Progettazione di un sistema per la configurazione centralizzata di intrusion detection system

Il rilevamento di intrusioni nel contesto delle pratiche di Network Security Monitoring è il processo attraverso cui, passando per la raccolta e l'analisi di dati prodotti da una o più fonti di varia natura, (p.e. copie del traffico di rete, copie dei log degli applicativi/servizi, etc..) vengono identificati, correlati e analizzati eventi di sicurezza con l'obiettivo di rilevare potenziali tenativi di compromissione al fine di proteggere l'asset tecnologico all'interno di una data infrastruttura di rete. Questo processo è il prodotto di una combinazione di hardware, software e fattore umano. Spetta a quest'ultimo nello specifico il compito più arduo, ovvero quello di restare al passo con una realtà in continua crescita ed estremamente dinamica: il crimine informatico. Spetta all'analista filtrare e analizzare le informazioni raccolte in merito per contestualizzarle successivamente all'interno della realta che intende proteggere, con il fine ultimo di arricchire e perfezionare le logiche di rilevamento implementate sui sistemi utilizzati. È necessario comprendere come il mantenimento e l'aggiornamento di questi sistemi sia un'attività che segue l'evolversi delle tecnologie e delle strategie di attacco. Un suo svolgimento efficacie ed efficiente risulta di primaria importanza per consentire agli analisti di focalizzare le proprie risorse sulle attività di investigazione di eventi di sicurezza, ricerca e aggiornamento delle logiche di rilevamento, minimizzando quelle ripetitive, "time consuming", e potenzialmente automatizzabili. Questa tesi ha come obiettivo quello di presentare un possibile approccio ad una gestione automatizzata e centralizzata di sistemi per il rilevamento delle intrusioni, ponendo particolare attenzione alle tecnologie IDS presenti sul panorama open source oltre a rapportare tra loro gli aspetti di scalabilità e personalizzazione che ci si trova ad affrontare quando la gestione viene estesa ad infrastrutture di rete eterogenee e distribuite.

Enhancing quality of service in software-defined networks

Resource management is of paramount importance in network scenarios and it is a long-standing and still open issue. Unfortunately, while technology and innovation continue to evolve, our network infrastructure system has been maintained almost in the same shape for decades and this phenomenon is known as “Internet ossification”. Software-Defined Networking (SDN) is an emerging paradigm in computer networking that allows a logically centralized software program to control the behavior of an entire network. This is done by decoupling the network control logic from the underlying physical routers and switches that forward traffic to the selected destination. One mechanism that allows the control plane to communicate with the data plane is OpenFlow. The network operators could write high-level control programs that specify the behavior of an entire network. Moreover, the centralized control makes it possible to define more specific and complex tasks that could involve many network functionalities, e.g., security, resource management and control, into a single framework. Nowadays, the explosive growth of real time applications that require stringent Quality of Service (QoS) guarantees, brings the network programmers to design network protocols that deliver certain performance guarantees. This thesis exploits the use of SDN in conjunction with OpenFlow to manage differentiating network services with an high QoS. Initially, we define a QoS Management and Orchestration architecture that allows us to manage the network in a modular way. Then, we provide a seamless integration between the architecture and the standard SDN paradigm following the separation between the control and data planes. This work is a first step towards the deployment of our proposal in the University of California, Los Angeles (UCLA) campus network with differentiating services and stringent QoS requirements. We also plan to exploit our solution to manage the handoff between different network technologies, e.g., Wi-Fi and WiMAX. Indeed, the model can be run with different parameters, depending on the communication protocol and can provide optimal results to be implemented on the campus network.

Real-time PMU monitoring of an IEEE 5-Bus Network implemented on OPAL system

This thesis studies the state-of-the-art of phasor measurement units (PMUs) as well as their metrological requirements stated in the IEEE C37.118.1 and C37.118.2 Standards for guaranteeing correct measurement performances. Communication systems among PMUs and their possible applicability in the field of power quality (PQ) assessment are also investigated. This preliminary study is followed by an analysis of the working principle of real-time (RT) simulators and the importance of hardware-in-the-loop (HIL) implementation, examining the possible case studies specific for PMUs, including compliance tests which are one of the most important parts. The core of the thesis is focused on the implementation of a PMU model in the IEEE 5-bus network in Simulink and in the validation of the results using OPAL RT-4510 as a real-time simulator. An initial check allows one to get an idea about the goodness of the results in Simulink, comparing the PMU data with respect to the load-flow steady-state information. In this part, accuracy indices are also calculated for both voltage and current synchrophasors. The following part consists in the implementation of the same code in OPAL-RT 4510 simulator, after which an initial analysis is carried out in a qualitative way in order to get a sense of the goodness of the outcomes. Finally, the confirmation of the results is based on an examination of the attained voltage and current synchrophasors and accuracy indices coming from Simulink models and from OPAL system, using a Matlab script. This work also proposes suggestions for an upcoming operation of PMUs in a more complex system as the Digital Twin (DT) in order to improve the performances of the already-existing protection devices of the distribution system operator (DSO) for a future enhancement of power systems reliability.