New developments in network forensics - tools and techniques

Network forensics is a branch of digital forensics which has evolved recently as a very important discipline used in monitoring and analysing network traffic-particularly for the purposes of tracing intrusions and attacks. This paper presents an analysis of the tools and techniques used in network forensic analysis. It further examines the application of network forensics to vital areas such as malware and network attack detection; IP traceback and honeypots; and intrusion detection. Further, the paper addresses new and emerging areas of network forensic development which include critical infrastructure forensics, wireless network forensics, as well as its application to social networking. © 2012 IEEE.

Malware detection and prevention in RFID systems

The threat that malware poses to RFID systems was identified only recently. Fortunately, all currently known RFID malware is based on SQLIA. Therefore, in this chapter we propose a dual pronged, tag based SQLIA detection and prevention method optimized for RFID systems. The first technique is a SQL query matching approach that uses simple string comparisons and provides strong security against a majority of the SQLIA types possible on RFID systems. To provide security against second order SQLIA, which is a major gap in the current literature, we also propose a tag data validation and sanitization technique. The preliminary evaluation of our query matching technique is very promising, showing 100% detection rates and 0% false positives for all attacks other than second order injection.

Secure RFID tag ownership transfer based on quadratic residues

In this paper, we propose a novel approach to secure ownership transfer in RFID systems based on the quadratic residue property. We present two secure ownership transfer schemes-the closed loop and open loop schemes. An important property of our schemes is that ownership transfer is guaranteed to be atomic. Further, both our schemes are suited to the computational constraints of EPC Class-1 Gen-2 passive RFID tags as they only use operations that such passive RFID tags are capable of. We provide a detailed security analysis to show that our schemes achieve strong privacy and satisfy the required security properties of tag anonymity, tag location privacy, forward secrecy, and forward untraceability. We also show that the schemes are resistant to replay (both passive and algebraic), desynchronization, and server impersonation attacks. Performance comparisons demonstrate that our schemes are practical and can be implemented on low-cost passive RFID tags.

Predator behaviour and predation risk in the heterogeneous Arctic environment

1. Habitat heterogeneity and predator behaviour can strongly affect predator–prey interactions but these factors are rarely considered simultaneously, especially when systems encompass multiple predators and prey.

2. In the Arctic, greater snow geese Anser caerulescens atlanticus L. nest in two structurally different habitats: wetlands that form intricate networks of water channels, and mesic tundra where such obstacles are absent. In this heterogeneous environment, goose eggs are exposed to two types of predators: the arctic fox Vulpes lagopus L. and a diversity of avian predators. We hypothesized that, contrary to birds, the hunting ability of foxes would be impaired by the structurally complex wetland habitat, resulting in a lower predation risk for goose eggs.

3. In addition, lemmings, the main prey of foxes, show strong population cycles. We thus further examined how their fluctuations influenced the interaction between habitat heterogeneity and fox predation on goose eggs.

4. An experimental approach with artificial nests suggested that foxes were faster than avian predators to find unattended goose nests in mesic tundra whereas the reverse was true in wetlands. Foxes spent 3·5 times more time between consecutive attacks on real goose nests in wetlands than in mesic tundra. Their attacks on goose nests were also half as successful in wetlands than in mesic tundra whereas no difference was found for avian predators.

5. Nesting success in wetlands (65%) was higher than in mesic tundra (56%) but the difference between habitats increased during lemming crashes (15%) compared to other phases of the cycle (5%). Nests located at the edge of wetland patches were also less successful than central ones, suggesting a gradient in accessibility of goose nests in wetlands for foxes.

6. Our study shows that the structural complexity of wetlands decreases predation risk from foxes but not avian predators in arctic-nesting birds. Our results also demonstrate that cyclic lemming populations indirectly alter the spatial distribution of productive nests due to a complex interaction between habitat structure, prey-switching and foraging success of foxes.

