A survey on latest botnet attack and defense

A botnet is a group of compromised computers, which are remotely controlled by hackers to launch various network attacks, such as DDoS attack and information phishing. Botnet has become a popular and productive tool behind many cyber attacks. Recently, the owners of some botnets, such as storm worm, torpig and conflicker, are employing fluxing techniques to evade detection. Therefore, the understanding of their fluxing tricks is critical to the success of defending from botnet attacks. Motivated by this, we survey the latest botnet attacks and defenses in this paper. We begin with introducing the principles of fast fluxing (FF) and domain fluxing (DF), and explain how these techniques were employed by botnet owners to fly under the radar. Furthermore, we investigate the state-of-art research on fluxing detection. We also compare and evaluate those fluxing detection methods by multiple criteria. Finally, we discuss future directions on fighting against botnet based attacks.

Attack vector analysis and privacy-preserving social network data publishing

This paper addresses the problem of privacy-preserving data publishing for social network. Research on protecting the privacy of individuals and the confidentiality of data in social network has recently been receiving increasing attention. Privacy is an important issue when one wants to make use of data that involves individuals' sensitive information, especially in a time when data collection is becoming easier and sophisticated data mining techniques are becoming more efficient. In this paper, we discuss various privacy attack vectors on social networks. We present algorithms that sanitize data to make it safe for release while preserving useful information, and discuss ways of analyzing the sanitized data. This study provides a summary of the current state-of-the-art, based on which we expect to see advances in social networks data publishing for years to come.

Improvement of DDoS attack detection and web access anonymity

The thesis has covered a range of algorithms that help to improve the security of web services. The research focused on the problems of DDoS attack and traffic analysis attack against service availability and information privacy respectively. Finally, this research significantly advantaged DDoS attack detection and web access anonymity.

Trust mechanisms in wireless sensor networks : attack analysis and countermeasures

As the trust issue in wireless sensor networks is emerging as one important factor in security schemes, it is necessary to analyze how to resist attacks with a trust scheme. In this paper we categorize various types of attacks and countermeasures related to trust schemes in WSNs. Furthermore, we provide the development of trust mechanisms, give a short summarization of classical trust methodologies and emphasize the challenges of trust scheme in WSNs. An extensive literature survey is presented by summarizing state-of-the-art trust mechanisms in two categories: secure routing and secure data. Based on the analysis of attacks and the existing research, an open field and future direction with trust mechanisms in WSNs is provided.

Web application protection against SQL injection attack

SQL injection vulnerabilities poses a severe threat to web applications as an SQL Injection Attack (SQLIA) could adopt new obfuscation techniques to evade and thwart countermeasures such as Intrusion Detection Systems (IDS). SQLIA gains access to the back-end database of vulnerable websites, allowing hackers to execute SQL commands in a web application resulting in financial fraud and website defacement. The lack of existing models in providing protections against SQL injection has motivated this paper to present a new and enhanced model against web database intrusions that use SQLIA techniques. In this paper, we propose a novel concept of negative tainting along with SQL keyword analysis for preventing SQLIA and described our that we implemented. We have tested our proposed model on all types of SQLIA techniques by generating SQL queries containing legitimate SQL commands and SQL Injection Attack. Evaluations have been performed using three different applications. The results show that our model protects against 100% of tested attacks before even reaching the database layer.

CBF : A packet filtering method for DDoS attack defense in cloud environment

Distributed Denial-of-Service attack (DDoS) is a major threat for cloud environment. Traditional defending approaches cannot be easily applied in cloud security due to their relatively low efficiency, large storage, to name a few. In view of this challenge, a Confidence-Based Filtering method, named CBF, is investigated for cloud computing environment, in this paper. Concretely speaking, the method is deployed by two periods, i.e., non-attack period and attack period. More specially, legitimate packets are collected at non-attack period, for extracting attribute pairs to generate a nominal profile. With the nominal profile, the CBF method is promoted by calculating the score of a particular packet at attack period, to determine whether to discard it or not. At last, extensive simulations are conducted to evaluate the feasibility of the CBF method. The result shows that CBF has a high scoring speed, a small storage requirement and an acceptable filtering accuracy, making it suitable for real-time filtering in cloud environment.

Patchwork-based stereo audio watermarking against de-synchronization attack

Audio watermarking schemes using patchworkbased algorithm have good robustness against majority of the watermarking attacks. However, these watermarking schemes are vulnerable to de-synchronization attack. This paper proposes a patchwork-based watermarking scheme for stereo audio signals to address this problem. To improve the robustness, the proposed method exploits the similarities of both channels in the stereo audio signals. Given a stereo audio signal, we first compute the discrete cosine transform (DCT) of both channels, which gives two sets of DCT coefficients. Then DCT segments are formed form DCT coefficients belong to a certain frequency range. The DCT segment formation is determined by a pseudonoise (PN) sequence which acts as a secret key. Then watermark bits are embedded into DCT segments by modifying the DCT coefficients. In the decoding process the secret key is used to extract the watermark bits embedded in the DCT segments. Simulation results illustrate the effectiveness of the proposed method against de-synchronization attack, compared to latest patchwork-based audio watermarking scheme. Besides, the proposed algorithm also gives better robustness against other conventional attacks.

