Search results for "network security"

showing 10 items of 37 documents

Countering Adversarial Inference Evasion Attacks Towards ML-Based Smart Lock in Cyber-Physical System Context

2021

Machine Learning (ML) has been taking significant evolutionary steps and provided sophisticated means in developing novel and smart, up-to-date applications. However, the development has also brought new types of hazards into the daylight that can have even destructive consequences required to be addressed. Evasion attacks are among the most utilized attacks that can be generated in adversarial settings during the system operation. In assumption, ML environment is benign, but in reality, perpetrators may exploit vulnerabilities to conduct these gradient-free or gradient-based malicious adversarial inference attacks towards cyber-physical systems (CPS), such as smart buildings. Evasion attac…

ExploitComputer sciencebusiness.industryCyber-physical systemevasion attacksEvasion (network security)Context (language use)Adversarial machine learningComputer securitycomputer.software_genreadversarial machine learningdefensive mechanismscyber-physical systemAdversarial systemSmart lockkoneoppiminenälytekniikkabusinesskyberturvallisuuscomputerverkkohyökkäyksetBuilding automation
researchProduct

Analysis of Approaches to Internet Traffic Generation for Cyber Security Research and Exercise

2015

Because of the severe global security threat of malwares, vulnerabilities and attacks against networked systems cyber-security research, training and exercises are required for achieving cyber resilience of organizations. Especially requirement for organizing cyber security exercises has become more and more relevant for companies or government agencies. Cyber security research, training and exercise require closed Internet like environment and generated Internet traffic. JAMK University of Applied Sciences has built a closed Internet-like network called Realistic Global Cyber Environment (RGCE). The traffic generation software for the RGCE is introduced in this paper. This paper describes …

Engineeringbusiness.industryNetwork securityInternet trafficComputer securitycomputer.software_genreInternet Architecture BoardInternational securityUse caseThe InternetbusinessResilience (network)computerTraffic generation model
researchProduct

A bio-inspired approach to attack graphs analysis

2018

Computer security has recently become more and more important as the world economy dependency from data has kept growing. The complexity of the systems that need to be kept secure calls for new models capable of abstracting the interdependencies among heterogeneous components that cooperate at providing the desired service. A promising approach is attack graph analysis, however the manual analysis of attack graphs is tedious and error prone. In this paper we propose to apply the metabolic network model to attack graphs analysis, using three interacting bio-inspired algorithms: topological analysis, flux balance analysis, and extreme pathway analysis. A developed framework for graph building…

Bio-inspired techniqueTheoretical computer scienceComputer scienceNetwork securitybusiness.industrymedia_common.quotation_subjectComputer Science (all)Bio-inspired techniquesNetwork securityAttack graphPathway analysisFlux balance analysisTheoretical Computer ScienceInterdependenceAttack graphMetabolic network modelAttack graphs; Bio-inspired techniques; Network securityGraph (abstract data type)businessAttack graphsmedia_common
researchProduct

Data Mining Approach for Detection of DDoS Attacks Utilizing SSL/TLS Protocol

2015

Denial of Service attacks remain one of the most serious threats to the Internet nowadays. In this study, we propose an algorithm for detection of Denial of Service attacks that utilize SSL/TLS protocol. These protocols encrypt the data of network connections on the application layer which makes it impossible to detect attackers activity based on the analysis of packet payload. For this reason, we concentrate on statistics that can be extracted from packet headers. Based on these statistics, we build a model of normal user behavior by using several data mining algorithms. Once the model has been built, it is used to detect DoS attacks. The proposed framework is tested on the data obtained w…

Transport Layer SecurityNetwork securitybusiness.industryNetwork packetComputer scienceComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKSDenial-of-service attackIntrusion detection systemcomputer.software_genreApplication layerAnomaly detectionThe InternetData miningbusinesscomputerComputer network
researchProduct

HyperWall: A Hypervisor for Detection and Prevention of Malicious Communication

2020

Malicious programs vary widely in their functionality, from key-logging to disk encryption. However, most malicious programs communicate with their operators, thus revealing themselves to various security tools. The security tools incorporated within an operating system are vulnerable to attacks due to the large attack surface of the operating system kernel and modules. We present a kernel module that demonstrates how kernel-mode access can be used to bypass any security mechanism that is implemented in kernel-mode. External security tools, like firewalls, lack important information about the origin of the intercepted packets, thus their filtering policy is usually insufficient to prevent c…

021110 strategic defence & security studiesSoftware_OPERATINGSYSTEMSNetwork securitybusiness.industryComputer scienceNetwork packet0211 other engineering and technologiesHypervisor02 engineering and technologyAttack surfaceComputer securitycomputer.software_genreOperator (computer programming)Trusted computing baseDisk encryptionKernel (image processing)020204 information systems0202 electrical engineering electronic engineering information engineeringbusinesscomputer
researchProduct