Smart grid

All over the world, electrical power systems are encountering radical change stimulated by the urgent need to decarbonize electricity supply, to swap aging resources and to make effective application of swiftly evolving information and communication technologies (ICTs). All of these goals converge toward one direction; ‘Smart Grid.’ The Smart Grid can be described as the transparent, seamless, and instantaneous two-way delivery of energy information, enabling the electricity industry to better manage energy delivery and transmission and empowering consumers to have more control over energy decisions. Basically, the vision of Smart Grid is to provide much better visibility to lower-voltage networks as well as to permit the involvement of consumers in the function of the power system, mostly through smart meters and Smart Homes. A Smart Grid incorporates the features of advanced ICTs to convey real-time information and facilitate the almost instantaneous stability of supply and demand on the electrical grid. The operational data collected by Smart Grid and its sub-systems will allow system operators to quickly recognize the best line of attack to protect against attacks, susceptibility, and so on, sourced by a variety of incidents. However, Smart Grid initially depends upon knowing and researching key performance components and developing the proper education program to equip current and future workforce with the knowledge and skills for exploitation of this greatly advanced system. The aim of this chapter is to provide a basic discussion of the Smart Grid concept, evolution and components of Smart Grid, environmental impacts of Smart Grid and then in some detail, to describe the technologies that are required for its realization. Even though the Smart Grid concept is not yet fully defined, the chapter will be helpful in describing the key enabling technologies and thus allowing the reader to play a part in the debate over the future of the Smart Grid. The chapter concludes with the experimental description and results of developing a hybrid prediction method for solar power which is applicable to successfully implement the ‘Smart Grid.’

Re-mapping class and caste consciousness: short narratives of South Asian diaspora in Australia

Thanks to Bollywood, a Non-Resident Indian (NRI) is predominantly imagined, back home in India, as super-rich, fully westernized in manners and doing India proud in foreign lands. One reason for this as explained by renowned Bollywood producer-director Late Yash Chopra, in his address at the first Pravasi Bharatiya Divas (Expatriate Indians Day) in 2003, is that as a director he is also working as a ‘historian’ and carrying on his shoulders the ‘moral responsibility [ … ] to depict India [and the Indian Diaspora] at its best’. In this regard, Ghassan Hage also notes that the ‘last thing’ the migrants (particularly men) would like to share with their families back home is shocking stories about racism, discrimination or prejudices that they may have experienced in public or the workplace. Such a revelation would obviously be followed by ‘why did you make us suffer and move to the end of the world just to get demeaned and insulted?’ Hage further notes that therefore the migrants’ familial and class experiences, be it in films, literature or even some sociological studies, are often ‘portrayed as a positive experience’ and this is ‘how the whole migratory enterprise continues to legitimise itself’'. It could be argued that this is one of the reasons the alleged ‘racist’ attacks against Indian students received so much attention in the Indian media. It was not just discrimination but the notion of discrimination and second class treatment (based on skin colour and origin) against the revered and much envied diasporic Indian that created such a media furor in India.

Analysis of a patchwork-based audio watermarking scheme

Recently, a patchwork-based audio watermarking scheme has been proposed in [1], which embeds watermarks by modifying the means of absolute-valued discrete cosine transform (DCT) coefficients corresponding to suitable fragments. This audio watermarking scheme is more robust to common attacks than the existing counterparts. In this paper, we presents a detailed analysis of this audio watermarking scheme. We first derive a probability density function (pdf) of a random variable corresponding to the mean of an absolute-valued DCT fragment. Then, based on the obtained pdf, we show how watermarking parameters affect the performance of the concerned audio watermarking scheme. The analysis result provides a guideline for the selection of watermarking parameters. The effectiveness of our analysis is verified by simulations using a large number of real-world audio segments.

