This document proposes NICE, a framework for secure intrusion detection and attack mitigation in virtual network systems. NICE uses distributed agents on cloud servers to monitor traffic, detect vulnerabilities, and generate attack graphs. It profiles virtual machines to identify their state and vulnerabilities. When potential attacks are detected, NICE can quarantine suspicious VMs and inspect their traffic. The attack analyzer correlates alerts, constructs attack graphs, and selects appropriate countermeasures based on the graphs. Evaluations show NICE can effectively detect attacks while minimizing performance overhead for the cloud system.
Risk Assessment for Identifying Intrusion in Manet
This document presents a risk assessment approach for identifying intrusions in mobile ad hoc networks (MANETs). It proposes using Dempster-Shafer theory to combine evidence from an intrusion detection system and routing table changes to assess the risk of attacks and countermeasures. An adaptive decision module then determines the response based on the risk assessment. The approach is evaluated experimentally and shown to effectively mitigate attack damages in MANETs.
A METHOD OF TRUST MANAGEMENT IN WIRELESS SENSOR NETWORKS
The research problem considered in this paper is how to protect wireless sensor networks (WSN) against cyber-threats by applying trust management and how to strengthen network resilience to attacks targeting the trust management mechanism itself. A new method, called WSN Cooperative Trust Management Method (WCT2M), of distributed trust management in multi-layer wireless sensor networks is proposed and its performance is evaluated. The method is specified by giving its class model in UML and by
explaining the related attributes and methods. Different attacks against the network and against WCT2M deployed in the network are considered. The experimental evaluation of WCT2M involves laboratory experiments and simulations using a dedicated simulator. The evaluation focuses on efficiency of detecting and isolating the malicious nodes that implement different attack scenarios in the network and on the
method’s sensitivity to the changes in effectiveness of the security mechanisms deployed in the network nodes.
Modelling of A Trust and Reputation Model in Wireless Networks
Security is the major challenge for Wireless Sensor Networks (WSNs). The sensor nodes are deployed in non controlled environment, facing the danger of information leakage, adversary attacks and other threats. Trust and Reputation models are solutions for this problem and to identify malicious, selfish and compromised nodes. This paper aims to evaluate varying collusion effect with respect to static (SW), dynamic (DW), static with collusion (SWC), dynamic with collusion (DWC) and oscillating wireless sensor networks to derive the joint resultant of Eigen Trust Model. An attempt has been made for the same by comparing aforementioned networks that are purely dedicated to protect the WSNs from adversary attacks and maintain the security issues. The comparison has been made with respect to accuracy and path length and founded that, collusion for wireless sensor networks seems intractable with the static and dynamic WSNs when varied with specified number of fraudulent nodes in the scenario. Additionally, it consumes more energy and resources in oscillating and collusive environments.
Investigation of detection & prevention sinkhole attack in manet
This document discusses sinkhole attacks in mobile ad hoc networks (MANETs) and wireless sensor networks (WSNs). It provides background on sinkhole attacks, where a compromised node advertises a high quality route to attract network traffic. This can disrupt data transmission to the base station. The document reviews several existing detection techniques for sinkhole attacks, including algorithms using hop counting and mobile agents. It then proposes a new lightweight algorithm to detect sinkhole attacks in MANETs using network flow information collected by the base station and analysis of routing patterns to identify the intruder. The algorithm aims to provide secure and efficient sinkhole detection with low overhead.
This document summarizes a research paper that proposes a new framework called Cloud Information Accountability (CIA) to improve accountability and security in cloud computing systems. The CIA framework uses identity-based encryption, logging of user access in "push" and "pull" modes, and accountability controls to allow data owners to monitor how their data is used in the cloud. This is an improvement over existing systems where data handling is opaque and users lack control. The framework aims to prevent "zombies" or unauthorized access by verifying user identities and logging all access for auditing purposes. It establishes accountability while avoiding interruptions to cloud services and applications.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Review of Security Issues in Mobile Wireless Sensor NetworksEswar Publications
MWSNs are finding applicability in wide range of applications. Applications spread from day to day utilities to military and surveillance, where they may sense information about vehicular movements around border. Considering the importance of data being sent by these nodes, threat of compromising them has also increased. This paper aims to explore various types of attacks and tries to classify them based on some common parameter. Better understanding of various attacks, their style of functioning and point of penetration can help researchers devise better preventive measures.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
Risk Assessment for Identifying Intrusion in ManetIOSR Journals
This document presents a risk assessment approach for identifying intrusions in mobile ad hoc networks (MANETs). It proposes using Dempster-Shafer theory to combine evidence from an intrusion detection system and routing table changes to assess the risk of attacks and countermeasures. An adaptive decision module then determines the response based on the risk assessment. The approach is evaluated experimentally and shown to effectively mitigate attack damages in MANETs.
A METHOD OF TRUST MANAGEMENT IN WIRELESS SENSOR NETWORKSijsptm
The research problem considered in this paper is how to protect wireless sensor networks (WSN) against cyber-threats by applying trust management and how to strengthen network resilience to attacks targeting the trust management mechanism itself. A new method, called WSN Cooperative Trust Management Method (WCT2M), of distributed trust management in multi-layer wireless sensor networks is proposed and its performance is evaluated. The method is specified by giving its class model in UML and by
explaining the related attributes and methods. Different attacks against the network and against WCT2M deployed in the network are considered. The experimental evaluation of WCT2M involves laboratory experiments and simulations using a dedicated simulator. The evaluation focuses on efficiency of detecting and isolating the malicious nodes that implement different attack scenarios in the network and on the
method’s sensitivity to the changes in effectiveness of the security mechanisms deployed in the network nodes.
Modelling of A Trust and Reputation Model in Wireless Networksijeei-iaes
Security is the major challenge for Wireless Sensor Networks (WSNs). The sensor nodes are deployed in non controlled environment, facing the danger of information leakage, adversary attacks and other threats. Trust and Reputation models are solutions for this problem and to identify malicious, selfish and compromised nodes. This paper aims to evaluate varying collusion effect with respect to static (SW), dynamic (DW), static with collusion (SWC), dynamic with collusion (DWC) and oscillating wireless sensor networks to derive the joint resultant of Eigen Trust Model. An attempt has been made for the same by comparing aforementioned networks that are purely dedicated to protect the WSNs from adversary attacks and maintain the security issues. The comparison has been made with respect to accuracy and path length and founded that, collusion for wireless sensor networks seems intractable with the static and dynamic WSNs when varied with specified number of fraudulent nodes in the scenario. Additionally, it consumes more energy and resources in oscillating and collusive environments.
Investigation of detection & prevention sinkhole attack in manetijctet
This document discusses sinkhole attacks in mobile ad hoc networks (MANETs) and wireless sensor networks (WSNs). It provides background on sinkhole attacks, where a compromised node advertises a high quality route to attract network traffic. This can disrupt data transmission to the base station. The document reviews several existing detection techniques for sinkhole attacks, including algorithms using hop counting and mobile agents. It then proposes a new lightweight algorithm to detect sinkhole attacks in MANETs using network flow information collected by the base station and analysis of routing patterns to identify the intruder. The algorithm aims to provide secure and efficient sinkhole detection with low overhead.
This document summarizes a research paper that proposes a new framework called Cloud Information Accountability (CIA) to improve accountability and security in cloud computing systems. The CIA framework uses identity-based encryption, logging of user access in "push" and "pull" modes, and accountability controls to allow data owners to monitor how their data is used in the cloud. This is an improvement over existing systems where data handling is opaque and users lack control. The framework aims to prevent "zombies" or unauthorized access by verifying user identities and logging all access for auditing purposes. It establishes accountability while avoiding interruptions to cloud services and applications.
An Optimal Risk- Aware Mechanism for Countering Routing Attacks in MANETsIJMER
International Journal of Modern Engineering Research (IJMER) is Peer reviewed, online Journal. It serves as an international archival forum of scholarly research related to engineering and science education.
International Journal of Modern Engineering Research (IJMER) covers all the fields of engineering and science: Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Computer Engineering, Agricultural Engineering, Aerospace Engineering, Thermodynamics, Structural Engineering, Control Engineering, Robotics, Mechatronics, Fluid Mechanics, Nanotechnology, Simulators, Web-based Learning, Remote Laboratories, Engineering Design Methods, Education Research, Students' Satisfaction and Motivation, Global Projects, and Assessment…. And many more.
Network Threat Characterization in Multiple Intrusion Perspectives using Data...IJNSA Journal
For effective security incidence response on the network, a reputable approach must be in place at both protected and unprotected region of the network. This is because compromise in the demilitarized zone could be precursor to threat inside the network. The improved complexity of attacks in present times and vulnerability of system are motivations for this work. Past and present approaches to intrusion detection and prevention have neglected victim and attacker properties despite the fact that for intrusion to occur, an overt act by an attacker and a manifestation, observable by the intended victim, which results from that act are required. Therefore, this paper presents a threat characterization model for attacks from the victim and the attacker perspective of intrusion using data mining technique. The data mining technique combines Frequent Temporal Sequence Association Mining and Fuzzy Logic. Apriori Association Mining algorithm was used to mine temporal rule patterns from alert sequences while Fuzzy Control System was used to rate exploits. The results of the experiment show that accurate threat characterization in multiple intrusion perspectives could be actualized using Fuzzy Association Mining. Also, the results proved that sequence of exploits could be used to rate threat and are motivated by victim properties and attacker objectives.