Remote Attestation of Software and Execution-Environment in Modern Machines

2015

The research on network security concentrates mainly on securing the communication channels between two endpoints, which is insufficient if the authenticity of one of the endpoints cannot be determined with certainty. Previously presented methods that allow one endpoint, the authentication authority, to authenticate another remote machine. These methods are inadequate for modern machines that have multiple processors, introduce virtualization extensions, have a greater variety of side effects, and suffer from nondeterminism. This paper addresses the advances of modern machines with respect to the method presented by Kennell. The authors describe how a remote attestation procedure, involving…

ta113AuthenticationMulti-core processorNetwork securitybusiness.industryComputer sciencesoftwaremedia_common.quotation_subjectDistributed computingTrusted ComputingCertaintyComputer securitycomputer.software_genreVirtualizationVariety (cybernetics)remote attestationSoftwarenetwork securitybusinesscomputermedia_commonexecution-environment
researchProduct

A resilient distributed measurement system for smart grid application

2020

Since the production of energy from renewable energy sources is strongly increasing, the migration from the classical electric grid toward the smart grid is becoming a reality. Distribution System Operators, along with the control of the entire network and its stability, need to address the security and the reliability of the communication channels and the data itself. In this paper a solution is proposed to address these issues. It is based on a distributed measurement system that relies on a wireless network as well as a redundant Power Line communication system in order to transfer the electrical measures to a centralized SCADA server. The collected data are used to run a power flow algo…

Distributed measurement systemsWireless networkbusiness.industryComputer scienceReliability (computer networking)Distributed computingSmart gridGridelectric load flowHuman-machine interfaceslaw.inventionPower-line communicationSmart gridSCADAlawElectrical networknetwork securityElectricitySCADAbusinesscarrier transmission on power linesSettore ING-INF/07 - Misure Elettriche E Elettroniche
researchProduct

A nested virtualization tool for information technology practical education

2016

Background A common problem of some information technology courses is the difficulty of providing practical exercises. Although different approaches have been followed to solve this problem, it is still an open issue, specially in security and computer network courses. Results This paper proposes NETinVM, a tool based on nested virtualization that includes a fully functional lab, comprising several computers and networks, in a single virtual machine. It also analyzes and evaluates how it has been used in different teaching environments. Conclusions The results show that this tool makes it possible to perform demos, labs and practical exercises, greatly appreciated by the students, that woul…

Lecture-based learningNetwork securityComputer scienceProblem-based learningDistributed computingNested virtualization02 engineering and technologyMultidisciplinary approach020204 information systems0202 electrical engineering electronic engineering information engineeringComputingMilieux_COMPUTERSANDEDUCATIONComputer networksSystem administrationMultidisciplinarybusiness.industry05 social sciences050301 educationInformation technologyNetwork securityNested virtualizationProblem-based learningSystem administrationbusinessSoftware engineering0503 educationSoftwareSpringerPlus
researchProduct

Security and Privacy in Wireless IoT

2018

The 13 articles in this special section focus on security and privacy in wireless Internet of Things (IoT). IoT is a paradigm that involves networked physical objects with embedded technologies to collect, communicate, sense, and interact with the external environment through wireless or wired connections. With rapid advancements in IoT technology, the number of IoT devices is expected to surpass 50 billion by 2020, which has also drawn the attention of attackers who seek to exploit the merits of this new technology for their own benefits. There are many potential security and privacy threats to IoT, such as attacks against IoT systems and unauthorized access to private information of end u…

020203 distributed computingExploitEnd userbusiness.industryWireless networkComputer scienceNetwork security020206 networking & telecommunications02 engineering and technologyComputer securitycomputer.software_genreComputer Science Applications0202 electrical engineering electronic engineering information engineeringWirelessEnergy supplyElectrical and Electronic EngineeringInternet of ThingsbusinessPrivate information retrievalcomputerIEEE Wireless Communications
researchProduct

On Application-Layer DDoS Attack Detection in High-Speed Encrypted Networks

2016

Application-layer denial-of-service attacks have become a serious threat to modern high-speed computer networks and systems. Unlike network-layer attacks, application-layer attacks can be performed by using legitimate requests from legitimately connected network machines which makes these attacks undetectable for signature-based intrusion detection systems. Moreover, the attacks may utilize protocols that encrypt the data of network connections in the application layer making it even harder to detect attacker’s activity without decrypting users network traffic and violating their privacy. In this paper, we present a method which allows us to timely detect various applicationlayer attacks ag…

intrusion detectiondenial of servicenetwork securitytraffic clusteringanomaly detection
researchProduct