The nature of wireless networks itself created new vulnerabilities that in the classical wired networks do
not exist. This results in an evolutional requirement to implement new sophisticated security mechanism in
form of Intrusion Detection and Prevention Systems. This paper deals with security issues of small office
and home office wireless networks. The goal of our work is to design and evaluate wireless IDPS with use
of packet injection method. Decrease of attacker’s traffic by 95% was observed when compared to
attacker’s traffic without deployment of proposed IDPS system.
Co-operative Wireless Intrusion Detection System Using MIBs From SNMPIJNSA Journal
In emerging technology of Internet, security issues are becoming more challenging. In case of wired LAN it is somewhat in control, but in case of wireless networks due to exponential growth in attacks, it has made difficult to detect such security loopholes. Wireless network security is being addressed using firewalls, encryption techniques and wired IDS (Intrusion Detection System) methods. But the approaches which were used in wired network were not successful in producing effective results for wireless networks. It is so because of features of wireless network such as open medium, dynamic changing topology, cooperative algorithms, lack of centralized monitoring and management point, and lack of a clear line of defense etc. So, there is need for new approach which will efficiently detect intrusion in wireless network. Efficiency can be achieved by implementing distributive, co-operative based, multi-agent IDS. The proposed system supports all these three features. It includes mobile agents for intrusion detection which uses SNMP (Simple network Management Protocol) and MIB (Management Information Base) variables for mobile wireless networks.
Report: Study and Implementation of Advance Intrusion Detection and Preventio...Deepak Mishra
This document discusses building an intrusion detection system that combines network-based and log-based detection. It proposes using the Security Onion distribution and its included tools like Snort, Sguil, Squert and OSSEC. It describes configuring Security Onion sensors to monitor network traffic and logs, storing alerts in databases, and using the management consoles to analyze alerts. The goal is to create a comprehensive security monitoring platform through centralized log management and correlation of network and host-based events.
This document discusses network intrusion detection systems (NIDS) and their ability to handle high-speed traffic. It introduces NIDS and their role in monitoring network traffic. The document presents an experiment that tests the open-source NIDS Snort under high-volume traffic. The experiment shows that Snort drops more packets as traffic speed and volume increases, demonstrating a weakness of NIDS in high-speed environments. It suggests using a parallel NIDS technique to help NIDS better handle high-speed network traffic and reduce packet dropping.
A honeynet framework to promote enterprise network securityIAEME Publication
This document describes a honeynet framework to promote enterprise network security. The framework consists of two high-interaction honeypot servers connected by a switch to a monitoring station. The honeypots provide real operating systems and services to attract attackers. When an attacker attempts to access a honeypot, its data is captured by a packet sniffer and stored in a database. This data is then sent securely to the monitoring station using web services. The monitoring station analyzes the data, generates an alert report, and provides a GUI to monitor extracted information. The goal is to identify attack traffic and profile attackers to improve network defense.
Whenyour computer isconnected to the Internet, you expose your computer to a variety of potentialthreats. The Internet isdesigned in such a waythat if you have access to the Internet, all other computers on the Internet canconnect to yourcomputer.Thisleavesyouvulnerable to variouscommonattacks. This isespeciallytroubling as severalpopular programs open services on your computer thatallowothers to view files on your computer! Whilethisfunctionalityisexpected, the difficultyisthatsecurityerrors are detectedthatalwaysallow hackers to attackyour computer with the ability to view or destroy sensitive information stored on your computer. To protectyour computer fromsuchattacksyouneed to "teach" your computer to ignore or resistexternaltestingattempts. The commonname for such a program is Firewall. A firewall is software thatcreates a secureenvironmentwhosefunctionis to block or restrictincoming and outgoing information over a network. These firewalls actually do not work and are not suitable for business premises to maintain information securitywhilesupporting free exchange of ideas. Firewall are becoming more and more sophisticated in the day, and new features are beingadded all the time, sothat, despitecriticism and intimidatingdevelopmentmethods, they are still a powerfuldefense. In thispaper, weread a network firewall thathelps the corporateenvironment and other networks thatwant to exchange information over the network. The firewall protects the flow of trafficthrough the internet and limits the amount of external and internal information and provides the internal user with the illusion of anonymous FTP and www online communications.
Modern information security management best practices dictate that an enterprise assumes full
configuration control of end user computer systems (laptops, deskside computers, etc.). The benefit of this
explicit control yields lower support costs since there are less variation of machines, operating systems,
and applications to provide support on, but more importantly today, dictating specifically what software,
hardware, and security configurations exist on an end user's machine can help reduce the occurrence of
infection by malicious software significantly. If the data pertaining to end user systems is organized and
catalogued as part of normal information security logging activities, an extended picture of what the end
system actually is may be available to the investigator at a moment's notice to enhance incident response
and mitigation. The purpose of this research is to provide a way of cataloguing this data by using and
augmenting existing tools and open source software deployed in an enterprise network.
Analytical survey of active intrusion detection techniques in mobile ad hoc n...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
The document discusses securing industrial IoT (IIoT) applications and devices. It identifies three main attack surfaces: the application, the device, and the network. To secure the application, it recommends using secure APIs, complex passwords, limiting API calls, and continuous deployment. For devices, it suggests securing the SIM card, physical device, and device software through measures like embedded SIMs, firmware updates, and remote management. Finally, it advises limiting voice, SMS, and data services on networks to reduce vulnerabilities. Overall, the document stresses the importance of prioritizing security for IIoT given the increasing threats to connected industrial systems.
Detecting and Preventing Attacks Using Network Intrusion Detection SystemsCSCJournals
Intrusion detection is an important technology in business sector as well as an active area of research. It is an important tool for information security. A Network Intrusion Detection System is used to monitor networks for attacks or intrusions and report these intrusions to the administrator in order to take evasive action. Today computers are part of networked; distributed systems that may span multiple buildings sometimes located thousands of miles apart. The network of such a system is a pathway for communication between the computers in the distributed system. The network is also a pathway for intrusion. This system is designed to detect and combat some common attacks on network systems. It follows the signature based IDs methodology for ascertaining attacks. A signature based IDS will monitor packets on the network and compare them against a database of signatures or attributes from known malicious threats. It has been implemented in VC++. In this system the attack log displays the list of attacks to the administrator for evasive action. This system works as an alert device in the event of attacks directed towards an entire network.
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
journal publishing, how to publish research paper, Call For research paper, international journal, publishing a paper, IJERD, journal of science and technology, how to get a research paper published, publishing a paper, publishing of journal, publishing of research paper, reserach and review articles, IJERD Journal, How to publish your research paper, publish research paper, open access engineering journal, Engineering journal, Mathemetics journal, Physics journal, Chemistry journal, Computer Engineering, Computer Science journal, how to submit your paper, peer reviw journal, indexed journal, reserach and review articles, engineering journal, www.ijerd.com, research journals,
yahoo journals, bing journals, International Journal of Engineering Research and Development, google journals, hard copy of journal
In this research work an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) will be implemented to detect and prevent critical networks infrastructure from cyber-attacks. To strengthen network security and improve the network's active defense intrusion detection capabilities, this project will consist of intrusion detection system using honey token based encrypted pointers and intrusion prevention system which based on the mixed interactive honeypot. The Intrusion Detection System (IDS) is based on the novel approach of Honey Token based Encrypted Pointers.
DEFENSE MECHANISMS FOR COMPUTER-BASED INFORMATION SYSTEMSIJNSA Journal
Nowadays, corporations and a government agencies relay on computer-based information system to
manage their information, this information may be classified, so it will be dangerous if it is disclosed by
unauthorized persons. Therefore, there is urgent need for defense. In this research, defense has been
categorized into four mechanisms technical defense, operation defense, management defense, and physical
defense based on the logic of computer and network security. Also, each mechanism has been investigated
and explained in the term of computer based information systems.
Layered Approach for Preprocessing of Data in Intrusion Prevention SystemsEditor IJCATR
Due to extensive growth of the Internet and increasing availability of tools and methods for intruding and attacking
networks, intrusion detection has become a critical component of network security parameters. TCP/IP protocol suite is the defacto
standard for communication on the Internet. The underlying vulnerabilities in the protocols is the root cause of intrusions. Therefor
Intrusion detection system becomes an important element in network security that controls real time data and leads to huge
dimensional problem. Processing large number of packets and data in real time is very difficult and costly. Therefor data preprocessing
is necessary to remove redundant and unwanted information from packets and clean network data. Here, we are focusing on
two important aspects of intrusion detection; one is accuracy and other is performance. The layered approach of TCP/IP model can be
applied to packet pre-processing to achieve early and faster intrusion detection. Motivation for the paper comes from the large impact
data preprocessing has on the accuracy and capability of anomaly-based NIPS. In this paper it is demonstrated that high attack
detection accuracy can be achieved by using layered approach for data preprocessing in Internet. To reduce false positive rate and to
increase efficiency of detection, the paper proposed framework for preprocessing in intrusion prevention system. We experimented
with real time network traffic as well as he KDDcup99 dataset for our research.
This paper presents a brief study of recent advances in wireless network security issues. The paper makes a number of contributions to the wireless networking field. First, it studies the 4G mail threats and risk and their design decisions. Second, the security of 4G architecture with next generation network security and 8-security dimensions of 4G network. Third, security issues and possible threats on 4G are discussed. Finally, we proposed four layer security model which manages to ensure more secure packets transmission by taking all the necessary security measures.