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
This document proposes a hybrid architecture for a distributed intrusion detection system using multiple agents. The key aspects of the architecture include:
- Using multiple independent tracker agents that monitor hosts and generate reports sent to monitors and storage.
- Monitors analyze activity and compare to signatures to detect known attacks, or send data to anomaly detectors.
- Anomaly and misuse detectors use classification and pattern matching to detect known and unknown attacks.
- An inference module coordinates entities across hosts to classify new attacks using a knowledge base and signature generator.
- A countermeasure module alerts administrators and can take actions like dropping packets in response to detected attacks.
The document discusses fault management in wireless sensor networks. It proposes a failure detection scheme for event-driven wireless sensor networks using the MANNA management architecture. The scheme aims to provide self-configuration, self-diagnosis, and self-healing capabilities to detect failures without incurring high overhead costs. The performance of the management solution is evaluated through simulations of a temperature monitoring application in event-driven wireless sensor networks under different failure scenarios.
This document summarizes the analysis of wireless sensor networks, including security issues, attacks, and challenges. It discusses the characteristics of wireless sensor networks and their architecture. It outlines various security goals for wireless sensor networks, including confidentiality, integrity, authentication, and availability. It then describes different types of attacks against wireless sensor networks at the physical, link, network, and transport layers. These include jamming, tampering, exhaustion, collision, and flooding attacks. Finally, it discusses key challenges for wireless sensor networks, such as limited resources, heterogeneous platforms, dynamic network topologies, and handling mixed traffic from different applications.
Analysis of wireless sensor networks security, attacks and challengeseSAT Publishing House
This document summarizes the analysis of wireless sensor networks, including security issues, attacks, and challenges. It discusses the characteristics of wireless sensor networks and their architecture. It outlines various security goals for wireless sensor networks, including confidentiality, integrity, authentication, and availability. It then describes different types of attacks against wireless sensor networks at the physical, link, network, and transport layers. These include jamming, tampering, exhaustion, collision, and flooding attacks. Finally, it discusses key challenges for wireless sensor networks, such as limited resources, heterogeneous platforms, dynamic network topologies, and handling mixed traffic from different applications.
Finding Critical Link and Critical Node Vulnerability for Networkijircee
The document discusses network vulnerability assessment and finding critical links and nodes. It proposes using a belief propagation algorithm to calculate the vulnerability of each node and the overall network vulnerability over time. It provides an example network and shows the results of analyzing it to find the critical nodes and links using the proposed algorithm. The algorithm works by having each node calculate the vulnerability of its neighbors and share this information over time to determine the overall network vulnerability.
DETECTING NETWORK ANOMALIES USING CUSUM and FCMEditor IJMTER
The network intrusion detection techniques are important to prevent our systems and
networks from malicious behaviors. However, traditional network intrusion prevention such as firewalls,
user authentication and data encryption have failed to completely protect networks and systems from the
increasing and sophisticated attacks and malwares. Two anomaly detection techniques – CUSUM and
clustering are used to find network anomalies. CUSUM detect changes based on the cumulative effect of
the changes made in the random sequence instead of using a single threshold to check every variable. It
involves calculating cumulative sum and determining whether a packet is normal or not. The FCM
algorithm employs fuzzy partitioning such that a data point can belong to all groups with different
membership grades. Together, CUSUM and FCM become a good technique in detecting network
anomalies with a very less false alarm rate.
This document summarizes an article about intrusion detection systems (IDS) for secure mobile ad hoc networks (MANETs). It discusses the distributed and cooperative architecture of IDS for MANETs, where each node runs an IDS agent to detect intrusions locally and cooperate with other nodes. It describes several IDS approaches for MANETs including the Watchdog technique to detect misbehaving nodes, the Pathrater technique to find routes without those nodes, and the CORE technique which uses a collaborative reputation system. The document concludes that considering these IDS techniques can help make MANETs more secure.
Integration of security and authentication agent in ns 2 and leach protocol f...Zac Darcy
Wireless Sensor Networks
(WSN) is an emerging technology for attraction of researchers with its research
challenges and various application
domain
s
.
Today, WSN applications can be used in environmental
detection, Moni
toring system
, medical system,
military and industrial monitoring for ability to transform
human life in various aspects.
Depending on
applications
used
for WSNs,
security
is the biggest challenges
in
WSNs
and security aspect is essential for WSNs b
efore designing WSNs
.
The routing pro
tocol
s for
WSNs
need security services for transmission
exact and secure
data to the users through the network
. LEACH
(Low Energy Adaptive Clustering Hierarchy) is a routing protocol used in WSNs by arranging sensor
nodes into clusters.
Every sensor cluste
r is managed by a Cluster Head (CH) during the network operation
such
as routing and data aggregation from Cluster Member (CM). Therefore, security and authentication
is necessary between CH and CM. However, LEACH is lack of security.
T
his paper present
s
integration of
security and authentication between CH and CM on LEACH routing protocol. For the implementation of
this integration, NS
-
2 simulation software is use
d
and it is necessary to combine security agent into NS
-
2
tool for WSN
. But currently, NS
-
2 d
oes not support these features.
Therefore, the main aim of this paper is
to develop security and authentication agent into NS
-
2 and LEACH protocol for WSNs with the simulation
results
This document presents an overview of a project titled "Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems". It discusses the need for effective intrusion detection and response systems to identify attacks in cloud systems and minimize their impact. It introduces NICE, a proposed multi-phase distributed mechanism that uses attack graph models and virtual network countermeasures. NICE includes network intrusion detection agents that monitor traffic and vulnerabilities. When threats are detected, countermeasures like packet inspection or virtual network reconfigurations are deployed.
HYBRID ARCHITECTURE FOR DISTRIBUTED INTRUSION DETECTION SYSTEM IN WIRELESS NE...IJNSA Journal
In order to the rapid growth of the network application, new kinds of network attacks are emerging endlessly. So it is critical to protect the networks from attackers and the Intrusion detection technology becomes popular. Therefore, it is necessary that this security concern must be articulate right from the beginning of the network design and deployment. The intrusion detection technology is the process of identifying network activity that can lead to a compromise of security policy. Lot of work has been done in detection of intruders. But the solutions are not satisfactory. In this paper, we propose a novel Distributed Intrusion Detection System using Multi Agent In order to decrease false alarms and manage misuse and anomaly detects.
NOVEL HYBRID INTRUSION DETECTION SYSTEM FOR CLUSTERED WIRELESS SENSOR NETWORKIJNSA Journal
Wireless sensor network (WSN) is regularly deployed in unattended and hostile environments. The WSN is vulnerable to security threats and susceptible to physical capture. Thus, it is necessary to use effective mechanisms to protect the network. It is widely known, that the intrusion detection is one of the most efficient security mechanisms to protect the network against malicious attacks or unauthorized access. In this paper, we propose a hybrid intrusion detection system for clustered WSN. Our intrusion framework uses a combination between the Anomaly Detection based on support vector machine (SVM) and the Misuse Detection. Experiments results show that most of routing attacks can be detected with low false alarm.
A hierarchical security framework for defending against sophisticated attacks...redpel dot com
A hierarchical security framework for defending against sophisticated attacks on wireless sensor networks in smart cities
for more ieee paper / full abstract / implementation , just visit www.redpel.com
Nice network intrusion detection and countermeasure selection in virtual netw...JPINFOTECH JAYAPRAKASH
The document proposes NICE (Network Intrusion Detection and Countermeasure Selection), a multi-phase distributed network intrusion detection and prevention framework for virtual network systems. Existing systems lack effective vulnerability detection and response, allowing attackers to compromise vulnerable virtual machines. NICE incorporates attack graph analysis and programmable virtual networking to improve attack detection, correlate attack behaviors, and select effective countermeasures without interrupting cloud services. It was found to consume less computational overhead than proxy-based network intrusion detection solutions.
This document provides an overview of a presentation titled "A Machine Learning Approach to Analyze Cloud Computing Attacks" given at the 5th International Conference on Contemporary Computing and Informatics. The presentation discusses introducing machine learning algorithms to detect various types of cloud computing attacks. It reviews previous work applying supervised, unsupervised, and reinforcement learning techniques for attack detection. The presentation concludes that machine learning provides an effective approach for cloud security but that more research is still needed, particularly for real-time attack detection and mitigation.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
This document summarizes research on using various data mining classification techniques to handle false alerts in intrusion detection systems. The researchers tested many data mining procedures on the KDD Cup 99 dataset, including multilayer perceptron neural networks, rule-based models, support vector machines, naive Bayes, and association rule mining. The best accuracy was 92% for multilayer perceptrons, but rule-based models had the fastest training time at 4 seconds. The researchers concluded that different techniques should be used together to handle different types of network attacks.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
In network security framework, intrusion detection is one of a benchmark part and is a fundamental way to protect PC from many threads. The huge issue in intrusion detection is presented as a huge number of false alerts; this issue motivates several experts to discover the solution for minifying false alerts according to data mining that is a consideration as analysis procedure utilized in a large data e.g. KDD CUP 99. This paper presented various data mining classification for handling false alerts in intrusion detection as reviewed. According to the result of testing many procedure of data mining on KDD CUP 99 that is no individual procedure can reveal all attack class, with high accuracy and without false alerts. The best accuracy in Multilayer Perceptron is 92%; however, the best Training Time in Rule based model is 4 seconds . It is concluded that ,various procedures should be utilized to handle several of network attacks.