A modified moment-based image watermarking method robust to cropping attack

Developing a watermarking method that is robust to cropping attack is a challenging task in image watermarking. The moment-based watermarking schemes show good robustness to common signal processing attacks and some geometric attacks but are sensitive to cropping attack. In this paper, we modify the moment-based approach to deal with cropping attack. Firstly, we find the probability density function (pdf) of the pixel value distribution from the original image. Secondly, we reshape and normalize the pdf of the pixel value distribution (PPVD) to form a two dimensional image. Then, the moment invariants are calculated from the PPVD image. Since PPVD is insensitive to cropping, the proposed method is robust to cropping attack. Besides, it also has high robustness against other common attacks. Experimental results demonstrate the effectiveness of the proposed method.

Crime toolkits : the productisation of cybercrime

The productisation of crime toolkits is happening at an ever-increasing rate. Previous attacks that required indepth knowledge of computer systems can now be purchased online. Large scale attacks previously requiring months to setup a botnet can now be scheduled for a small fee. Criminals are leveraging this opportunity of commercialization, by compromising web applications and user's browser, to gain advantages such as using the computer's resources for launching further attacks, or stealing data such as identifying information. Crime toolkits are being developed to attack an increasing number of applications and can now be deployed by attackers with little technical knowledge. This paper surveys the current trends in crime toolkits, with a case study on the Zeus botnet. We profile the types of exploits that malicious writers prefer, with a view to predicting future attack trends. We find that the scope for damage is increasing, particularly as specialisation and scale increase in cybercrime.

Information security governance: the art of detecting hidden malware

Detecting malicious software or malware is one of the major concerns in information security governance as malware authors pose a major challenge to digital forensics by using a variety of highly sophisticated stealth techniques to hide malicious code in computing systems, including smartphones. The current detection techniques are futile, as forensic analysis of infected devices is unable to identify all the hidden malware, thereby resulting in zero day attacks. This chapter takes a key step forward to address this issue and lays foundation for deeper investigations in digital forensics. The goal of this chapter is, firstly, to unearth the recent obfuscation strategies employed to hide malware. Secondly, this chapter proposes innovative techniques that are implemented as a fully-automated tool, and experimentally tested to exhaustively detect hidden malware that leverage on system vulnerabilities. Based on these research investigations, the chapter also arrives at an information security governance plan that would aid in addressing the current and future cybercrime situations.

Using feature selection and classification scheme for automating phishing email detection

Email has become the critical communication medium for most organizations. Unfortunately, email-born attacks in computer networks are causing considerable economic losses worldwide. Exiting phishing email blocking appliances have little effect in weeding out the vast majority of phishing emails. At the same time, online criminals are becoming more dangerous and sophisticated. Phishing emails are more active than ever before and putting the average computer user and organizations at risk of significant data, brand and financial loss. In this paper, we propose a hybrid feature selection approach based combination of content-based and behaviour-based. The approach could mine the attacker behaviour based on email header. On a publicly available test corpus, our hybrid features selection is able to achieve 94% accuracy rate.

Crime toolkits : the current threats to web applications

Increasingly, web applications are being developed over the Internet. Securing these web applications is becoming important as they hold critical security features. However, cybercriminals are becoming smarter by developing a crime toolkit, and employing sophisticated techniques to evade detection. These crime toolkits can be used by any person to target Internet users. In this paper, we explore the techniques used in crime toolkits. We present a current state-of-the-art analysis of crime toolkits and focus on attacks against web applications. The crime toolkit techniques are compared with the vulnerability of web applications to help reveal particular behaviour such as popular web application vulnerabilities that malicious writers prefer. In addition, we outline the existing protection mechanism, and observe that the possibility for damage is rising, particularly as specialization and scale increase in cybercrime.

Malware detection and prevention system based on multi-stage rules

The continuously rising Internet attacks pose severe challenges to develop an effective Intrusion Detection System (IDS) to detect known and unknown malicious attack. In order to address the problem of detecting known, unknown attacks and identify an attack grouped, the authors provide a new multi stage rules for detecting anomalies in multi-stage rules. The authors used the RIPPER for rule generation, which is capable to create rule sets more quickly and can determine the attack types with smaller numbers of rules. These rules would be efficient to apply for Signature Intrusion Detection System (SIDS) and Anomaly Intrusion Detection System (AIDS).