In this research work an Intrusion Detection System (IDS) and Intrusion Prevention System (IPS) will be implemented to detect and prevent critical networks infrastructure from cyber-attacks. To strengthen network security and improve the network's active defense intrusion detection capabilities, this project will consist of intrusion detection system using honey token based encrypted pointers and intrusion prevention system which based on the mixed interactive honeypot. The Intrusion Detection System (IDS) is based on the novel approach of Honey Token based Encrypted Pointers. This honey token inside the frame will serve as a trap for the attacker. All nodes operating within the working domain of critical infrastructure network are divided into four different pools. This division is based per their computational power and level of vulnerability. These pools are provided with different levels of security measures within the network. IDS use different number of Honey Tokens (HT) per frame for every different pool e.g. Pool-A contains 4 HT/frame, Pool-B contains 3 HT/frame, Pool-C contains 2 HT/frame and Pool-D contain 1 HT/frame. Moreover, every pool uses different types of encryption schemes (AES-128,192,256). Our critical infrastructure network of 64 nodes is under the umbrella of unified security provided by this single Network Intrusion Detection System (NIDS). After the design phase of IDS, we analyze the performance of IDS in terms of True Positives (TP) and False Negatives (FN). Finally, we test these IDS through Network Penetration Testing (NPT) phase. The detection rate depends on the number of honey tokens per frame. Our proposed IDS are a scalable solution and it can be implemented for any number of nodes in critical infrastructure network. However, in case of Intrusion Prevention System (IPS) we use Virtual honeypot technology which is the best active prevention technology among all honeypot technologies. By using the original operating system and virtual technology, the honeypot lures attackers in a pre-arranged manner, analyzes and audits various attacking behavior, tracks the attack source, obtains evidence, and finds effective solutions.
Passive monitoring to build Situational AwarenessDavid Sweigert
Passive network monitoring techniques can provide valuable situational awareness for network security professionals. The document describes techniques for passively discovering information about nodes on a network, including operating systems, roles, services, and configurations. This contextual information helps analysts by reducing false positives and focusing resources. The passive approach does not disrupt networks and can operate continuously, in contrast to active scanning tools. A network monitoring prototype is being developed to test these passive discovery techniques.
International Journal of Computer Science and Security Volume (1) Issue (3)CSCJournals
The document discusses integrating VPN and IDS technologies to improve network security. It proposes configuring a VPN concentrator/firewall to encrypt traffic between remote clients and private networks. An IDS would be placed within the private network to monitor decrypted traffic. Rules would define the IDS monitoring encrypted VPN traffic and taking action on detected threats. The integration aims to address issues like switched and encrypted data evading traditional network IDS, while reducing false alarms through traffic correlation. Configuration rules specify interfaces, address pools, VPN/firewall settings, and IDS login to dynamically update firewall rules.
This document describes an Unconstrained Endpoint Security System (UEPtSS) that uses passive scanning via the BRO intrusion detection system to fingerprint and catalog unmanaged endpoints on an enterprise network. It analyzes network traffic logs to determine key details about unmanaged devices including operating system, open ports, applications, browsers, and historical malware infections to provide useful context for incident response. The system leverages BRO's scripting framework to detect this information from log files and build an inventory without active scanning. This passive approach avoids potential denial of service issues and works regardless of when devices connect to the network.
The Cloud and Mobility revolution, intensified by the quickly evolving threat landscape, heightens the
challenge for businesses to secure their IT infrastructure. Now they must fight security threats that target
their employees, applications, and other assets - not just on-premises, but throughout all of cyberspace.
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
The document discusses Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS). It states that IDS monitors network traffic to detect potential security breaches by analyzing for signs of attacks or unauthorized access. When suspicious activity is identified, an alert is generated. IPS goes beyond detection and can also prevent security breaches by blocking malicious traffic before it reaches its destination. IPS can detect and block known attack patterns by examining traffic patterns and signatures. Both hardware and software based IDS/IPS solutions can be effective, with the choice depending on an organization's specific needs and constraints. Popular open-source and commercial IDS/IPS tools are also mentioned.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
MACHINE LEARNING AND DEEP LEARNING MODEL-BASED DETECTION OF IOT BOTNET ATTACKS.IRJET Journal
This document discusses machine learning and deep learning models for detecting IoT botnet attacks. It begins with an abstract that outlines the challenges of securing the growing number of IoT devices and describes how machine learning and deep learning techniques like LSTM RNN can be used to develop effective detection systems. The introduction provides background on botnets, distributed denial of service attacks, and the need for detection systems. The literature review then summarizes several previous works that used techniques such as Bayesian classifiers, random neural networks, decision trees, and other machine learning algorithms for attack detection. The methodology section outlines the general approach of anomaly-based intrusion detection systems and different learning methods. The experimental setup describes collecting and preprocessing data, feature extraction, model training and evaluation
Hyperparameters optimization XGBoost for network intrusion detection using CS...IAESIJAI
With the introduction of high-speed internet access, the demand for security and dependable networks has grown. In recent years, network attacks have gotten more complex and intense, making security a vital component of organizational information systems. Network intrusion detection systems (NIDS) have become an essential detection technology to protect data integrity and system availability against such attacks. NIDS is one of the most well-known areas of machine learning software in the security field, with machine learning algorithms constantly being developed to improve performance. This research focuses on detecting abnormalities in societal infiltration using the hyperparameters optimization XGBoost (HO-XGB) algorithm with the Communications Security Establishment-The Canadian Institute for Cybersecurity-Intrusion Detection System2018 (CSE-CICIDS2018) dataset to get the best potential results. When compared to typical machine learning methods published in the literature, HO-XGB outperforms them. The study shows that XGBoost outperforms other detection algorithms. We refined the HO-XGB model's hyperparameters, which included learning_rate, subsample, max_leaves, max_depth, gamma, colsample_bytree, min_child_weight, n_estimators, max_depth, and reg_alpha. The experimental findings reveal that HO-XGB1 outperforms multiple parameter settings for intrusion detection, effectively optimizing XGBoost's hyperparameters.
Team research paper and project on network vulnerabilities with multiple attacks and defesnses:
Cybersecurity
-For this project, our class was paired with teams to attempt to find vulnerabilities in other teams networks and to successfully beach their network.
-My role in this group was to help breach other team vulnerabilities through different attacks like responder attacks, honeypots, etc.
-The main challenges of this project were trying to find the vulnerabilities successfully, as the whole team had troubles with each of our different attacks and defenses.
-We learned how to use cybersecurity tools to help find vulnerabilities in networks and how to protect against them better. For example, in the honeypot we used we deployed it to port 80, when the attacker tried to access our fake server we were notified. We also deployed palto alto firewall to create our private and secure network. For an attack, we also used password crackers like john the ripper. This project taught us how to breach networks as a team.
IJCER (www.ijceronline.com) International Journal of computational Engineerin...ijceronline
The document proposes a signature-based intrusion detection system using multithreading. It captures network packets and analyzes them for intrusions by comparing signatures to databases of known attacks. A multithreaded design is suggested to improve performance by processing packets in parallel threads. Agents would be deployed on the network with detection modules that use caching of frequent signatures to speed up analysis. An update module would transfer new frequent signatures to the caches.
DESIGN AND EFFICIENT DEPLOYMENT OF HONEYPOT AND DYNAMIC RULE BASED LIVE NETWO...IJNSA Journal
The continuously emerging, operationally and managerially independent, geographically distributed computer networks deployable in an evolutionarily manner have created greater challenges in securing them. Several research works and experiments have convinced the security expert that Network Intrusion Detection Systems (NIDS) or Network Intrusion Prevention Systems (NIPS) alone are not capable of securing the Computer Networks from internal and external threats completely. In this paper we present the design of Intrusion Collaborative System which is a combination of NIDS,NIPS, Honeypots, software tools like nmap, iptables etc. Our Design is tested against existing attacks based on Snort Rules and several customized DDOS , remote and guest attacks. Dynamic rules are generated during every unusual behavior that helps Intrusion Collaborative System to continuously learn about new attacks. Also a formal approach to deploy Live Intrusion Collaboration Systems based on System of Systems Concept is Proposed.
CompTIA exam study guide presentations by instructor Brian Ferrill, PACE-IT (Progressive, Accelerated Certifications for Employment in Information Technology)
"Funded by the Department of Labor, Employment and Training Administration, Grant #TC-23745-12-60-A-53"
Learn more about the PACE-IT Online program: www.edcc.edu/pace-it
IMPROVED IDS USING LAYERED CRFS WITH LOGON RESTRICTIONS AND MOBILE ALERTS BAS...IJNSA Journal
With the ever increasing number and diverse type of attacks, including new and previously unseen attacks, the effectiveness of an Intrusion Detection System is very important. Hence there is high demand to reduce the threat level in networks to ensure the data and services offered by them to be more secure. In this paper we developed an effective test suite for improving the efficiency and accuracy of an intrusion detection system using the layered CRFs. We set up different types of checks at multiple levels in each layer. Our framework examines various attributes at every layer in order to effectively identify any breach of security. Once the attack is detected, it is intimated through mobile phone to the system administrator for safeguarding the server system. We established experimentally that the layered CRFs can thus be more effective in detecting intrusions when compared with the other previously known techniques.
Network security refers to protecting computer networks from unauthorized access and system threats. Effective network security implements measures like firewalls, encryption, and user authentication to restrict access and ensure confidentiality, integrity, and availability of network resources. As networks and threats evolve, network security requires an adaptive, layered approach using tools like antivirus software, intrusion detection, and biometrics alongside continued software and hardware advances.
Detect Network Threat Using SNORT Intrusion Detection SystemIRJET Journal
This document discusses using the Snort intrusion detection system to detect network threats. It begins with an abstract that introduces Snort and the shift from intrusion detection to prevention. The document then covers Snort components, configuration, implementation and testing on a network. Snort rules were created and tested to detect ICMP ping requests from an attacking machine. Network traffic was analyzed using Snort logs and Wireshark to identify the attacking packets. The conclusion is that Snort is an effective lightweight intrusion detection system that can detect network threats using its built-in and customized rules.