The main goal of Intrusion Detection Systems (IDSs) is
to detect intrusions. This kind of detection system represents a
significant tool in traditional computer based systems for ensuring
cyber security. IDS model can be faster and reach more accurate
detection rates, by selecting the most related features from the
input dataset. Feature selection is an important stage of any IDs to
select the optimal subset of features that enhance the process of the
training model to become faster and reduce the complexity while
preserving or enhancing the performance of the system. In this
paper, we proposed a method that based on dividing the input
dataset into different subsets according to each attack. Then we
performed a feature selection technique using information gain
filter for each subset. Then the optimal features set is generated by
combining the list of features sets that obtained for each attack.
Experimental results that conducted on NSL-KDD dataset shows
that the proposed method for feature selection with fewer features,
make an improvement to the system accuracy while decreasing the
complexity. Moreover, a comparative study is performed to the
efficiency of technique for feature selection using different
classification methods. To enhance the overall performance,
another stage is conducted using Random Forest and PART on
voting learning algorithm. The results indicate that the best
accuracy is achieved when using the product probability rule.
FLOODING ATTACKS DETECTION OF MOBILE AGENTS IN IP NETWORKScsandit
This document summarizes a research paper that proposes a new framework for detecting flooding attacks in mobile agent networks. The framework integrates divergence measures like Hellinger distance and Chi-square over a sketch data structure. The sketch data structure is used to derive probability distributions from traffic data in fixed memory. Divergence measures compare the current and prior probability distributions to detect deviations indicating attacks. The performance of detecting attacks while minimizing false alarms is evaluated using real network traces with injected flooding attacks. Experimental results show the proposed approach outperforms existing solutions.
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09849539085, 09966235788 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
COMPARISON BETWEEN DIVERGENCE MEASURES FOR ANOMALY DETECTION OF MOBILE AGENTS...ijwmn
This paper deals with detection of SYN flooding attacks which are the most common type of attacks in a Mobile Agent World. We propose a new framework for the detection of flooding attacks by integrating Divergence measures over Sketch data structure. We compare three divergence measures (Hellinger Distance, Chi-square and Power divergence) to analyze their detection accuracy. The performance of the proposed framework is investigated in terms of detection probability and false alarm ratio. We focus on
tuning the parameter of Divergence Measures to optimize the performance. We conduct performance analysis over publicly available real IP traces, in Mobile Agent Network, integrated with flooding attacks. Our experimental results show that Power Divergence outperforms Chi-square divergence and Hellinger
distance in network anomalies detection in terms of detection and false alarm.
1) The document discusses security issues in cloud computing, with a focus on vulnerabilities in the virtualization layer.
2) It proposes a secure model (SVM) using intrusion detection systems to monitor virtual machines and detect attacks. This would help virtual machines resist attacks more efficiently in cloud environments.
3) Some key virtualization vulnerabilities discussed include attacks on hypervisors, compromised isolation between virtual machines, and packet sniffing/spoofing in virtual networks. The proposed SVM model aims to address these issues and secure the virtualization layer in cloud infrastructure.
A NOVEL TWO-STAGE ALGORITHM PROTECTING INTERNAL ATTACK FROM WSNSIJCNC
Wireless sensor networks (WSNs) consists of small nodes with constrain capabilities. It enables numerous
applications with distributed network infrastructure. With its nature and application scenario, security of
WSN had drawn a great attention. In malicious environments for a functional WSN, security mechanisms
are essential. Malicious or internal attacker has gained attention as the most challenging attacks to
WSNs. Many works have been done to secure WSN from internal attacks but most of them relay on either
training data set or predefined thresholds. It is a great challenge to find or gain knowledge about the
Malicious. In this paper, we develop the algorithm in two stages. Initially, Abnormal Behaviour
Identification Mechanism (ABIM) which uses cosine similarity. Finally, Dempster-Shafer theory (DST)is
used. Which combine multiple evidences to identify the malicious or internal attacks in a WSN. In this
method we do not need any predefined threshold or tanning data set of the nodes.
IRJET- Implementation of Artificial Intelligence Methods to Curb Cyber Assaul...IRJET Journal
This document discusses how artificial intelligence methods can help curb cyber assaults. It reviews various AI techniques including expert systems, artificial neural networks, and intelligent agents that have been implemented or could potentially be implemented for cyber security purposes. For example, expert systems have been used to analyze risk levels on e-commerce sites and identify system vulnerabilities. Artificial neural networks have been applied for intrusion detection and classification of attacks. Intelligent agents are well-suited for combating cyber crimes due to their mobility, flexibility, and cooperative nature. The document concludes that while AI is already being used in various ways for cyber security, hackers may also start using AI techniques, presenting new challenges going forward.
DDOS DETECTION IN SOFTWARE-DEFINED NETWORK (SDN) USING MACHINE LEARNINGIJCI JOURNAL
In recent years, the concept of cloud computing and the software-defined network (SDN) have spread
widely. The services provided by many sectors such as medicine, education, banking, and transportation
are being replaced gradually with cloud-based applications. Consequently, the availability of these
services is critical. However, the cloud infrastructure and services are vulnerable to attackers who aim to
breach its availability. One of the major threats to any system availability is a Denial-of-Service (DoS)
attack, which is intended to deny the legitimate user from accessing cloud resources. The Distributed
Denial-of-Service attack (DDoS) is a type of DoS attack which is considerably more effective and
dangerous. A lot of efforts have been made by the research community to detect DDoS attacks, however,
there is still a need for further efforts in this germane field. In this paper, machine learning techniques are
utilized to build a model that can detect DDoS attacks in Software-Defined Networks (SDN). The used ML
algorithms have shown high performance in the earliest studies; hence they have been used in this study
along with feature selection technique. Therefore, our model utilized these algorithms to detect DDoS
attacks in network traffic. The outcome of this experiment shows the impact of feature selection in
improving the model performance. Eventually, The Random Forest classifier has achieved the highest
accuracy of 0.99 in detecting DDoS attack.
USE OF MARKOV CHAIN FOR EARLY DETECTING DDOS ATTACKSIJNSA Journal
DDoS has a variety of types of mixed attacks. Botnet attackers can chain different types of DDoS attacks to confuse cybersecurity defenders. In this article, the attack type can be represented as the state of the model. Considering the attack type, we use this model to calculate the final attack probability. The final attack probability is then converted into one prediction vector, and the incoming attacks can be detected early before IDS issues an alert. The experiment results have shown that the prediction model that can make multi-vector DDoS detection and analysis easier.
Classification of Malware Attacks Using Machine Learning In Decision TreeCSCJournals
Predicting cyberattacks using machine learning has become imperative since cyberattacks have increased exponentially due to the stealthy and sophisticated nature of adversaries. To have situational awareness and achieve defence in depth, using machine learning for threat prediction has become a prerequisite for cyber threat intelligence gathering. Some approaches to mitigating malware attacks include the use of spam filters, firewalls, and IDS/IPS configurations to detect attacks. However, threat actors are deploying adversarial machine learning techniques to exploit vulnerabilities. This paper explores the viability of using machine learning methods to predict malware attacks and build a classifier to automatically detect and label an event as “Has Detection or No Detection”. The purpose is to predict the probability of malware penetration and the extent of manipulation on the network nodes for cyber threat intelligence. To demonstrate the applicability of our work, we use a decision tree (DT) algorithms to learn dataset for evaluation. The dataset was from Microsoft Malware threat prediction website Kaggle. We identify probably cyberattacks on smart grid, use attack scenarios to determine penetrations and manipulations. The results show that ML methods can be applied in smart grid cyber supply chain environment to detect cyberattacks and predict future trends.
SECURED AODV TO PROTECT WSN AGAINST MALICIOUS INTRUSIONIJNSA Journal
One of the security issues in Wireless Sensor Networks (WSN) is intrusion detection. In this paper, we propose a new defence mechanism based on the Ad hoc On-Demand Vector (AODV) routing protocol. AODV is a reactive protocol designed for ad hoc networks and has excellent flexibility to be adapted to a new secure version. The main objective of the proposed secured AODV routing protocol is to protect WSN against malicious intrusion and defend against adversary attacks. This secured AODV protocol works well with the WSN dynamics and topology changes due to limited available resources. It establishes secure multi-hop routing between sensor nodes with high confidence, integrity, and availability. The secured AODV utilizes an existing intrusion dataset that facilitates new collection from all the exchanged packets in the network. The protocol monitors end to end delay and avoid any additional overhead over message transfer between sensor nodes. The experimental results showed that this secured AODV could be used to fight against malicious attacks such as black hole attacks and avoid caused large transmission delays.
Similar to Secure intrusion detection and attack measure selection (20)
Two aspect authentication system using secure mobile devicesUvaraj Shan
This document summarizes a research paper that proposes a two-factor authentication system using mobile devices. The system uses one-time passwords as the first authentication factor and encrypted user credentials stored on a mobile phone as the second factor. The system is designed to provide strong authentication while reducing costs compared to token-based systems. It analyzes the security of the approach and evaluates usability through a study where participants accepted lower usability for improved security of their credentials.