A modified moment-based image watermarking method robust to cropping attack

Developing a watermarking method that is robust to cropping attack is a challenging task in image watermarking. The moment-based watermarking schemes show good robustness to common signal processing attacks and some geometric attacks but are sensitive to cropping attack. In this paper, we modify the moment-based approach to deal with cropping attack. Firstly, we find the probability density function (pdf) of the pixel value distribution from the original image. Secondly, we reshape and normalize the pdf of the pixel value distribution (PPVD) to form a two dimensional image. Then, the moment invariants are calculated from the PPVD image. Since PPVD is insensitive to cropping, the proposed method is robust to cropping attack. Besides, it also has high robustness against other common attacks. Experimental results demonstrate the effectiveness of the proposed method.

An attack-resistant hybrid data-privatization method with low information loss

We examine a recent proposal for data-privatization by testing it against well-known attacks, we show that all of these attacks successfully retrieve a relatively large (and unacceptable) portion of the original data. We then indicate how the data-privatization method examined can be modified to assist it to withstand these attacks and compare the performance of the two approaches. We also show that the new method has better privacy and lower information loss than the former method.

A recognition tool for transient ischaemic attack

Background: Scoring systems exist to assist rapid identification of acute stroke but not for the more challenging diagnosis of transient ischaemic attack (TIA). Aim: To develop a clinical scoring system to assist with diagnosis of TIA. Methods: We developed and validated a clinical scoring system for identification of TIA patients. Logistic regression analysis was employed. Results: Our development cohort comprised 3216 patients. The scoring system included nine clinically useful predictive variables. After adjustment to reflect the greater seriousness of missing true TIA patients (a 2:1 cost ratio), 97% of TIA and 24% of non-TIA patients were accurately identified. Our results were confirmed during prospective validation. Conclusions: This simple scoring system performs well and could be used to facilitate accurate detection of TIA.

DDoS attack detection at local area networks using information theoretical metrics

DDoS attacks are one of the major threats to Internet services. Sophisticated hackers are mimicking the features of legitimate network events, such as flash crowds, to fly under the radar. This poses great challenges to detect DDoS attacks. In this paper, we propose an attack feature independent DDoS flooding attack detection method at local area networks. We employ flow entropy on local area network routers to supervise the network traffic and raise potential DDoS flooding attack alarms when the flow entropy drops significantly in a short period of time. Furthermore, information distance is employed to differentiate DDoS attacks from flash crowds. In general, the attack traffic of one DDoS flooding attack session is generated by many bots from one botnet, and all of these bots are executing the same attack program. As a result, the similarity among attack traffic should higher than that among flash crowds, which are generated by many random users. Mathematical models have been established for the proposed detection strategies. Analysis based on the models indicates that the proposed methods can raise the alarm for potential DDoS flooding attacks and can differentiate DDoS flooding attacks from flash crowds with conditions. The extensive experiments and simulations confirmed the effectiveness of our proposed detection strategies.

Neighbourhood-pair attack in social network data publishing

Vertex re-identification is one of the significant and challenging problems in social network. In this paper, we show a new type of vertex reidentification attack called neighbourhood-pair attack. This attack utilizes the neighbourhood topologies of two connected vertices. We show both theoretically and empirically that this attack is possible on anonymized social network and has higher re-identification rate than the existing structural attacks.

Packet faking attack: a novel attack and detection mechanism in OppNets

 Security is a major challenge in Opportunistic Networks (OppNets) due to its characteristics of being an open medium with dynamic topology, there is neither a centralized management nor clear lines of defence. A packet dropping attack is one of the major security threats in OppNets as neither source nodes nor destination nodes have any knowledge of when or where a packet will be dropped. In this paper, we present a novel attack and detection mechanism against a special type of packet dropping where the malicious node drops one packet or more and injects a new fake packet instead. Our novel detection mechanism is very powerful and has very high accuracy. It relies on a very simple yet powerful idea; the creation time of each packet. Significant results show this robust mechanism achieves a very high accuracy and detection rate.

Analysis of insiders attack mitigation strategies

Insider threat has become a serious information security issues within organizations. In this paper, we analyze the problem of insider threats with emphases on the Cloud computing platform. Security is one of the major anxieties when planning to adopt the Cloud. This paper will contribute towards the conception of mitigation strategies that can be relied on to solve the malicious insider threats. While Cloud computing relieves organizations from the burden of the data management and storage costs, security in general and the malicious insider threats in particular is the main concern in cloud environments. We will analyses the existing mitigation strategies to reduce malicious insiders threats in Cloud computing.