The document proposes a security model for wireless sensor networks using zero knowledge protocol. It addresses security threats like cloning attacks, man-in-the-middle attacks, and replay attacks. The model uses a unique fingerprint for each node based on its neighboring nodes to detect cloning. It also uses zero knowledge protocol for sensor nodes to verify authenticity without transmitting cryptographic information, preventing man-in-the-middle and replay attacks. The paper analyzes the performance and security of the proposed model.
This document summarizes a proposed robust campus wide network defender system. It begins with an introduction to network security and the role of firewalls and intrusion detection systems. It then describes various attack generation and detection algorithms proposed as part of the system. These include algorithms for generating and detecting ICMP floods, SYN floods, LAND attacks, and XMAS attacks. The system is intended to integrate firewall and IDS capabilities to better defend against known attacks. The document concludes with discussions of the software development process and programming tools used to implement the proposed system.
Similar to DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECURITY HARDWARE (20)
Weighted Coefficient Firefly Optimization Algorithm and Support Vector Machin...IJCNCJournal
Paper Title
Weighted Coefficient Firefly Optimization Algorithm and Support Vector Machine for Trust Model and Link Reliability
Authors
Shalini Sharma and Syed Zeeshan Hussain, Jamia Millia Islamia University New Delhi, India
Abstract
Cloud computing is widely used by organizations and individuals due to its flexibility and reliability. The trust model is important for cloud computing to detect malicious users and protect user privacy. The existing research faces the issues of local optima trap and overfitting problems when a training user node is idle for more time. This research proposed Weighted Coefficient Firefly Optimization Algorithm (WCFOA) with Support Vector Machine (SVM) for the trust model calculation and identifying paths with better Quality of Services (QoS). The weighted coefficient is added to the FOA model to balance the exploration and exploitation in the search of identifying optimal path based on reliability score. The WC-FOA method measures the link reliability in the model and SVM detects the malicious users in the model. The WC-FOA model selects the optimal path for transmission in terms of trust and efficient QoS parameters. The entropy measure and link reliability are provided as input to the SVM model for the detection of attacks in the network. The WCFOA-SVM model has 96% malicious user detection, whereas the Random Forest Hierarchical Ant Colony Optimization (RF-HEACO) has 92 % accuracy.
Keywords
Cloud computing, Entropy Measure, Support Vector Machine, Trust model, Weighted Coefficient Firefly Optimization Algorithm.
Volume URL: https://airccse.org/journal/ijc2022.html
Abstract URL: https://aircconline.com/abstract/ijcnc/v14n5/14522cnc08.html
Pdf URL: https://aircconline.com/ijcnc/V14N5/14522cnc08.pdf
#scopuspublication #scopusindexed #callforpapers #researchpapers #cfp #researchers #phdstudent #researchScholar #journalpaper #submission #journalsubmission #WBAN #requirements #tailoredtreatment #MACstrategy #enhancedefficiency #protrcal #computing #analysis #wirelessbodyareanetworks #wirelessnetworks
#adhocnetwork #VANETs #OLSRrouting #routing #MPR #nderesidualenergy #korea #cognitiveradionetworks #radionetworks #rendezvoussequence
Here's where you can reach us : ijcnc@airccse.org or ijcnc@aircconline.com
Analysis and Evolution of SHA-1 Algorithm - Analytical TechniqueIJCNCJournal
Paper Title
Analysis and Evolution of SHA-1 Algorithm - Analytical Technique
Authors
Malek M. Al-Nawashi, Obaida M. Al-hazaimeh, Isra S. Al-Qasrawi, Ashraf A. Abu-Ein and Monther H. Al-Bsool, Al-Balqa Applied University, Jordan
Abstract
A 160-bit (20-byte) hash value, sometimes called a message digest, is generated using the SHA-1 (Secure Hash Algorithm 1) hash function in cryptography. This value is commonly represented as 40 hexadecimal digits. It is a Federal Information Processing Standard in the United States and was developed by the National Security Agency. Although it has been cryptographically cracked, the technique is still in widespread usage. In this work, we conduct a detailed and practical analysis of the SHA-1 algorithm's theoretical elements and show how they have been implemented through the use of several different hash configurations.
Keywords
Cryptography, SHA-1, Message digest, Data integrity, Digital signature, National security agency
Volume URL: https://airccse.org/journal/ijc2024.html
Youtube URL : https://youtu.be/881rIf1aAPE
Abstract URL: https://aircconline.com/abstract/ijcnc/v16n3/16324cnc06.html
Pdf URL: https://aircconline.com/ijcnc/V16N3/16324cnc06.pdf
#highmobility #complexity #radar #networkanomalydetection #6G #OFDM #OTFS #signalmodeling #transmitter #framework #complexityanalysis #scopuspublication #scopusindexed #callforpapers #researchpapers #cfp #researchers #phdstudent #researchScholar #networks #networking #journalpaper #submission #journalsubmission
Call for Papers -International Journal of Computer Networks & Communications ...IJCNCJournal
International Journal of Computer Networks & Communications (IJCNC)
Citations, h-index, i10-index of IJCNC
---- Scopus, ERA Listed, WJCI Indexed ----
Scopus Cite Score 2023--1.6
https://airccse.org/journal/ijcnc.html
IJCNC is listed in ERA 2023 as per the Australian Research Council (ARC) Journal Ranking
Scope & Topics
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
Authors are solicited to contribute to this journal by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in the Computer Networks & Communications.
Topics of Interest
• Network Protocols & Wireless Networks
• Network Architectures
• High speed networks
• Routing, switching and addressing techniques
• Next Generation Internet
• Next Generation Web Architectures
• Network Operations & management
• Adhoc and sensor networks
• Internet and Web applications
• Ubiquitous networks
• Mobile networks & Wireless LAN
• Wireless Multimedia systems
• Wireless communications
• Heterogeneous wireless networks
• Measurement & Performance Analysis
• Peer to peer and overlay networks
• QoS and Resource Management
• Network Based applications
• Network Security
• Self-Organizing Networks and Networked Systems
• Optical Networking
• Mobile & Broadband Wireless Internet
• Recent trends & Developments in Computer Networks
Paper Submission
Authors are invited to submit papers for this journal through E-mail: ijcnc@airccse.org or through Submission System. Submissions must be original and should not have been published previously or be under consideration for publication while being evaluated for this Journal.
Important Dates
• Submission Deadline : July 13, 2024
• Notification : July 29, 2024
• Final Manuscript Due : August 05, 2024
• Publication Date : Determined by the Editor-in-Chief
Contact Us
Here's where you can reach us: ijcnc@airccse.org or ijcnc@aircconline.com
For other details please visit - http://airccse.org/journal/ijcnc.html
Controller Placement Problem Resiliency Evaluation in SDN-based ArchitecturesIJCNCJournal
Paper Title
Controller Placement Problem Resiliency Evaluation in SDN-based Architectures
Authors
Maurizio D’Arienzo1, Manfredi Napolitano1 and Simon Pietro Romano2, 1Dipartimento di Scienze Politiche Universita della Campania ”L.Vanvitelli”, Italy, 2DIETI Universita di Napoli ”Federico II”, Italy
Abstract
The Software-Defined Networking (SDN) paradigm does represent an effective approach aimed at enhancing the performance of core networks by introducing a clean separation between the routing plane and the forwarding plane. However, the centralized architecture of SDN networks raises resiliency concerns that are addressed by a class of algorithms falling under the Controller Placement Problem (CPP) umbrella term. Such algorithms seek the optimal placement of the SDN controller. In this paper, we evaluate the main CPP algorithms and provide an experimental analysis of their performance, as well as of their capability to dynamically adapt to network malfunctions and disconnections.
Volume URL: https://airccse.org/journal/ijc2022.html
Abstract URL: https://aircconline.com/abstract/ijcnc/v14n5/14522cnc07.html
Pdf URL:https://aircconline.com/ijcnc/V14N5/14522cnc07.pdf
#scopuspublication #scopusindexed #callforpapers #researchpapers #cfp #researchers #phdstudent #researchScholar #journalpaper #submission #journalsubmission #WBAN #requirements #tailoredtreatment #MACstrategy #enhancedefficiency #protrcal #computing #analysis #wirelessbodyareanetworks #wirelessnetworks
#adhocnetwork #VANETs #OLSRrouting #routing #MPR #nderesidualenergy #korea #cognitiveradionetworks #radionetworks #rendezvoussequence
Here's where you can reach us : ijcnc@airccse.org or ijcnc@aircconline.com
Optimizing CNN-BiGRU Performance: Mish Activation and Comparative AnalysisIJCNCJournal
Paper Title
Optimizing CNN-BiGRU Performance: Mish Activation and Comparative Analysis
Authors
Asmaa BENCHAMA and Khalid ZEBBARA, Ibn zohr University, Morocco
Abstract
Deep learning is currently extensively employed across a range of research domains. The continuous advancements in deep learning techniques contribute to solving intricate challenges. Activation functions (AF) are fundamental components within neural networks, enabling them to capture complex patterns and relationships in the data. By introducing non-linearities, AF empowers neural networks to model and adapt to the diverse and nuanced nature of real-world data, enhancing their ability to make accurate predictions across various tasks. In the context of intrusion detection, the Mish, a recent AF, was implemented in the CNN-BiGRU model, using three datasets: ASNM-TUN, ASNM-CDX, and HOGZILLA. The comparison with Rectified Linear Unit (ReLU), a widely used AF, revealed that Mish outperforms ReLU, showcasing superior performance across the evaluated datasets. This study illuminates the effectiveness of AF in elevating the performance of intrusion detection systems.