To allot secrecy-safe association rules mining schema using FP treeUvaraj Shan
This document proposes a secure frequent-pattern tree (FP-tree) based scheme to preserve private information while doing collaborative association rules mining between multiple parties. The scheme uses attribute-based encryption to create a global FP-tree for each party and homomorphic encryption to merge the FP-trees to obtain the final global association rules results without revealing individual transaction data. The scheme is proven to be secure and collusion-resistant against up to n-1 colluding parties attempting to learn honest respondents' private data or responses.
Textual based retrieval system with bloom in unstructured Peer-to-Peer networksUvaraj Shan
This document summarizes a research article about a textual retrieval system using Bloom filters in unstructured peer-to-peer networks. It discusses how Bloom Cast replicates document content across the network using Bloom filters to encode documents. This allows for efficient full-text searches with guaranteed recall rates while reducing communication costs compared to replicating raw documents. The system samples nodes randomly using a lightweight distributed hash table to support searches in an unstructured P2P network where the network size is unknown.
Secure intrusion detection and attack measure selection in virtual network sy...Uvaraj Shan
This document proposes NICE, a framework for secure intrusion detection and attack mitigation in virtual network systems. NICE uses distributed agents on cloud servers to monitor traffic, detect vulnerabilities, and generate attack graphs. It profiles virtual machines to identify their state and vulnerabilities. When potential attacks are detected, NICE can quarantine suspicious VMs and inspect their traffic. The attack analyzer correlates alerts, constructs attack graphs, and selects appropriate countermeasures based on the graphs. Evaluations show NICE can effectively detect attacks while minimizing performance overhead for the cloud system.
Two aspect authentication system using secureUvaraj Shan
This document proposes a two-factor authentication system using mobile devices. It uses a combination of one-time passwords (OTP) as the first factor and encrypted user credentials stored on a mobile device as the second factor. An OTP algorithm is developed that uses aspects like the IMEI, IMSI, username, PIN, hour and minute to generate unique passwords. The system can operate in a standalone mode where OTPs are generated locally on devices, or an SMS-based mode where OTPs are requested from the server. Security and usability evaluations show the system protects against attacks while being usable.
Two aspect authentication system using secure mobileUvaraj Shan
This document presents a two-factor authentication system that uses a user's mobile device. It combines one-time passwords as the first factor with encrypted user credentials stored on the mobile device as the second factor. The system is designed to provide strong authentication while reducing costs compared to hardware token-based systems. It analyzes the security of the approach and evaluates usability through a study. The study found participants were willing to accept lower usability for improved security when using untrusted computers.
Two aspect authentication system using secureUvaraj Shan
This document proposes a two-factor authentication system using mobile devices. It uses a combination of one-time passwords (OTP) as the first factor and encrypted user credentials stored on the mobile device as the second factor. An OTP algorithm is developed that uses aspects like the IMEI, IMSI, username, PIN, hour and minute to generate unique and hard to guess passwords. The system can operate in two modes - a connectionless mode where OTP is generated locally on the device, or an SMS-based mode where the device requests the OTP from the server via SMS. A security and usability analysis is presented, showing the system is secure against various attacks and users are willing to accept lower usability for higher security.
Node selection in p2 p content sharing service in mobile cellular networks wi...Uvaraj Shan
This document discusses node selection algorithms for peer-to-peer content sharing over mobile cellular networks that consider downlink bandwidth limitations. It proposes two novel algorithms (DBaT-B and DBaT-N) that select peer nodes to maximize load balancing across cells while meeting the requesting peer's bandwidth needs. DBaT-B selects peers to satisfy the requesting peer's minimum bandwidth requirement, while DBaT-N selects a certain number of peers as requested. Both algorithms first choose peers in the least busy cell to improve load balancing.
Flexible bloom for searching textual contentUvaraj Shan
This document describes BloomCast, a system that uses Bloom filters to encode document content and replicate it across peers in an unstructured peer-to-peer (P2P) network. BloomCast aims to achieve high recall for search queries at low communication cost. It hybridizes a lightweight distributed hash table (DHT) with the P2P overlay to enable random node sampling and network size estimation. The DHT helps meet two constraints: query and document replicas are randomly distributed across the network, and peers know the network size. By uniformly replicating content across the network, BloomCast can guarantee search recall. It utilizes Bloom filters to compress document replicas and reduce replication costs.
This document presents two novel peer selection algorithms, DBaT-B and DBaT-N, for peer-to-peer content sharing over mobile cellular networks. DBaT-B selects peers to satisfy the requesting peer's minimum downlink bandwidth requirement, while balancing traffic load across cells. DBaT-N selects a specified number of peers such that the total uplink bandwidth exceeds the requester's downlink limit, again balancing loads. Both algorithms first choose the least busy cell and then select peers based on uplink bandwidth and service ability to meet the requester's needs while improving load balancing performance compared to traditional algorithms.
Flexible bloom for searching textual contentUvaraj Shan
This document presents the BloomCast scheme for efficient full-text retrieval in unstructured peer-to-peer networks. BloomCast replicates document content across the network in the form of Bloom filters to reduce communication costs while still guaranteeing recall. It hybridizes a lightweight distributed hash table with the unstructured overlay to support random node sampling and network size estimation. Queries are evaluated based on Bloom filter membership verification to support full-text searches with the potential for false positives but no false negatives. The system aims to provide efficient and effective full-text retrieval in unstructured P2P networks.
This document summarizes the Flexible Bloom system for searching textual content in an unstructured peer-to-peer overlay network. Flexible Bloom utilizes Bloom filters to encode entire documents and replicates document copies randomly and uniformly across the network to guarantee recall at a low communication cost. It hybridizes a lightweight distributed hash table with the unstructured overlay to support random node sampling and network size estimation. Peers in the peer-to-peer network are identified by self-issued identity certificates without a central certification authority due to the unmanaged nature of the network.
Effective data retrieval system with bloom in a unstructured p2p networkUvaraj Shan
1) Bloomcast is an efficient and effective full-text retrieval scheme for unstructured peer-to-peer (P2P) networks. It guarantees perfect recall rates with high probability while reducing communication costs.
2) Bloomcast replicates documents across the P2P network using Bloom filters rather than the raw data. This reduces storage and communication costs for replication.
3) By leveraging a hybrid P2P protocol, Bloomcast uniformly distributes items randomly across the network. This allows for random node sampling and network size estimation while supporting full-text searches with guaranteed recall within an O(√N) communication cost, where N is the network size.
Node selection in p2 p content sharing service in mobile cellular networks wi...Uvaraj Shan
The document discusses node selection algorithms for peer-to-peer content sharing over mobile cellular networks that consider downlink bandwidth limitations. It proposes two algorithms: DBaT-B selects peers to meet a minimum requested bandwidth sum, prioritizing load balancing across cells. DBaT-N selects a requested number of peers where the bandwidth sum exceeds the downlink limit, again balancing cell loads. Both aim to satisfy bandwidth demands while distributing traffic evenly across the network. The paper then evaluates the algorithms' performance through simulation.
Node selection in p2 p content sharing service in mobile cellular networks wi...Uvaraj Shan
This document discusses node selection algorithms for peer-to-peer content sharing over mobile cellular networks that consider downlink bandwidth limitations. It proposes two novel algorithms (DBaT-B and DBaT-N) that select peer nodes to maximize load balancing across cells while meeting the requesting peer's bandwidth needs. DBaT-B selects peers to satisfy the requesting peer's minimum bandwidth requirement, while DBaT-N selects a certain number of peers as requested. Both algorithms first choose peers in the least busy cell to improve load balancing.
Effective Data Retrieval System with Bloom in a Unstructured p2p NetworkUvaraj Shan
1) Bloomcast is an efficient and effective full-text retrieval scheme for unstructured peer-to-peer (P2P) networks. It guarantees perfect recall rates with high probability while reducing communication costs.
2) Bloomcast replicates documents across the P2P network using Bloom filters rather than the raw data. This reduces storage and communication costs for replication.
3) By leveraging a hybrid P2P protocol, Bloomcast uniformly distributes items randomly across the network. This allows for random node sampling and network size estimation while guaranteeing recall at a communication cost of O(√N), where N is the network size.
The membership Module in the Odoo 17 ERPCeline George
Some business organizations give membership to their customers to ensure the long term relationship with those customers. If the customer is a member of the business then they get special offers and other benefits. The membership module in odoo 17 is helpful to manage everything related to the membership of multiple customers.
No, it's not a robot: prompt writing for investigative journalismPaul Bradshaw
How to use generative AI tools like ChatGPT and Gemini to generate story ideas for investigations, identify potential sources, and help with coding and writing.
A talk from the Centre for Investigative Journalism Summer School, July 2024
How to Show Sample Data in Tree and Kanban View in Odoo 17Celine George
In Odoo 17, sample data serves as a valuable resource for users seeking to familiarize themselves with the functionalities and capabilities of the software prior to integrating their own information. In this slide we are going to discuss about how to show sample data to a tree view and a kanban view.
AI Risk Management: ISO/IEC 42001, the EU AI Act, and ISO/IEC 23894PECB
As artificial intelligence continues to evolve, understanding the complexities and regulations regarding AI risk management is more crucial than ever.