Keywords
Network anomaly detection, Mish, CNN-BiGRU, IDS,Hogzilla dataset
Volume URL: https://airccse.org/journal/ijc2024.html
Youtube URL :https://youtu.be/qpPQiGQCN2g
Abstract URL: https://aircconline.com/abstract/ijcnc/v16n3/16324cnc05.html
Pdf URL: https://aircconline.com/ijcnc/V16N3/16324cnc05.pdf
#highmobility #complexity #radar #networkanomalydetection #6G #OFDM #OTFS #signalmodeling #transmitter #framework #complexityanalysis #scopuspublication #scopusindexed #callforpapers #researchpapers #cfp #researchers #phdstudent #researchScholar #networks #networking #journalpaper #submission #journalsubmission
International Journal of Computer Networks & Communications (IJCNC) ----- Sco...IJCNCJournal
International Journal of Computer Networks & Communications (IJCNC)
Citations, h-index, i10-index of IJCNC
---- Scopus, ERA Listed, WJCI Indexed ----
Scopus Cite Score 2022--1.8
https://airccse.org/journal/ijcnc.html
IJCNC is listed in ERA 2023 as per the Australian Research Council (ARC) Journal Ranking
Scope & Topics
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
Authors are solicited to contribute to this journal by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in the Computer Networks & Communications.
Topics of Interest
• Network Protocols & Wireless Networks
• Network Architectures
• High speed networks
• Routing, switching and addressing techniques
• Next Generation Internet
• Next Generation Web Architectures
• Network Operations & management
• Adhoc and sensor networks
• Internet and Web applications
• Ubiquitous networks
• Mobile networks & Wireless LAN
• Wireless Multimedia systems
• Wireless communications
• Heterogeneous wireless networks
• Measurement & Performance Analysis
• Peer to peer and overlay networks
• QoS and Resource Management
• Network Based applications
• Network Security
• Self-Organizing Networks and Networked Systems
• Optical Networking
• Mobile & Broadband Wireless Internet
• Recent trends & Developments in Computer Networks
Paper Submission
Authors are invited to submit papers for this journal through E-mail: ijcnc@airccse.org or through Submission System. Submissions must be original and should not have been published previously or be under consideration for publication while being evaluated for this Journal.
Important Dates
• Submission Deadline : July 06, 2024
• Notification : July 29, 2024
• Final Manuscript Due : August 05, 2024
• Publication Date : Determined by the Editor-in-Chief
Contact Us
Here's where you can reach us: ijcnc@airccse.org or ijcnc@aircconline.com
For other details please visit - http://airccse.org/journal/ijcnc.html
Multi-Layer Digital Validation of Candidate Service Appointment with Digital ...IJCNCJournal
Paper Title
Multi-Layer Digital Validation of Candidate Service Appointment with Digital Signature and Bio-Metric Authentication Approach
Authors
Saikat Bose1, Tripti Arjariya1, Anirban Goswami2, Soumit Chowdhury3, 1Bhabha University, India, 2Techno Main Salt Lake, Sec – V, India, 3Government College of Engineering & Ceramic Technology, India
Abstract
Proposed work promotes a unique data security protocol for validating candidate’s service appointment. Process initiated with concealment of private share within the first segment of each region of the e-letter at commission’s server. This is governed by hash operations determining circular orientation of private share fragments and their hosted matrix intervals. Signed e-letter downloaded at the posted place is validated through same hash operations and public share. Candidate’s on spot taken fingerprint are concealed in two segments for each region of the eletter adopting similar hiding strategies. The copyright signature of posting place is similarly shielded on fourth segment of each region using hash operations. The certified e-letter is thoroughly validated at commission’s server and signatures stored justify authenticity of appointment and proper candidature at the posting place. The superior test results from wider angles establishes the efficacy of the proposed protocol over the existing approaches.
Keywords
Dynamic Authentication, Standard-Deviation Based Encoding, Variable Encoding, Multi-Signature Hiding, Random Signature Dispersing.
Volume URL: https://airccse.org/journal/ijc2022.html
Abstract URL: https://aircconline.com/abstract/ijcnc/v14n5/14522cnc06.html
Pdf URL:https://aircconline.com/ijcnc/V14N5/14522cnc06.pdf
#scopuspublication #scopusindexed #callforpapers #researchpapers #cfp #researchers #phdstudent #researchScholar #journalpaper #submission #journalsubmission #WBAN #requirements #tailoredtreatment #MACstrategy #enhancedefficiency #protrcal #computing #analysis #wirelessbodyareanetworks #wirelessnetworks
#adhocnetwork #VANETs #OLSRrouting #routing #MPR #nderesidualenergy #korea #cognitiveradionetworks #radionetworks #rendezvoussequence
Here's where you can reach us : ijcnc@airccse.org or ijcnc@aircconline.com
An Hybrid Framework OTFS-OFDM Based on Mobile Speed EstimationIJCNCJournal
The Future wireless communication systems face the challenging task of simultaneously providing high-quality service (QoS) and broadband data transmission, while also minimizing power consumption, latency, and system complexity. Although Orthogonal Frequency Division Multiplexing (OFDM) has been widely adopted in 4G and 5G systems, it struggles to cope with a significant delay and Doppler spread in high mobility scenarios. To address these challenges, a novel waveform named Orthogonal Time Frequency Space (OTFS). Designers aim to outperform OFDM by closely aligning signals with the channel behaviour. In this paper, we propose a switching strategy that empowers operators to select the most appropriate waveform based on an estimated speed of the mobile user. This strategy enables the base station to dynamically choose the waveform that best suits the mobile user’s speed. Additionally, we suggest retaining an Integrated Sensing and Communication (ISAC) radar approach for accurate Doppler estimation. This provides precise information to facilitate the waveform selection procedure. By leveraging the switching strategy and harnessing the Doppler estimation capabilities of an ISAC radar.Our proposed approach aims to enhance the performance of wireless communication systems in high mobility cases. Considering the complexity of waveform processing, we introduce an optimized hybrid system that combines OTFS and OFDM, resulting in reduced complexity while still retaining performance benefits.This hybrid system presents a promising solution for improving the performance of wireless communication systems in higher mobility.The simulation results validate the effectiveness of our approach, demonstrating its potential advantages for future wireless communication systems. The effectiveness of the proposed approach is validated by simulation results as it will be illustrated.
International Journal of Computer Networks & Communications (IJCNC) - ---- Sc...IJCNCJournal
International Journal of Computer Networks & Communications (IJCNC)
Citations, h-index, i10-index of IJCNC
---- Scopus, ERA Listed, WJCI Indexed ----
Scopus Cite Score 2022--1.8
https://airccse.org/journal/ijcnc.html
IJCNC is listed in ERA 2023 as per the Australian Research Council (ARC) Journal Ranking
Scope & Topics
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
Authors are solicited to contribute to this journal by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in the Computer Networks & Communications.
Topics of Interest
• Network Protocols & Wireless Networks
• Network Architectures
• High speed networks
• Routing, switching and addressing techniques
• Next Generation Internet
• Next Generation Web Architectures
• Network Operations & management
• Adhoc and sensor networks
• Internet and Web applications
• Ubiquitous networks
• Mobile networks & Wireless LAN
• Wireless Multimedia systems
• Wireless communications
• Heterogeneous wireless networks
• Measurement & Performance Analysis
• Peer to peer and overlay networks
• QoS and Resource Management
• Network Based applications
• Network Security
• Self-Organizing Networks and Networked Systems
• Optical Networking
• Mobile & Broadband Wireless Internet
• Recent trends & Developments in Computer Networks
Paper Submission
Authors are invited to submit papers for this journal through E-mail: ijcnc@airccse.org or through Submission System. Submissions must be original and should not have been published previously or be under consideration for publication while being evaluated for this Journal.
Important Dates
• Submission Deadline : June 30, 2024
• Notification : July 29, 2024
• Final Manuscript Due : August 05, 2024
• Publication Date : Determined by the Editor-in-Chief
Contact Us
Here's where you can reach us: ijcnc@airccse.org or ijcnc@aircconline.com
For other details please visit - http://airccse.org/journal/ijcnc.html
Particle Swarm Optimization–Long Short-Term Memory based Channel Estimation w...IJCNCJournal
Paper Title
Particle Swarm Optimization–Long Short-Term Memory based Channel Estimation with Hybrid Beam Forming Power Transfer in WSN-IoT Applications
Authors
Reginald Jude Sixtus J and Tamilarasi Muthu, Puducherry Technological University, India
Abstract
Non-Orthogonal Multiple Access (NOMA) helps to overcome various difficulties in future technology wireless communications. NOMA, when utilized with millimeter wave multiple-input multiple-output (MIMO) systems, channel estimation becomes extremely difficult. For reaping the benefits of the NOMA and mm-Wave combination, effective channel estimation is required. In this paper, we propose an enhanced particle swarm optimization based long short-term memory estimator network (PSOLSTMEstNet), which is a neural network model that can be employed to forecast the bandwidth required in the mm-Wave MIMO network. The prime advantage of the LSTM is that it has the capability of dynamically adapting to the functioning pattern of fluctuating channel state. The LSTM stage with adaptive coding and modulation enhances the BER.PSO algorithm is employed to optimize input weights of LSTM network. The modified algorithm splits the power by channel condition of every single user. Participants will be first sorted into distinct groups depending upon respective channel conditions, using a hybrid beamforming approach. The network characteristics are fine-estimated using PSO-LSTMEstNet after a rough approximation of channels parameters derived from the received data.
Keywords
Signal to Noise Ratio (SNR), Bit Error Rate (BER), mm-Wave, MIMO, NOMA, deep learning, optimization.
Volume URL: https://airccse.org/journal/ijc2022.html
Abstract URL:https://aircconline.com/abstract/ijcnc/v14n5/14522cnc05.html
Pdf URL: https://aircconline.com/ijcnc/V14N5/14522cnc05.pdf
#scopuspublication #scopusindexed #callforpapers #researchpapers #cfp #researchers #phdstudent #researchScholar #journalpaper #submission #journalsubmission #WBAN #requirements #tailoredtreatment #MACstrategy #enhancedefficiency #protrcal #computing #analysis #wirelessbodyareanetworks #wirelessnetworks
#adhocnetwork #VANETs #OLSRrouting #routing #MPR #nderesidualenergy #korea #cognitiveradionetworks #radionetworks #rendezvoussequence
Here's where you can reach us : ijcnc@airccse.org or ijcnc@aircconline.com
June 2024 - Top 10 Read Articles in Computer Networks & CommunicationsIJCNCJournal
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
Enhanced Traffic Congestion Management with Fog Computing - A Simulation-Base...IJCNCJournal
Abstract: Accurate latency computation is essential for the Internet of Things (IoT) since the connected
devices generate a vast amount of data that is processed on cloud infrastructure. However, the cloud is not
an optimal solution. To overcome this issue, fog computing is used to enable processing at the edge while
still allowing communication with the cloud. Many applications rely on fog computing, including traffic
management. In this paper, an Intelligent Traffic Congestion Mitigation System (ITCMS) is proposed to
address traffic congestion in heavily populated smart cities. The proposed system is implemented using fog
computing and tested in a crowdedCairo city. The results obtained indicate that the execution time of the
simulation is 4,538 seconds, and the delay in the application loop is 49.67 seconds. The paper addresses
various issues, including CPU usage, heap memory usage, throughput, and the total average delay, which
are essential for evaluating the performance of the ITCMS. Our system model is also compared with other
models to assess its performance. A comparison is made using two parameters, namely throughput and the
total average delay, between the ITCMS, IOV (Internet of Vehicle), and STL (Seasonal-Trend
Decomposition Procedure based on LOESS). Consequently, the results confirm that the proposed system
outperforms the others in terms of higher accuracy, lower latency, and improved traffic efficiency.
Call for Papers -International Journal of Computer Networks & Communications ...IJCNCJournal
International Journal of Computer Networks & Communications (IJCNC)
Citations, h-index, i10-index of IJCNC
---- Scopus, ERA Listed, WJCI Indexed ----
Scopus Cite Score 2022--1.8
https://airccse.org/journal/ijcnc.html
IJCNC is listed in ERA 2023 as per the Australian Research Council (ARC) Journal Ranking
Scope & Topics
The International Journal of Computer Networks & Communications (IJCNC) is a bi monthly open access peer-reviewed journal that publishes articles which contribute new results in all areas of Computer Networks & Communications. The journal focuses on all technical and practical aspects of Computer Networks & data Communications. The goal of this journal is to bring together researchers and practitioners from academia and industry to focus on advanced networking concepts and establishing new collaborations in these areas.
Authors are solicited to contribute to this journal by submitting articles that illustrate research results, projects, surveying works and industrial experiences that describe significant advances in the Computer Networks & Communications.
Topics of Interest
· Network Protocols & Wireless Networks
· Network Architectures
· High speed networks
· Routing, switching and addressing techniques
· Next Generation Internet
· Next Generation Web Architectures
· Network Operations & management
· Adhoc and sensor networks
· Internet and Web applications
· Ubiquitous networks
· Mobile networks & Wireless LAN
· Wireless Multimedia systems
· Wireless communications
· Heterogeneous wireless networks
· Measurement & Performance Analysis
· Peer to peer and overlay networks
· QoS and Resource Management
· Network Based applications
· Network Security
· Self-Organizing Networks and Networked Systems
· Optical Networking
· Mobile & Broadband Wireless Internet
· Recent trends & Developments in Computer Networks
Paper Submission
Authors are invited to submit papers for this journal through E-mail: ijcnc@airccse.org or through Submission System. Submissions must be original and should not have been published previously or be under consideration for publication while being evaluated for this Journal.
Important Dates
· Submission Deadline : June 22, 2024
· Notification : July 22, 2024
· Final Manuscript Due : July 29, 2024
· Publication Date : Determined by the Editor-in-Chief
Contact Us
Here's where you can reach us: ijcnc@airccse.org or ijcnc@aircconline.com
For other details please visit - http://airccse.org/journal/ijcnc.html
Rendezvous Sequence Generation Algorithm for Cognitive Radio Networks in Post...IJCNCJournal
Recent natural disasters have inflicted tremendous damage on humanity, with their scale progressively increasing and leading to numerous casualties. Events such as earthquakes can trigger secondary disasters, such as tsunamis, further complicating the situation by destroying communication infrastructures. This destruction impedes the dissemination of information about secondary disasters and complicates post-disaster rescue efforts. Consequently, there is an urgent demand for technologies capable of substituting for these destroyed communication infrastructures. This paper proposes a technique for generating rendezvous sequences to swiftly reconnect communication infrastructures in post-disaster scenarios. We compare the time required for rendezvous using the proposed technique against existing methods and analyze the average time taken to establish links with the rendezvous technique, discussing its significance. This research presents a novel approach enabling rapid recovery of destroyed communication infrastructures in disaster environments through Cognitive Radio Network (CRN) technology, showcasing the potential to significantly improve disaster response and recovery efforts. The proposed method reduces the time for the rendezvous compared to existing methods, suggesting that it can enhance the efficiency of rescue operations in post-disaster scenarios and contribute to life-saving efforts.
Blockchain Enforced Attribute based Access Control with ZKP for Healthcare Se...IJCNCJournal
The relationship between doctors and patients is reinforced through the expanded communication channels provided by remote healthcare services, resulting in heightened patient satisfaction and loyalty. Nonetheless, the growth of these services is hampered by security and privacy challenges they confront. Additionally, patient electronic health records (EHR) information is dispersed across multiple hospitals in different formats, undermining data sovereignty. It allows any service to assert authority over their EHR, effectively controlling its usage. This paper proposes a blockchain enforced attribute-based access control in healthcare service. To enhance the privacy and data-sovereignty, the proposed system employs attribute-based access control, zero-knowledge proof (ZKP) and blockchain. The role of data within our system is pivotal in defining attributes. These attributes, in turn, form the fundamental basis for access control criteria. Blockchain is used to keep hospital information in public chain but EHR related data in private chain. Furthermore, EHR provides access control by using the attributed based cryptosystem before they are stored in the blockchain. Analysis shows that the proposed system provides data sovereignty with privacy provision based on the attributed based access control.
EECRPSID: Energy-Efficient Cluster-Based Routing Protocol with a Secure Intru...IJCNCJournal
A revolutionary idea that has gained significance in technology for Internet of Things (IoT) networks backed by WSNs is the " Energy-Efficient Cluster-Based Routing Protocol with a Secure Intrusion Detection" (EECRPSID). A WSN-powered IoT infrastructure's hardware foundation is hardware with autonomous sensing capabilities. The significant features of the proposed technology are intelligent environment sensing, independent data collection, and information transfer to connected devices. However, hardware flaws and issues with energy consumption may be to blame for device failures in WSN-assisted IoT networks. This can potentially obstruct the transfer of data. A reliable route significantly reduces data retransmissions, which reduces traffic and conserves energy. The sensor hardware is often widely dispersed by IoT networks that enable WSNs. Data duplication could occur if numerous sensor devices are used to monitor a location. Finding a solution to this issue by using clustering. Clustering lessens network traffic while retaining path dependability compared to the multipath technique. To relieve duplicate data in EECRPSID, we applied the clustering technique. The multipath strategy might make the provided protocol more dependable. Using the EECRPSID algorithm, will reduce the overall energy consumption, minimize the End-to-end delay to 0.14s, achieve a 99.8% Packet Delivery Ratio, and the network's lifespan will be increased. The NS2 simulator is used to run the whole set of simulations. The EECRPSID method has been implemented in NS2, and simulated results indicate that comparing the other three technologies improves the performance measures.
Analysis and Evolution of SHA-1 Algorithm - Analytical TechniqueIJCNCJournal
A 160-bit (20-byte) hash value, sometimes called a message digest, is generated using the SHA-1 (Secure Hash Algorithm 1) hash function in cryptography. This value is commonly represented as 40 hexadecimal digits. It is a Federal Information Processing Standard in the United States and was developed by the National Security Agency. Although it has been cryptographically cracked, the technique is still in widespread usage. In this work, we conduct a detailed and practical analysis of the SHA-1 algorithm's theoretical elements and show how they have been implemented through the use of several different hash configurations.
Optimizing CNN-BiGRU Performance: Mish Activation and Comparative AnalysisIJCNCJournal
Deep learning is currently extensively employed across a range of research domains. The continuous advancements in deep learning techniques contribute to solving intricate challenges. Activation functions (AF) are fundamental components within neural networks, enabling them to capture complex patterns and relationships in the data. By introducing non-linearities, AF empowers neural networks to model and adapt to the diverse and nuanced nature of real-world data, enhancing their ability to make accurate predictions across various tasks. In the context of intrusion detection, the Mish, a recent AF, was implemented in the CNN-BiGRU model, using three datasets: ASNM-TUN, ASNM-CDX, and HOGZILLA. The comparison with Rectified Linear Unit (ReLU), a widely used AF, revealed that Mish outperforms ReLU, showcasing superior performance across the evaluated datasets. This study illuminates the effectiveness of AF in elevating the performance of intrusion detection systems.