Amongst others, the webinar covers:
• ISO/IEC 42001 standard, which provides guidelines for establishing, implementing, maintaining, and continually improving AI management systems within organizations
• insights into the European Union's landmark legislative proposal aimed at regulating AI
• framework and methodologies prescribed by ISO/IEC 23894 for identifying, assessing, and mitigating risks associated with AI systems
Presenters:
Miriama Podskubova - Attorney at Law
Miriama is a seasoned lawyer with over a decade of experience. She specializes in commercial law, focusing on transactions, venture capital investments, IT, digital law, and cybersecurity, areas she was drawn to through her legal practice. Alongside preparing contract and project documentation, she ensures the correct interpretation and application of European legal regulations in these fields. Beyond client projects, she frequently speaks at conferences on cybersecurity, online privacy protection, and the increasingly pertinent topic of AI regulation. As a registered advocate of Slovak bar, certified data privacy professional in the European Union (CIPP/e) and a member of the international association ELA, she helps both tech-focused startups and entrepreneurs, as well as international chains, to properly set up their business operations.
Callum Wright - Founder and Lead Consultant Founder and Lead Consultant
Callum Wright is a seasoned cybersecurity, privacy and AI governance expert. With over a decade of experience, he has dedicated his career to protecting digital assets, ensuring data privacy, and establishing ethical AI governance frameworks. His diverse background includes significant roles in security architecture, AI governance, risk consulting, and privacy management across various industries, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: June 26, 2024
Tags: ISO/IEC 42001, Artificial Intelligence, EU AI Act, ISO/IEC 23894
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
Lecture_Notes_Unit4_Chapter_8_9_10_RDBMS for the students affiliated by alaga...Murugan Solaiyappan
Title: Relational Database Management System Concepts(RDBMS)
Description:
Welcome to the comprehensive guide on Relational Database Management System (RDBMS) concepts, tailored for final year B.Sc. Computer Science students affiliated with Alagappa University. This document covers fundamental principles and advanced topics in RDBMS, offering a structured approach to understanding databases in the context of modern computing. PDF content is prepared from the text book Learn Oracle 8I by JOSE A RAMALHO.
Key Topics Covered:
Main Topic : DATA INTEGRITY, CREATING AND MAINTAINING A TABLE AND INDEX
Sub-Topic :
Data Integrity,Types of Integrity, Integrity Constraints, Primary Key, Foreign key, unique key, self referential integrity,
creating and maintain a table, Modifying a table, alter a table, Deleting a table
Create an Index, Alter Index, Drop Index, Function based index, obtaining information about index, Difference between ROWID and ROWNUM
Target Audience:
Final year B.Sc. Computer Science students at Alagappa University seeking a solid foundation in RDBMS principles for academic and practical applications.
About the Author:
Dr. S. Murugan is Associate Professor at Alagappa Government Arts College, Karaikudi. With 23 years of teaching experience in the field of Computer Science, Dr. S. Murugan has a passion for simplifying complex concepts in database management.
Disclaimer:
This document is intended for educational purposes only. The content presented here reflects the author’s understanding in the field of RDBMS as of 2024.
Feedback and Contact Information:
Your feedback is valuable! For any queries or suggestions, please contact muruganjit@agacollege.in
Is Email Marketing Really Effective In 2024?Rakesh Jalan
Slide 1
Is Email Marketing Really Effective in 2024?
Yes, Email Marketing is still a great method for direct marketing.
Slide 2
In this article we will cover:
- What is Email Marketing?
- Pros and cons of Email Marketing.
- Tools available for Email Marketing.
- Ways to make Email Marketing effective.
Slide 3
What Is Email Marketing?
Using email to contact customers is called Email Marketing. It's a quiet and effective communication method. Mastering it can significantly boost business. In digital marketing, two long-term assets are your website and your email list. Social media apps may change, but your website and email list remain constant.
Slide 4
Types of Email Marketing:
1. Welcome Emails
2. Information Emails
3. Transactional Emails
4. Newsletter Emails
5. Lead Nurturing Emails
6. Sponsorship Emails
7. Sales Letter Emails
8. Re-Engagement Emails
9. Brand Story Emails
10. Review Request Emails
Slide 5
Advantages Of Email Marketing
1. Cost-Effective: Cheaper than other methods.
2. Easy: Simple to learn and use.
3. Targeted Audience: Reach your exact audience.
4. Detailed Messages: Convey clear, detailed messages.
5. Non-Disturbing: Less intrusive than social media.
6. Non-Irritating: Customers are less likely to get annoyed.
7. Long Format: Use detailed text, photos, and videos.
8. Easy to Unsubscribe: Customers can easily opt out.
9. Easy Tracking: Track delivery, open rates, and clicks.
10. Professional: Seen as more professional; customers read carefully.
Slide 6
Disadvantages Of Email Marketing:
1. Irrelevant Emails: Costs can rise with irrelevant emails.
2. Poor Content: Boring emails can lead to disengagement.
3. Easy Unsubscribe: Customers can easily leave your list.
Slide 7
Email Marketing Tools
Choosing a good tool involves considering:
1. Deliverability: Email delivery rate.
2. Inbox Placement: Reaching inbox, not spam or promotions.
3. Ease of Use: Simplicity of use.
4. Cost: Affordability.
5. List Maintenance: Keeping the list clean.
6. Features: Regular features like Broadcast and Sequence.
7. Automation: Better with automation.
Slide 8
Top 5 Email Marketing Tools:
1. ConvertKit
2. Get Response
3. Mailchimp
4. Active Campaign
5. Aweber
Slide 9
Email Marketing Strategy
To get good results, consider:
1. Build your own list.
2. Never buy leads.
3. Respect your customers.
4. Always provide value.
5. Don’t email just to sell.
6. Write heartfelt emails.
7. Stick to a schedule.
8. Use photos and videos.
9. Segment your list.
10. Personalize emails.
11. Ensure mobile-friendliness.
12. Optimize timing.
13. Keep designs clean.
14. Remove cold leads.
Slide 10
Uses of Email Marketing:
1. Affiliate Marketing
2. Blogging
3. Customer Relationship Management (CRM)
4. Newsletter Circulation
5. Transaction Notifications
6. Information Dissemination
7. Gathering Feedback
8. Selling Courses
9. Selling Products/Services
Read Full Article:
https://digitalsamaaj.com/is-email-marketing-effective-in-2024/
Webinar Innovative assessments for SOcial Emotional SkillsEduSkills OECD
Presentations by Adriano Linzarini and Daniel Catarino da Silva of the OECD Rethinking Assessment of Social and Emotional Skills project from the OECD webinar "Innovations in measuring social and emotional skills and what AI will bring next" on 5 July 2024
Ardra Nakshatra (आर्द्रा): Understanding its Effects and RemediesAstro Pathshala
Ardra Nakshatra, the sixth Nakshatra in Vedic astrology, spans from 6°40' to 20° in the Gemini zodiac sign. Governed by Rahu, the north lunar node, Ardra translates to "the moist one" or "the star of sorrow." Symbolized by a teardrop, it represents the transformational power of storms, bringing both destruction and renewal.
About Astro Pathshala
Astro Pathshala is a renowned astrology institute offering comprehensive astrology courses and personalized astrological consultations for over 20 years. Founded by Gurudev Sunil Vashist ji, Astro Pathshala has been a beacon of knowledge and guidance in the field of Vedic astrology. With a team of experienced astrologers, the institute provides in-depth courses that cover various aspects of astrology, including Nakshatras, planetary influences, and remedies. Whether you are a beginner seeking to learn astrology or someone looking for expert astrological advice, Astro Pathshala is dedicated to helping you navigate life's challenges and unlock your full potential through the ancient wisdom of Vedic astrology.
For more information about their courses and consultations, visit Astro Pathshala.
How to Create Sequence Numbers in Odoo 17Celine George
Sequence numbers are mainly used to identify or differentiate each record in a module. Sequences are customizable and can be configured in a specific pattern such as suffix, prefix or a particular numbering scheme. This slide will show how to create sequence numbers in odoo 17.
Secure intrusion detection and attack measure selection
1. Advances in Networks
2013; 1(2): 26-33
Published online June 10, 2013 (http://www.sciencepublishinggroup.com/j/net)
doi: 10.11648/j.net.20130102.12
Secure intrusion detection and attack measure selection
in virtual network systems
S. Uvaraj 1
, S. Suresh2
, N. Kannaiya Raja3
1
Arulmigu Meenakshi Amman College of Engineering, Kanchipuram
2
Sri Venkateswara College of Engineering, Kanchipuram
3
Defence Engineering College, Ethiopia
Email address:
ujrj@rediffmail.com(S. Uvaraj), ss12oct92@gmail.com(S. Suresh), kanniya13@hotmail.co.in(N. KannaiyaRaja)
To cite this article:
S. Uvaraj, S. Suresh, N. Kannaiya Raja, Secure Intrusion Detection and Attack Measure Selection in Virtual Network Systems. Advances
in Networks. Vol. 1, No. 2, 2013, pp. 26-33. doi: 10.11648/j.net.20130102.12
Abstract: Cloud security is one of most important issues that have attracted a lot of research and development effort in
past few years. Particularly, attackers can explore vulnerabilities of a cloud system and compromise virtual machines to
deploy further large-scale Distributed Denial-of-Service (DDoS). DDoS attacks usually involve early stage actions such as
multi-step exploitation, low frequency vulnerability scanning, and compromising identified vulnerable virtual machines as
zombies, and finally DDoS attacks through the compromised zombies. Within the cloud system, especially the
Infrastructure-as a-Service (IaaS) clouds, the detection of zombie exploration attacks is extremely difficult. This is because
cloud users may install vulnerable applications on their virtual machines. To prevent vulnerable virtual machines from
being compromised in the cloud, we propose a multi phase distributed vulnerability detection, measurement, and
countermeasure selection mechanism called NICE, which is built on attack graph based analytical models and
reconfigurable virtual network-based countermeasures. The proposed framework leverages Open Flow network
programming APIs to build a monitor and control plane over distributed programmable virtual switches in order to
significantly improve attack detection and mitigate attack consequences. The system and security evaluations demonstrate
the efficiency and effectiveness of the proposed solution.