An Hybrid Framework OTFS-OFDM Based on Mobile Speed EstimationIJCNCJournal
The Future wireless communication systems face the challenging task of simultaneously providing high-quality service (QoS) and broadband data transmission, while also minimizing power consumption, latency, and system complexity. Although Orthogonal Frequency Division Multiplexing (OFDM) has been widely adopted in 4G and 5G systems, it struggles to cope with a significant delay and Doppler spread in high mobility scenarios. To address these challenges, a novel waveform named Orthogonal Time Frequency Space (OTFS). Designers aim to outperform OFDM by closely aligning signals with the channel behaviour. In this paper, we propose a switching strategy that empowers operators to select the most appropriate waveform based on an estimated speed of the mobile user. This strategy enables the base station to dynamically choose the waveform that best suits the mobile user’s speed. Additionally, we suggest retaining an Integrated Sensing and Communication (ISAC) radar approach for accurate Doppler estimation. This provides precise information to facilitate the waveform selection procedure. By leveraging the switching strategy and harnessing the Doppler estimation capabilities of an ISAC radar.Our proposed approach aims to enhance the performance of wireless communication systems in high mobility cases. Considering the complexity of waveform processing, we introduce an optimized hybrid system that combines OTFS and OFDM, resulting in reduced complexity while still retaining performance benefits.This hybrid system presents a promising solution for improving the performance of wireless communication systems in higher mobility.The simulation results validate the effectiveness of our approach, demonstrating its potential advantages for future wireless communication systems. The effectiveness of the proposed approach is validated by simulation results as it will be illustrated.
(T.L.E.) Agriculture: Essentials of GardeningMJDuyan
(𝐓𝐋𝐄 𝟏𝟎𝟎) (𝐋𝐞𝐬𝐬𝐨𝐧 𝟏.𝟎)-𝐅𝐢𝐧𝐚𝐥𝐬
Lesson Outcome:
-Students will understand the basics of gardening, including the importance of soil, water, and sunlight for plant growth. They will learn to identify and use essential gardening tools, plant seeds, and seedlings properly, and manage common garden pests using eco-friendly methods.
Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...Murugan Solaiyappan
Title: Relational Database Management System Concepts(RDBMS)
Description:
Welcome to the comprehensive guide on Relational Database Management System (RDBMS) concepts, tailored for final year B.Sc. Computer Science students affiliated with Alagappa University. This document covers fundamental principles and advanced topics in RDBMS, offering a structured approach to understanding databases in the context of modern computing. PDF content is prepared from the text book Learn Oracle 8I by JOSE A RAMALHO.
Key Topics Covered:
Main Topic : DATA INTEGRITY, CREATING AND MAINTAINING A TABLE AND INDEX
Sub-Topic :
Data Integrity,Types of Integrity, Integrity Constraints, Primary Key, Foreign key, unique key, self referential integrity,
creating and maintain a table, Modifying a table, alter a table, Deleting a table
Create an Index, Alter Index, Drop Index, Function based index, obtaining information about index, Difference between ROWID and ROWNUM
Target Audience:
Final year B.Sc. Computer Science students at Alagappa University seeking a solid foundation in RDBMS principles for academic and practical applications.
About the Author:
Dr. S. Murugan is Associate Professor at Alagappa Government Arts College, Karaikudi. With 23 years of teaching experience in the field of Computer Science, Dr. S. Murugan has a passion for simplifying complex concepts in database management.
Disclaimer:
This document is intended for educational purposes only. The content presented here reflects the author’s understanding in the field of RDBMS as of 2024.
Feedback and Contact Information:
Your feedback is valuable! For any queries or suggestions, please contact muruganjit@agacollege.in
Understanding and Interpreting Teachers’ TPACK for Teaching Multimodalities i...Neny Isharyanti
Presented as a plenary session in iTELL 2024 in Salatiga on 4 July 2024.
The plenary focuses on understanding and intepreting relevant TPACK competence for teachers to be adept in teaching multimodality in the digital age. It juxtaposes the results of research on multimodality with its contextual implementation in the teaching of English subject in the Indonesian Emancipated Curriculum.
How to Handle the Separate Discount Account on Invoice in Odoo 17Celine George
In Odoo, separate discount account can be set up to accurately track and manage discounts applied on various transaction and ensure precise financial reporting and analysis
How to Show Sample Data in Tree and Kanban View in Odoo 17Celine George
In Odoo 17, sample data serves as a valuable resource for users seeking to familiarize themselves with the functionalities and capabilities of the software prior to integrating their own information. In this slide we are going to discuss about how to show sample data to a tree view and a kanban view.
How to Configure Time Off Types in Odoo 17Celine George
Now we can take look into how to configure time off types in odoo 17 through this slide. Time-off types are used to grant or request different types of leave. Only then the authorities will have a clear view or a clear understanding of what kind of leave the employee is taking.
Split Shifts From Gantt View in the Odoo 17Celine George
Odoo allows users to split long shifts into multiple segments directly from the Gantt view.Each segment retains details of the original shift, such as employee assignment, start time, end time, and specific tasks or descriptions.
No, it's not a robot: prompt writing for investigative journalismPaul Bradshaw
How to use generative AI tools like ChatGPT and Gemini to generate story ideas for investigations, identify potential sources, and help with coding and writing.
A talk from the Centre for Investigative Journalism Summer School, July 2024
Join educators from the US and worldwide at this year’s conference, themed “Strategies for Proficiency & Acquisition,” to learn from top experts in world language teaching.
NLC English 7 Consolidation Lesson plan for teacher
DEPLOYMENT OF INTRUSION PREVENTION SYSTEM ON MULTI-CORE PROCESSOR BASED SECURITY HARDWARE
1. International Journal of Computer Networks & Communications (IJCNC) Vol.10, No.3, May 2018
DOI: 10.5121/ijcnc.2018.10302 13
DEPLOYMENT OF INTRUSION PREVENTION
SYSTEM ON MULTI-CORE PROCESSOR BASED
SECURITY HARDWARE
Swetha K V1
and Ravi Dara2
1
Department of Computer Science & Engineering, CMR Institute of Technology,
Bangalore, India
2
Nevis Networks(I) Pvt.Ltd., Pune, India
ABSTRACT
After tightening up network perimeter for dealing with external threats, organizations have woken up to the
threats from inside Local Area Networks (LAN) over the past several years. It is thus important to design
and implement LAN security strategies in order to secure assets on LAN by filtering traffic and thereby
protecting them from malicious access and insider attacks. Banking Financial Services and Insurance
(BFSI) industry is one such segment that faces increased risks and security challenges. The typical
architecture of this segment includes several thousands of users connecting from various branches over
Wide Area Network (WAN) links crossing national and international boundaries with varying network
speed to access data center resources. The objective of this work is to deploy LAN security solution to
protect the data center located at headquarters from the end user machines. A LAN security solution should
ideally provide Network Access Control (NAC) along with cleaning (securing) the traffic going through it.
Traffic cleaning itself includes various features like firewall, intrusion detection/prevention, traffic anomaly
detection, validation of asset ownership etc. LANenforcer (LE) is a device deployed in front of the data
center such that the traffic from end-user machines necessarily passes through it so that it can enforce
security. The goal of this system is to enhance the security features of a LANenforcer security system with
Intrusion Prevention System (IPS) to enable it to detect and prevent malicious network activities. IPS is
plugged into the packet path based on the configuration in such a way that the entire traffic passes through
the IPS on LE.
KEYWORDS
LAN security, LANenforcer, IPS, Security hardware, Multi-core processor
1. INTRODUCTION
LAN security solutions are important for the complete protection of enterprise networks and the
users on the network. The security solutions include firewalls, anti-virus programs, Intrusion
Detection/Prevention Systems (IDPS), traffic anomaly detection mechanisms that identify attacks
as it occurs. Firewalls, anti-virus, and IDS helps prevent confidential data from getting out and
also prevent intruders getting in. A firewall filters traffic from the Internet into the organization as
well as traffic from within the organization to the outside. IDS can evaluate traffic that passes
through these open ports but cannot stop it. Network -based IPS is generally systems that sit in
line, and block suspicious traffic after detecting an attack. IPS protects networks from
unauthorized network connections, malicious network activities and intruders. In IPS mode,
device is not working with copy of the packets, but instead, it is working with the original
packets. IPS has become an essential next-level of defence for environments that want
transparency to users while protecting data and network resources. IPS may be implemented in
hardware or in software on a PC. The various IPS software’s use different detection methods,
2. International Journal of Computer Networks & Communications (IJCNC) Vol.10, No.3, May 2018
14
signature detection, anomaly detection, and some proprietary methods to prevent the occurrences
of attacks. IPS is an evolution of IDS technology. Its proactive capabilities will help to keep
networks safer from more sophisticated attacks. IPS focuses on what an attack does — its
behavior, which does not change. IPS use a set of rules to represent the type of behavior:
acceptable or harmful. The real time traffic is then compared to the set of rules and the action is
taken, whether to be permitted or blocked.
The challenges associated with financial organizations possess increased economical risk at every
step of transactions. The challenges include data access control and security, availability of
network connectivity and so on. Security threats and attacks can end up in disrupting the entire
network including ATMs. To have a control on access by unknown machines and monitor for
detection of malicious behavior within the traffic and thereby block the detected traffic, it is
necessary to adopt LAN security strategies.