Keywords: Performance of Systems, Computer Systems Organization, Network-Level Security and Protection, General,
Communication/Networking and Information Technology
1. Introduction
A recent Cloud Security Alliance (CSA) survey shows
that among all security issues, abuse and nefarious use of
cloud computing is considered as the top security threat[1],
in which attackers can exploit vulnerabilities in clouds and
utilize cloud system resources to deploy attacks. In
traditional data centers, where system administrators have
full control over the host machines, Vulnerabilities can be
detected and patched by the system administrator in a
centralized manner. However, patching known security
holes in cloud data centers, where cloud users usually have
the privilege to control software installed on their managed
VMs, may not work effectively and can violate the Service
Level Agreement (SLA).
Furthermore, cloud users can install vulnerable software
on their VMs, which essentially contributes to loopholes in
cloud security. The challenge is to establish an effective
vulnerability/attack detection and response system for
accurately identifying attacks and minimizing the impact of
security breach to cloud users.
In[2], M. Armbrust et al. addressed that protecting
“Business continuity and services availability” from
service outages is one of the top concerns in cloud
computing systems. In a cloud system where the
infrastructure is shared by potentially millions of users,
abuse and nefarious use of the shared infrastructure
benefits attackers to exploit vulnerabilities of the cloud and
use its resource to deploy attacks in more efficient ways[3].
Such attacks are more effective in the cloud environment
since cloud users usually share computing resources, e.g.,
being connected through the same switch, sharing with the
same data storage and file systems, even with potential
attackers[4]. The similar setup for VMs in the cloud, e.g.,
virtualization techniques, VM OS, installed vulnerable
2. Advances in Networks 2013; 1(2): 26-33 27
software, networking, etc., attracts attackers to compromise
multiple VMs.
In this paper, we propose Secure Intrusion Detection and
Attack measure exquisite in Virtual Systems to establish a
defense-in-depth intrusion detection framework. For better
attack detection, NICE incorporates attack graph analytical
procedures into the intrusion detection processes. We must
note that the design of NICE does not intend to improve
any of the existing intrusion detection algorithms; indeed,
NICE employs a reconfigurable virtual networking
approach to detect and counter the attempts to compromise
VMs, thus preventing zombie VMs.
In general, NICE includes two main phases: (1) deploy a
lightweight mirroring-based network intrusion detection
agent (NICE-A) on each cloud server to capture and
analyze cloud traffic. A NICE-A periodically scans the
virtual system vulnerabilities within a cloud server to
establish Scenario Attack Graph (SAGs), and then based
on the severity of identified vulnerability towards the
collaborative attack goals, NICE will decide whether or not
to put a VM in network inspection state. (2) Once a VM
enters inspection state, Deep Packet Inspection (DPI) is
applied, and/or virtual network reconfigurations can be
deployed to the inspecting VM to make the potential attack
behaviors prominent.
The rest of paper is organized as follows. Section II
presents the related work. Section III describes system
approach and implementation. System models are
described in Section IV describes the approach to
hardening the network in NICE. The proposed NICE is
presented in Section V and Section VI evaluates NICE in
terms of network performance and security. Finally,
Section VII describes future work and concludes this paper.
2. Related Works
The contributions of NICE are presented as follows:
We devise NICE, a new multi-phase distributed network
intrusion detection and prevention framework in a virtual
networking environment that captures and inspects
suspicious cloud traffic without interrupting users’
applications and cloud services.
NICE incorporates a software switching solution to
quarantine and inspect suspicious VMs for further
investigation and protection. Through programmable
network approaches, NICE can improve the attack
detection probability and improve the resiliency to VM
exploitation attack without interrupting existing normal
cloud services.
NICE employs a novel attack graph approach for attack
detection and prevention by correlating attack behavior and
also suggests effective countermeasures.
NICE optimizes the implementation on cloud servers to
minimize resource consumption. Our study shows that
NICE consumes less computational overhead compared to
proxy-based network intrusion detection solutions.
The area of detecting malicious behavior has been well
explored. The work by Duan et al.[5] focuses on the
detection of compromised machines that have been
recruited to serve as spam zombies. Their approach, SPOT,
is based on sequentially scanning outgoing messages while
employing a statistical method Sequential Probability Ratio
Test (SPRT), to quickly determine whether or not a host
has been compromised. BotHunter[6] detects compromised
machines based on the fact that a thorough malware
infection process has a number of well defined stages that
allow correlating the intrusion alarms triggered by inbound
traffic with resulting outgoing communication patterns.
BotSniffer[7] exploits uniform spatial-temporal behavior
characteristics of compromised machines to detect zombies
by grouping flows according to server connections and
searching for similar behavior in the flow.
An attack graph is able to represent a series of exploits,
called atomic attacks, that lead to an undesirable state, for
example a state where an attacker has obtained
administrative access to a machine. There are many
automation tools to construct attack graph. O. Sheyner et
al.[8] proposed a technique based on a modified symbolic
model checking NuSMV[9] and Binary Decision Diagrams
(BDDs) to construct attack graph. Their model can
generate all possible attack paths; however, the scalability
is a big issue for this solution. P. Ammann et al.[10]
introduced the assumption of monotonicity, which states
that the precondition of a given exploit is never invalidated
by the successful application of another exploit. In other
words, attackers never need to backtrack. With this
assumption, they can obtain a concise, scalable graph
representation for encoding attack tree. X. Ou et al.
proposed an attack graph tool called MulVAL[11], which
adopts a logic programming approach and uses Datalog
language to model and analyze network system. Intrusion
Detection System (IDS) and firewall are widely used to
monitor and detect suspicious events in the network.
However, the false alarms and the large volume of raw
alerts from IDS are two major problems for any IDS
implementations. In order to identify the source or target of
the intrusion in the network, especially to detect multi-step
attack, the alert correction is a must-have tool. The primary
goal of alert correlation is to provide system support for a
global and condensed view of network attacks by analyzing
raw alerts[12]. Many attack graphs based alert correlation
techniques have been proposed recently. L. Wang et al.[13]
devised an in-memory structure, called queue graph (QG),
to trace alerts matching each exploit in the attack graph.
However, the implicit correlations in this design make it
difficult to use the correlated alerts in the graph for analysis
of similar attack scenarios. Roschke et al.[14] proposed a
modified attack-graph-based correlation algorithm to create
explicit correlations only by matching alerts to specific
exploitation nodes in the attack graph with multiple
mapping functions, and devised an alert dependencies
graph (DG) to group related alerts with multiple correlation
criteria. Several solutions have been proposed to select
3. 28 S. Uvaraj et al.: Secure Intrusion Detection and Attack Measure Selection
In Virtual Network Systems
optimal countermeasures based on the likelihood of the
attack path and cost benefit analysis. A. Roy et al.[15]
proposed an attack countermeasure tree (ACT) to consider
attacks and countermeasures together in an attack tree
structure.[16] Proposed a Bayesian attack graph (BAG) to
address dynamic security risk management problem and
applied a genetic algorithm to solve countermeasure
optimization problem.
3. Nice Models
In this section, we describe how to utilize attack graphs
to model security threats and vulnerabilities in a virtual
networked system, and propose a VM protection model
based on virtual network reconfiguration approaches to
prevent VMs from being exploited.
3.1. Threat Model
In our attack model, we assume that an attacker can be
located either outside or inside of the virtual networking
system. The attacker’s primary goal is to exploit vulnerable
VMs and compromise them as zombies. Our protection
model focuses on virtual-network-based attack detection
and reconfiguration solutions to improve the resiliency to
zombie explorations.
Our work does not involve host-based IDS and does not
address how to handle encrypted traffic for attack
detections. Our proposed solution can be deployed in an
Infrastructure- s-a-Service (IaaS) cloud networking system,
and we assume that the Cloud Service Provider (CSP) is
benign. We also assume that cloud service users are free to
install whatever operating systems or applications.
3.2. Attack Graph Model
An attack graph is a modeling tool to illustrate all
possible multi-stage, multi-host attack paths that are crucial
to understand threats and then to decide appropriate
countermeasures [17]. In an attack graph, each node
represents either precondition or consequence of an exploit.
Attack graph is helpful in identifying potential threats,
possible attacks and known vulnerabilities in a cloud
system.
Definition 1 (Scenario Attack Graph). An Scenario Attack
Graph is a tuple SAG= (V, E), where,
• V = NC[ND[NR denotes a set of vertices that
include three types namely conjunction node NC to
represent exploit, disjunction node ND to denote
result of exploit, and root node NR for showing
initial step of an attack scenario.
• E = Epre [Epost denotes the set of directed edges.
An edge e 2 Epre _ ND _ NC represents that ND
must be satisfied to achieve NC. An edge e 2 Epost
_ NC _ ND means that the consequence shown by
ND can be obtained if NC is satisfied.
Node vc NC is defined as a three tuple (Hosts; vul; alert)
representing a set of IP addresses, vulnerability information
such as CVE[18], and alerts related to vc, respectively. ND
behaves like a logical OR operation and contains details of
the results of actions.
NR represents the root node of the scenario attack graph.
For correlating the alerts, we refer to the approach
described in and define a new Alert Correlation Graph
(ACG) to map alerts in ACG to their respective nodes in
SAG. To keep track of attack progress, we track the source
and destination IP addresses for attack activities.
Definition 2 (Alert Correlation Graph).
An ACG is a three tuple ACG = (A; E; P), where
• A is a set of aggregated alerts. An alert a 2 A is a
data structure (src; dst; cls; ts) representing source
IP address, destination IP address, type of the alert,
and timestamp of the alert respectively.
• Each alert a maps to a pair of vertices (vc; vd) in
SAG using map (a) function,
• E is a set of directed edges representing correlation
between two alerts
• P is set of paths in ACG.
Algorithm 1 Alert Correlation
Require: alert ac , SAG, ACG
if (ac is a new alert) then create node ac in ACG
n1 ← vc 2 map (ac)
for all n2 parent(n1) do
create edge (n2,alert,ac )
for all Si containing a do
if a is the last element in Si then
append ac to Si
else
create path Si + 1 ={ subset(Si a)a c}
end if
end for
add ac to n1 alert
end for
end if
return S
Definition 3 (VM State). Based on the information
gathered from the network controller, VM states can be
defined as following:
• Stable: there does not exist any known vulnerability
on the VM.
• Vulnerable: presence of one or more vulnerabilities
on a VM, which remains unexploited.
• Exploited: at least one vulnerability has been
exploited and the VM is compromised.
• Zombie: VM is under control of attacker.
4. Nice System Design
In this section, we first present the system design
overview of NICE and then detailed descriptions of its
components.
4. Advances in Networks 2013; 1(2): 26-33 29
4.1. System Design Overview
The proposed NICE framework is illustrated in Figure
1.It shows the NICE framework within one cloud server
cluster. Major components in this framework are
distributed and light-weighted NICE-A on each physical
cloud server, a network controller, a VM profiling server,
and an attack analyzer. The latter three components are
located in a centralized control center connected to
software switches on each cloud server (i.e., virtual
switches built on one or multiple Linux software bridges).
Fig 1. NICE framework within one cloud server cluster
4.2. System Components
In this section we explain each component of NICE.
4.2.1. Nice-A
The NICE-A is a Network-based Intrusion Detection
System (NIDS) agent installed in either dom0 or domU in
each cloud server. It scans the traffic going through Linux
bridges that control all the traffic among VMs and in/out
from the physical cloud servers. NICEA is a software agent
implemented in each cloud server connected to the control
center through a dedicated and isolated secure channel,
which is separated from the normal data packets using
Open Flow tunneling or VLAN approaches. The network
controller is responsible for deploying attack
countermeasures based on decisions made by the attack
analyzer.
4.2.2. VM Profiling
Virtual machines in the cloud can be profiled to get
precise information about their state, services running,
open ports, etc.
VM profiles are maintained in a database and contain
comprehensive information about vulnerabilities, alert and
traffic. The data comes from:
Attack graph generator: while generating the attack
graph, every detected vulnerability is added to its
corresponding VM entry in the database.
NICE-A: the alert involving the VM will be recorded in
the VM profile database.
Network controller: the traffic patterns involving the
VM are based on 5 tuples (source MAC address,
destination MAC address, source IP address, destination IP
address, protocol). We can have traffic pattern where
packets emanate from a single IP and are delivered to
multiple destination IP addresses, and vice-versa.
4.2.3. Attack Analyzer
The major functions of NICE system are performed by
attack analyzer, which includes procedures such as attack
graph construction and update, alert correlation and
countermeasure selection.
The process of constructing and utilizing the Scenario
Attack Graph (SAG) consists of three phases: information
gathering, attack graph construction, and potential exploit
path analysis. With this information, attack paths can be
modeled using SAG.
In summary, NICE attack graph is constructed based on
the following information:
Cloud system information is collected from the node
controller and VM’s Virtual Interface (VIF) information.
Virtual network topology and configuration information
is collected from the network controller, every VM’s IP
address, MAC address, port information, and traffic flow
information.
Vulnerability information is generated by both on
demand vulnerability scanning.
4.2.4. Network Controller
The network controller is a key component to support
the programmable networking capability to realize the
virtual network reconfiguration feature based on Open-
Flow protocol[19]. In NICE, within each cloud server there
is a software switch, for example, Open vSwitch (OVS)[5],
which is used as the edge switch for VMs to handle traffic
in & out from VMs. The network controller is responsible
for collecting network information of current Open Flow
network and provides input to the attack analyzer to
construct attack graphs.
5. Mitigation and Countermeasures
In this section, we present the methods for selecting the
countermeasures for a given attack scenario. The
countermeasure serves the purpose of 1) protecting the
target VMs from being compromised; and 2) making attack
behavior stand prominent so that the attackers’ actions can
be identified.
5.1. Mitigation Strategies
Based on the security metrics defined in the previous
subsection, NICE is able to construct the mitigation
strategies in response to detected alerts. First, we define the
term countermeasure pool as follows:
Definition 4 (Countermeasure Pool)
5. 30 S. Uvaraj et al.: Secure Intrusion Detection and Attack Measure Selection
In Virtual Network Systems
A countermeasure pool CM = (cm1; cm2; cmn) is a set
of countermeasures. Where
• Cost is the unit that describes the expenses required
to apply the countermeasure in terms of resources
and operational complexity, and it is defined in a
range from 1 to 5, and higher metric means higher
cost;
• intrusiveness is the negative effect that a
countermeasure brings to the Service Level
Agreement (SLA) and its value ranges from the
least intrusive (1) to the most intrusive (5), and the
value of intrusiveness is 0 if the countermeasure
has no impacts on the SLA;
• Condition is the requirement for the corresponding
countermeasure;
• Effectiveness is the percentage of probability
changes of the node, for which this countermeasure
is applied.
Table 1. Possible Countermeasure Types
No. Countermeasure Intrusiveness Cost
1 Traffic redirection 3 3
2 Traffic isolation 4 2
3 Deep packet Inspection 3 3
4 Creating filtering rules 1 2
5 MAC address change 2 1
6 IP address change 2 1
7 Block port 4 1
8 Software patch 5 4
9 Quarantine 5 2
10 Network reconfiguration 0 5
11 Network topology change 0 5
5.2. Countermeasure Selection
Algorithm 2 presents how to select the optimal
countermeasure for a given attack scenario. Input to the
algorithm is an alert, attack graph G, and a pool of
countermeasures CM. The algorithm starts by selecting the
node vAlert that corresponds to the alert generated by a
NICE-A. The countermeasure which when applied on a
node gives the least value of ROI, is regarded as the
optimal countermeasure. Finally, SAG and ACG are also
updated before terminating the algorithm.
Fig 2. Virtual network topology for security evaluation
Algorithm 2 Countermeasure Selection
Require: Alert’s(E; V );CM
Let vAlert = Source node of the Alert
if Distance to Target(vAlert) > threshold then
Update ACG
Return
end if
Let T = Descendant(vAlert) U vAlert
Set Pr(vAlert) = 1
Calculate Risk Prob(T)
Let benefit[jTj; jCMj] = Ø
for each t E T do
for each cm E CM do
if cm:condition(t) then
Pr(t) = Pr(t) (1-cm:effectiveness)
Calculate Risk Prob(Descendant(t))
benefit[t; cm] = Pr(target node): (7)
end if
end for
end for
Let ROI[jTj; jCMj] = Ø
for each t E T do
for each cm E CM do
ROI[t; cm]
end for
end for
Update SAG and Update ACG
return Select Optimal CM(ROI)
Table 2. Vulnerabilities in the virtual networked system
Host Vulnerability Node CVE
Base
Scofe
VM group
LICQ buffer overflow 10
CVE2001-
0439
0.75
MS Video ActiveX
Stack buffer overflow
5
CVE2008-
0015
0.93
GNUC Library loader
flaw
22
CVE2010-
3847
0.69
Admin
Server
MS SMV service
Stack buffer overflow
2
CVE2008-
4050
0.93
Gateway
server
OpenSSL uses
predictable random
variable
15
CVE2008-
0166
0.78
Heap corruption in
OpenSSH
4
CVE2003-
0693
1
Improper cookies
handler in OpenSSH
9
CVE2007-
4752
0.75
Mail
server
Remote code
execution in SMTP
21
CVE2004-
0840
1
Squid port scan 19
CVE2001-
1030
0.75
Web
server
WebDAV
vulnerability in IIS
13
CVE2009-
1535
0.76
6. Performance Evaluation
In this section we present the performance evaluation of
NICE. Our evaluation is conducted in two directions: the
security performance, and the system computing and
network reconfiguration overhead due to introduced
security mechanism.