1.1. Problem Statement
Most of the segments in the current world face many risks and security challenges. Banking
Financial Services and Insurance (BFSI) industry is one among them. The typical infrastructure
of BFSI industry includes the large number of users with connections from various branches over
WAN links. The Number of branches varies depending upon the organization and network speed
varies depending upon the infrastructure. Critical servers are located at the Headquarters. LEs are
deployed in front of data centers such that the traffic from end-user machines necessarily passes
through it so that it can enforce security. Critical servers need to be protected from end-users and
machines. LE with LAN security solutions such as user authentication, validation of asset
ownership, MAC address verification, NAC, firewall, traffic anomaly keeps networks safer from
network- based attacks. These are deployed in n:m redundancy model, where n is the number of
active LEs and m is the number of standby LEs to ensure complete availability of the network
even if connectivity to active LE fails. In this work, IPS feature is proposed to enhance the
security features of a LE security system which can prevent from suspicious threats. IPS is
plugged into the packet path based on configuration in such a way that the entire traffic passes
through the IPS on LE. LS is a monitoring and configuring tool for LE where GUI resides. LE
and LS do secure communication. IPS configuration is integrated into LS for admin to control
LE.
2. THE MULTI-CORE PROCESSOR
The multi-core processor used is Cavium Network’s Octeon processor. It provides high
performance, high bandwidth and, low power consumption. It contains hardware acceleration for
specific applications like encryptions and pattern matching. The processor can be used for control
plane as well as data-plane networking applications. The Octeon processors are used in a wide
variety of OEM equipment. Some examples include routers, switches, unified threat management
(UTM) appliances, content-aware switches, application-aware gateways, triple-play broadband
gateways, WLAN access and aggregation devices, 3G, WiMAX and LTE base station and core
network equipment, storage networking equipment, storage systems, servers, and intelligent
network adapters. The Octeon family of multi-core processors supports up to 32 MIPS cores.
Multiple hardware acceleration units are integrated into the Octeon processor. These hardware
acceleration units offload the cores, reducing software overhead and complexity. The processor
consists of control plane and data plane.
3. International Journal of Computer Networks & Communications (IJCNC) Vol.10, No.3, May 2018
15
3. SELECTION OF AN OPEN SOURCE INTRUSION PREVENTION SYSTEM
Intrusion Prevention Systems such as Snort, Suricata and Metaflows were studied and compared
to choose a good quality and economically feasible solution [5]. Snort is a free and open source
network intrusion prevention system (NIPS) and network intrusion detection system (NIDS)
created by Martin Roesch in 1998. Suricata is a high performance Network IDS, IPS, and
Network Security Monitoring engine. Metaflows is a product that can be installed on low- cost
hardware and transmit the network data to the cloud system for analysis. It includes Bot Hunter,
Snort, Flow, Net Flow like network traffic monitoring plug-ins; log management tools. Meta
Flows sensors process 800 Mbps of sustained network throughput when using an eight-core Intel
i7 CPU that costs around $1,000. On the server side, a threat prediction algorithm is used to
prioritize events. The table below summarizes the comparison between Snort, Suricata and
Metaflows.
Table 1. Comparison between snort, suricata [1],[2] and metaflows[4]
Based on the study, Suricata is chosen as the IPS for deployment. Suricata is a high performance
Network IDS, IPS and Network Security Monitoring engine Open Source and owned by a
community run non-profit foundation, the Open Information Security Foundation (OISF).
3.1. Packet Pipeline
Suricata has multiple run modes, each of which initializes the threads, queues, and plumbing
necessary for operation. These modes are usually tied to the choice of the capture device and
whether the mode is IDS or IPS. Example of capture devices: pcap, pcap file, nfqueue, ipfw, or a
proprietary capture device. Only one run mode is chosen at startup. Each thread in the packet
pipeline is an instance of a module[15],[16].
4. International Journal of Computer Networks & Communications (IJCNC) Vol.10, No.3, May 2018
16
These threads[19] are initialized by the runmode defined in 'runmodes.c'. The run mode also
initializes the queues and packet handlers used for moving packets between modules and queues.
A thread is marked runnable after the all the steps from the run mode initialization are complete.
Real time traffic from NIC or network packets stored on PCAP file is passed as input to Suricata.
Then the traffic is decoded, which converts the input in to a Suricata support data structure where
it is passed to a link type decoder. Then the streams are reassembled prior to being distributed
between the signature-detection modules. The detection module takes care of multiple complex
tasks: loading all signatures, initializing detection plugins, creating detection groups for packet
routing, and finally running packets through all applicable rules. The user can configure the
number of threads, number of CPUs required in the configuration file.
Suricata is compatible with most operating systems (e.g. Linux, Mac, FreeBSD, UNIX and
Windows). The industry considers Suricata a strong competitor to Snort and thus they are often
compared with each other.
Fig 1. Packet Pipeline
3.2. Suricata.yaml file
Suricata uses the Yaml [10] format for configuration. The Suricata.yaml file is included in the
source code. At the top of the YAML-file you will find % YAML 1.1. Suricata reads the file and
identifies the file as YAML.
3.3. Suricata rules
Signatures play a very important role in Suricata[14]. Mostly used existing rule sets are Emerging
Threats, Emerging Threats Pro and source fire's VRT[18]. A rule/signature consists of the
following: The action, header and rule-options. Example of a signature:
alert udp any any -> any 53 (msg:"ET DOS DNS BIND 9 Dynamic Update DoS attempt";
byte_test:1,&,40,2; byte_test:1,>,0,5; byte_test:1,>,0,1; content:"|00 00 06|"; offset:8; content:"|c0
0c 00 ff|"; distance:2; reference:cve,2009-0696;
reference:url,doc.emergingthreats.net/2009701;classtype:attempteddos; sid:2009701; rev:2;)
Description:
Col 1: action-type (alert/drop/reject/pass)
Col 2: protocol (tcp (for tcp-traffic), udp, icmp and ip. ip stands for 'all' or 'any', http, ftp, tls (this
includes ssl), smb and dns)
Col 3: source ip
Col 4: source port
Col 5: direction operator (source -> destination, source <> destination (both directions))
Col 6: destination ip
Col 7: destination port
Col 8 till end: signature
5. International Journal of Computer Networks & Communications (IJCNC) Vol.10, No.3, May 2018
17
4. TESTING AND OPTIMIZATION
This chapter focuses on the experiments done on LE with Suricata enabled and optimizations are
done on Suricata configuration based on the results of experiments. Suricata is configured as a
bridging IPS where interfaces eth0 and eth1 are bridged[17].
Fig.2. Experimental setup with bridge configuration
For basic testing purposes, a machine host1 is connected to LAN to which eth0 interface of LE is
connected. Eth1 is connected to LAN to which another machine host2 is connected. Packets sent
from host1 to host2 enter LE via eth0 interface and are forwarded to bridge, then Suricata and
finally pass through eth1.
4.1. Testing using Tcpreplay and Tomahawk
Tcpreplay[11] is a tool used to replay the traffic previously captured back onto the network and
through other devices such as switches, routers, firewalls, NIDS and IPSs. Tomahawk[20] is also
a tool for testing the performance and in-line blocking capabilities of IPS devices. They split
traffic between two interfaces and emulate client and server sides of the connection. The tool
divides packet trace into two parts as those given by the client and those given by server. The
First time it sees an IP address, it is classified as client if the address is found in the ip source field
of packet and classified as server if the address is found in the IP destination field of the packet.
Testing with these tools did not give substantial results because of the packet misbehaviour.
These tools could not do anything with the packets if it detects a source IP in the packet which is
already classified as server. A DARPA Intrusion set of 400 MB and some other downloaded pcap
files were replayed. But it produced warning that many packets had outgoing interface conflicts.
4.2. Testing Using Ixia
Ixia traffic generator provides a complete platform of testing the network setup to ensure
sustained and reliable performance. Ixia test ports can be independently configured to define
traffic, filtering, and capture capabilities. Experiments were carried out using IxExplorer and
IxLoad by sending packets through DUT with Suricata enabled. Four ports of Ixia Chasis were
connected to the DUT, two ports being configured as clients and two ports as servers. Using
IxLoad, two client networks were configured each with 200 clients and two server networks were
configured each with one server. HTTP and FTP packets were transferred using IxLoad setup.
The graphs obtained as experimental results are shown below.
6. International Journal of Computer Networks & Communications (IJCNC) Vol.10, No.3, May 2018
18
Fig.3. Graph showing throughput in MB obtained for FTP traffic through LE without Suricata
Fig.4. Graph showing throughput in MB obtained for HTTP traffic through LE without Suricata
7. International Journal of Computer Networks & Communications (IJCNC) Vol.10, No.3, May 2018
19
Fig.5. Graph showing throughput in MB obtained for HTTP traffic through LE with Suricata
Fig.6. Graph showing throughput in MB obtained for FTP traffic through LE with Suricata
8. International Journal of Computer Networks & Communications (IJCNC) Vol.10, No.3, May 2018
20
Fig.7.CPU Utilization for FTP traffic
Fig.8.CPU Utilization for HTTP traffic
4.3. Optimization of Suricata Configuration
Suricata IPS configurations are stored in a YAML file format[13].
Following options have been modified in the default yaml file[10] for optimizing the
performance.
Max-Pending Packets:
Default number of packets allowed to be processed simultaneously by Suricata is 1,024.
Increasing this limit to 5000 showed a slight improvement in performance.
max-pending-packets: 5000
Run-mode:
There are different run-modes available in Suricata. Workers mode is chosen since it gave better
throughput than default auto-fp mode. In workers mode, all the treatment for a packet is made on
a single thread.
9. International Journal of Computer Networks & Communications (IJCNC) Vol.10, No.3, May 2018
21
Fig.9.Graph showing throughput in default run-mode(autofp) versus workers mode of Suricata.