6. Advances in Networks 2013; 1(2): 26-33 31
6.1. Security Performance Analysis
To demonstrate the security performance of NICE, we
created a virtual network testing environment consisting of
all the presented components of NICE.
6.1.1. Environment and Configuration
To evaluate the security performance, a demonstrative
virtual cloud system consisting of public (public virtual
servers) and private (VMs) virtual domains is established
as shown in Figure 2. Cloud Servers 1 and 2 are connected
to Internet through the external firewall.
6.1.2. Attack Graph and Alert Correlation
The attack graph can be generated by utilizing network
topology and the vulnerability information, and it is shown
in Figure 3. As the attack progresses, the system generates
various alerts that can be related to the nodes in the attack
graph. Creating an attack graph requires knowledge of
network connectivity, running services and their
vulnerability information. This information is provided to
the attack graph generator as the input.
Fig 3. Attack graph for the test network.
Definition 5 (VM Security Index). VSI for a virtual
machine k is defined as V SIk = (Vk + Ek) =2, where
• Vk is vulnerability score for VM k. The score is the
exponential average of base score from each
vulnerability in the VM or a maximum 10, i.e., Vk
= minf10; lnPeBaseScore (v) g.
• Ek is exploitability score for VM k. It is the
exponential average of exploitability score for all
vulnerabilities or a maximum 10 multiplied by the
ratio of network services on the VM, i.e., basically,
vulnerability score considers the base scores of all
the vulnerabilities on a VM. The base score depicts
how easy it is for an attacker to exploit the
vulnerability and how much damage it may incur.
The exponential addition of base scores allows the
vulnerability score to incline towards higher base
score values and increases in logarithm-scale based
on the number of vulnerabilities.
Apart from calculating the benefit measurements, we
also present the evaluation based on Return of Investment
(ROI) using (8) and represent a comprehensive evaluation
considering benefit, cost and intrusiveness of
countermeasure. Figure 5 shows the ROI evaluations for
presented countermeasures. Results show that
countermeasures CM2 and CM8 on node 5 have the
maximum benefit evaluation; however their cost and
intrusiveness scores indicate that they might not be good
candidates for the optimal countermeasure and ROI
evaluation results confirm this. The ROI evaluations
demonstrate that CM4 on node 5 is the optimal solution.
Fig 4. Benefit evaluation chart
7. 32 S. Uvaraj et al.: Secure Intrusion Detection and Attack Measure Selection
In Virtual Network Systems
Fig 5. ROI evaluation chart
6.2. NICE System Performance
We evaluate system performance to provide guidance on
how much traffic NICE can handle for one cloud server
and use the evaluation metric to scale up to a large cloud
system. In a real cloud system, traffic planning is needed to
run NICE, which is beyond the scope of this paper. Due to
the space limitation, we will investigate the research
involving multiple cloud clusters in the future.
Fig 6. CPU utilization of NICE-A
7. Conclusion and Future Work
In this paper, we presented NICE, which is proposed to
detect and mitigate collaborative attacks in the cloud
virtual networking environment. NICE utilizes the attack
graph model to conduct attack detection and prediction.
The proposed solution investigates how to use the
programmability of software switches based solutions to
improve the detection accuracy and defeat victim
exploitation phases of collaborative attacks. The system
performance evaluation demonstrates the feasibility of
NICE and shows that the proposed solution can
significantly reduce the risk of the cloud system from being
exploited and abused by internal and external attackers.
NICE only investigates the network IDS approach to
counter zombie explorative attacks. In order to improve the
detection accuracy, host-based IDS solutions are needed to
be incorporated and to cover the whole spectrum of IDS in
the cloud system. This should be investigated in the future
work. Additionally, as indicated in the paper, we will
investigate the scalability of the proposed NICE solution
by investigating the decentralized network control and
attack analysis model based on current study.
References
[1] Coud Sercurity Alliance, “Top threats to cloud computing
v1.0,”https://cloudsecurityalliance.org/topthreats/csathreats.
v1.0.pdf,March 2010.
[2] M. Armbrust, A. Fox, R. Griffith, A. D. Joseph, R. Katz, A.
Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and
M. Zaharia, “A view of cloud computing,” Commun. ACM,
vol. 53, no. 4, pp. 50–58, Apr. 2010.
[3] B. Joshi, A. Vijayan, and B. Joshi, “Securing cloud
computing environment against DDoS attacks,” in
Computer Communication and Informatics (ICCCI), 2012
International Conference on, Jan. 2012, pp. 1 –5.
[4] H. Takabi, J. B. Joshi, and G. Ahn, “Security and privacy
challenges in cloud computing environments,” IEEE
Security & Privacy, vol. 8, no. 6, pp. 24–31, Dec. 2010.
[5] “Open vSwitch project,” http://openvswitch.org, May 2012.
[6] Z. Duan, P. Chen, F. Sanchez, Y. Dong, M. Stephenson,
and J. Barker, “Detecting spam zombies by monitoring
outgoing messages,” Dependable and Secure Computing,
IEEE Transactions on, vol. 9, no. 2, pp. 198 –210, Apr.
2012.
[6] G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee,
“BotHunter: detecting malware infection through IDS-
driven dialog correlation,” in Proceedings of 16th USENIX
Security Symposium on USENIX Security Symposium, ser.
SS’07. Berkeley, CA, USA: USENIX Association, 2007, pp.
12:1–12:16.
[7] G. Gu, J. Zhang, and W. Lee, “BotSniffer: detecting botnet
command and control channels in network traffic,” in
Proceedings of 15th Ann. Network and Distributed Sytem
Security Symposium, ser. NDSS’08, 2008.
[8] Sheyner, J. Haines, S. Jha, R. Lippmann, and J. M. Wing,
“Automated generation and analysis of attack graphs,” in
2002 IEEE Symposium on Security and Privacy, 2002.
Proceedings. IEEE, 2002, pp. 273– 284. “NuSMV: A new
symbolic model checker,” http://afrodite.itc.it:
1024/_nusmv.
[9] S. H. Ahmadinejad, S. Jalili, and M. Abadi, “A hybrid
model for correlating alerts of known and unknown attack
scenarios and updating attack graphs,” Computer Networks,
vol. 55, no. 9, pp. 2221–2240, Jun. 2011.
[10] X. Ou, S. Govindavajhala, and A. W. Appel, “MulVAL: a
logicbased network security analyzer,” in Proceedings of
the 14th conference on USENIX Security Symposium -
Volume 14. Berkeley, CA, USA: USENIX Association,
2005, pp. 8–8.
[11] R. Sadoddin and A. Ghorbani, “Alert correlation survey:
framework and techniques,” in Proceedings of the 2006
International Conference on Privacy, Security and Trust:
Bridge the Gap Between PST Technologies and Business
Services, ser. PST ’06. New York, NY, USA: ACM, 2006,
pp. 37:1–37:10.
[12] L. Wang, A. Liu, and S. Jajodia, “Using attack graphs for
correlating, hypothesizing, and predicting intrusion alerts,”
Computer Communications, vol. 29, no. 15, pp. 2917–2933,
Sep. 2006.
8. Advances in Networks 2013; 1(2): 26-33 33
[13] S. Roschke, F. Cheng, and C. Meinel, “A new alert
correlation algorithm based on attack graph,” in
Computational Intelligence in Security for Information
Systems, ser. Lecture Notes in Computer Science. Springer,
2011, vol. 6694, pp. 58–67.
[14] Roy, D. S. Kim, and K. Trivedi, “Scalable optimal
countermeasure selection using implicit enumeration on
attack countermeasure trees,” in Dependable Systems
Networks (DSN), 2012 IEEE/IFIP 42st International
Conference on, 2012.
[15] N. Poolsappasit, R. Dewri, and I. Ray, “Dynamic security
risk management using bayesian attack graphs,”
Dependable and Secure Computing, IEEE Transactions on,
vol. 9, no. 1, pp. 61 –74, Feb. 2012.
[16] Open Networking Fundation, “Software-defined networking:
The new norm for networks,” ONF White Paper, April 2012.
“Openflow.” [Online]. Available:
http://www.openflow.org/wp/learnmore/
[17] N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L.
Peterson, J. Rexford, S. Shenker, and J. Turner, “OpenFlow:
enabling innovation in campus networks,” SIGCOMM
Comput. Commun. Rev., vol. 38, no. 2, pp. 69–74, Mar.
2008.
[18] E. Keller, J. Szefer, J. Rexford, and R. B. Lee, “NoHype:
virtualized cloud infrastructure without the virtualization,”
in Proceedings of the 37th annual international symposium
on Computer architecture,ser. ISCA ’10. New York, NY,
USA: ACM, 2010, pp. 350–361.
[19] X. Ou, W. F. Boyer, and M. A. McQueen, “A scalable
approach to attack graph generation,” in Proceedings of the
13th ACM conference on Computer and communications
security, ser. CCS ’06. New York, NY, USA: ACM, 2006,
pp. 336–345.Mitre Corporation, “Common vulnerabilities
and exposures, CVE,” http://cve.mitre.org/.