Netlink buffer size:
The default netlink buffer size in yaml is 18432. Increasing this value will increase the number of
packets to be queued in nfqueue thereby reducing the packet loss. But when the value is changed
to 20000 config was not getting reflected. Thus, the variable ―queue_maxlenǁ in the source code
is explicitly set to 30,000.
Before this modification, there was significant packet loss.
Fig.9. nfqueue statistics before increasing queue length
Delayed-detect:
delayed-detect:yes
(default: it is commented) This option loads the signature after it starts capturing packets. Because
of this suricata can capture the packets while signature building is in progress. This is used in DP
suricata script to start/stop suricata without waiting for signature building.
Cpu-affinity:
set-cpu-affinity: yes
- receive-cpu-set: cpu: [ ―allǁ ] (default: cpu [0])
- decode-cpu-set: cpu: [ ―allǁ ] (default cpu[ 0, 1])
On dividing the cpu load among all the cores, performance is slightly increased.
10. International Journal of Computer Networks & Communications (IJCNC) Vol.10, No.3, May 2018
22
In workers mode, number of threads depend on number of nfqueues used. If there are 16 queues
used, there will be 16 worker threads in total.
Stream-reassembly:
stream: reassembly: memcap: 4gb #(default 128 mb )
The stream reassembly engine uses a set of pools in which preallocated segments are stored.
There are various pools each with different packet sizes. Prealloc value for segments with
different packet sizes are also modified for tuning the performance. (under segments: prealloc: in
yaml file). This setting could be varied as per the verbose output.
Suricata rules:
By default, Suricata provides different rule files. For the deployment purpose, all the files
containing rules are merged to all.rules (a single file).
5. METHODOLOGY
5.1. Selection of an open-source Intrusion Prevention System
Based on the literature survey done on various open-source Intrusion Prevention Systems such as
Snort, Suricata and Metaflows, Suricata IPS is chosen for the deployment.
5.2. Cross-compilation
Cross-compilation is the act of compiling code for one system on a different system. The system
on which compiler runs is the host and the system on which the new compiled program runs is the
target. When host and target are of same machine types, the compiler is native. When host and
target are of different machine types, the compiler is said to be cross-compiler. Since compilation
is a resource-intensive process, it is difficult to do all resource-intensive tasks on embedded
hardware designed for low-power consumption. Suricata programs are developed on X86
hardware. The processor on which Suricata IPS is deployed is MIPS based platform. Hence,
Suricata is cross-compiled using MIPS tool chain on X86 machine that generated code for MIPS
platform. Cross-compilation of Suricata involves crosscompilation of each library it requires and
the cross-compilation of Suricata source code. Suricata requires following libraries: libpcap,
libcapng, pcre, yaml, libnfnetlink, libnetfilter_queue, libmnl, libnet, libmagic, zlib,
libnetfilter_log. All these libraries are downloaded and cross-compiled and finally the Suricata
source too. The compiled binaries are then copied to proper the locations of processor where
Suricata is being executed.
5.3. Plugging IPS into the packet path
Suricata IPS is a userspace software. In order to make the network packets to pass through
Suricata userspace from kernel space[9] before it reaches the destination, IP tables rules have to
be configured accordingly[3].
The simplest rule to send all traffic to Suricata is as follows:
iptables -I FORWARD -j NFQUEUE --queue-num 0
In this case, all forwarded traffic goes to Suricata through NFQUEUE. NFQUEUE is iptables and
ip6tables[6],[7] target that delegates the choice on packets to a user space package. Once a packet
reaches associate degree NFQUEUE[8] target it's en-queued to the queue as per the amount given
11. International Journal of Computer Networks & Communications (IJCNC) Vol.10, No.3, May 2018
23
by the --queue-num choice. The packet queue is enforced as a in chains list with component being
the packet and data (a UNIX kernel skb). The protocol used between kernel and userspace is
nfnetlink.
This can be a message primarily based protocol that doesn't involve any shared memory. Once a
packet is en-queued, the kernel sends a nfnetlink formatted message containing packet knowledge
and connected data to a socket and userspace reads this message. In userspace, the package
should use libnetfilter_queue to attach to queue zero (the default one) and acquire the messages
from kernel. It then should issue a finding of fact on the packet. To issue a finding of fact,
userspace format a nfnetlink message containing the index of the packet and send it to the
communication socket. As an example, the higher than rule can arouse a choice to a listening
userpsace program for all packets aiming to the box.
--queue-balance is an NFQUEUE[9] option which to load balance packets queued by the same
iptables rules to multiple queues. The usage is fairly simple. For example, to load balance
FORWARD traffic to queue 0 to 15, the following rule can be used[12].
iptables -A INPUT -j NFQUEUE --queue-balance 0:15
The following command is used to view nfqueue statistics:
cat /proc/net/netfilter/nfnetlink_queue
0 15015 0 2 65535 0 0 0 1
Col 1: queue num
Col 2: id attached to queue
Col 3: number of packets waiting to be processed by the application
Col 4: if packet payload is also passed, value is 2; if only meta-data is passed, value is 1
Col 5: how many bytes of packet payload should be copied to userspace at most.
Col 6: Packets dropped by kernel
Col 7: packets dropped within netlink subsystem
Col 8: ID of the most recent packet queued by userspace
Col 9: Always 1
5.4. Iptables rule setup to use IPS within the deployment context
Packets are being bridged here. So iptables are called in link layer forwarding context. The
packets will go through ebtables NAT and then bridge forwarding action. Bridge forwarding
action will call ebtables-forward-chain - filter table followed by iptables-forward-chain - filter
table. The iptables forward chain has default DROP policy. Only all the accepted packets from
forward chain are sent to Suricata to prevent unnecessary load. A new chain called IPS chain is
thus introduced. The ACCEPT rules in FORWARD chain are replaced by a GOTO IPS chain
target action. Also another rule with -J ACCEPT at the bottom is added in IPS chain. If IPS is
enabled, NFQUEUE rule is added to IPS chain. If IPS is disabled, NfQUEUE rule is flushed and
all the packets which hit allow action in FORWARD chain enter IPS chain and hit –j ACEEPT
rule by which the packet is simply accepted.
12. International Journal of Computer Networks & Communications (IJCNC) Vol.10, No.3, May 2018
24
Fig 5.4.1: Packet flow through different chains of iptables
5.5. Deployment of IPS in data-plane part
On data-plane, all the libraries are copied and the Suricata binary is copied during build process.
Iptables configuration are copied to a script and executed during init time. Along with this,
ftpserver is started during init on data-plane. A script on control-plane passes the tar of Suricata
configuration files using ftpput utility and invokes the script on data-plane to start Suricata binary.
The script on data-plane copy the configuration files required for starting Suricata to proper
locations, enable iptables rules with NFQUEUE option and start Suricata.
6. CONCLUSION AND FUTURE WORK
Banking and Financial Organizations need security solutions to protect their data servers. Les
deployed with LAN security solutions such as user authentication, validation of asset ownership,
MAC address verification, NAC, firewall, traffic anomaly keep networks safer from network
based attacks. These solutions equip the BFSI networks for the access control, transparency,
visibility and the defense against malicious attacks which are the basic requirements of modern
enterprise networks.
IPS feature deployed enhance the security features of a LE security system and prevent from
suspicious threats.
The multi-core processor used here supports hardware acceleration. In this work, the IPS used has
a software- based pattern matching engine. Future work could be porting the software based
pattern matching engine to hardware-based pattern matching engine. Using hardware acceleration
for pattern matching will increase the performance and give better results.
REFERENCES
[1] Suricata Features, http://suricata-ids.org/features/all-features/
[2] A performance analysis of snort and suricata network intrusion detection and prevention engines.
IDCS 2011, the Fifth International Conference on Digital Society, Gosier, Guadeloupe, France. 187–
192.
[3] Deployment of Intrusion Prevention System based on Software Defined Networking, 2013 15th IEEE
International Conference on Communication Technology (ICCT)
[4] Metaflows and its features, http://www.metaflows.com/features/ids/
[5] Free and open source intrusion detection systems: A study, 2015 International Conference on
Machine Learning and Cybernetics
[6] Fundamentals of Iptables, http://www.thegeekstuff.com/2011/01/IPTABLES-FUNDAMENTALS/
[7] Iptables, https://help.ubuntu.com/community/IptablesHowTo
13. International Journal of Computer Networks & Communications (IJCNC) Vol.10, No.3, May 2018
25
[8] About Nfqueue, http://netfilter.org/projects/libnetfilter_queue/
[9] Packet path through Kernel, http://www.cs.wustl.edu/~jain/cse567-11/ftp/pkt_recp/index.html
[10] Suricata.yaml,https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Suricatayaml
[11] Tcpreplay, http://tcpreplay.synfin.net/wiki/tcpreplay
[12] Usage of nfqueue, https://home.regit.org/netfilter-en/using-nfqueue-and-libnetfilter_queue/
[13] Setting up Suricata in inline mode,
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Setting_up_IPSinline_for_Linux
[14] Ubuntu Installation steps for Suricata,
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Ubuntu_Installation
[15] Tuning Suricata Inline IPS performance- discussion,
https://lists.openinfosecfoundation.org/pipermail/oisf-users/2011-December/001141.html
[16] Patrick-patch for zero copy, http://home.regit.org/2011/08/patrick-mchardy-memory mappednetlink-
and-nfnetlink_queue/
[17] Suricata as a bridging IPS (Setup),http://taosecurity.blogspot.in/2014/01/suricata-20beta2-as-ipson-
ubuntu-1204.html
[18] Emerging-Threats Ruleset Download, https://rules.emergingthreats.net/open/suricata/rules/
[19] Suricata Threading, https://kaurikim.wordpress.com/2015/02/16/suricata-threading/
[20] Tomahawk,http://tomahawk.sourceforge.net/