Effective network security monitoring: from attribution to target-centric monitoring

Network security monitoring remains a challenge. As global networks scale up, in terms of traffic, volume and speed, effective attribution of cyber attacks is increasingly difficult. The problem is compounded by a combination of other factors, including the architecture of the Internet, multi-stage attacks and increasing volumes of nonproductive traffic. This paper proposes to shift the focus of security monitoring from the source to the target. Simply put, resources devoted to detection and attribution should be redeployed to efficiently monitor for targeting and prevention of attacks. The effort of detection should aim to determine whether a node is under attack, and if so, effectively prevent the attack. This paper contributes by systematically reviewing the structural, operational and legal reasons underlying this argument, and presents empirical evidence to support a shift away from attribution to favour of a target-centric monitoring approach. A carefully deployed set of experiments are presented and a detailed analysis of the results is achieved.

Ecoviability for small-scale fisheries in the context of food security constraints

This paper applies a stochastic viability approach to a tropical small-scale fishery, offering a theoretical and empirical example of ecosystem-based fishery management approach that accounts for food security. The model integrates multi-species, multi-fleet and uncertainty as well as profitability, food production, and demographic growth. It is calibrated over the period 2006–2010 using monthly catch and effort data from the French Guiana's coastal fishery, involving thirteen species and four fleets. Using projections at the horizon 2040, different management strategies and scenarios are compared from a viability viewpoint, thus accounting for biodiversity preservation, fleet profitability and food security. The analysis shows that under certain conditions, viable options can be identified which allow fishing intensity and production to be increased to respond to food security requirements but with minimum impacts on the marine resources.

Market-driven security-constrained transmission network expansion planning

This paper presents a Bi-level Programming (BP) approach to solve the Transmission Network Expansion Planning (TNEP) problem. The proposed model is envisaged under a market environment and considers security constraints. The upper-level of the BP problem corresponds to the transmission planner which procures the minimization of the total investment and load shedding cost. This upper-level problem is constrained by a single lower-level optimization problem which models a market clearing mechanism that includes security constraints. Results on the Garver's 6-bus and IEEE 24-bus RTS test systems are presented and discussed. Finally, some conclusions are drawn. © 2011 IEEE.

Multi-Agent Security System based on Neural Network Model of User's Behavior

It is proposed an agent approach for creation of intelligent intrusion detection system. The system allows detecting known type of attacks and anomalies in user activity and computer system behavior. The system includes different types of intelligent agents. The most important one is user agent based on neural network model of user behavior. Proposed approach is verified by experiments in real Intranet of Institute of Physics and Technologies of National Technical University of Ukraine "Kiev Polytechnic Institute”.

Trust based security mechanisms for wireless sensor networks

Wireless sensor networks are emerging as effective tools in the gathering and dissemination of data. They can be applied in many fields including health, environmental monitoring, home automation and the military. Like all other computing systems it is necessary to include security features, so that security sensitive data traversing the network is protected. However, traditional security techniques cannot be applied to wireless sensor networks. This is due to the constraints of battery power, memory, and the computational capacities of the miniature wireless sensor nodes. Therefore, to address this need, it becomes necessary to develop new lightweight security protocols. This dissertation focuses on designing a suite of lightweight trust-based security mechanisms and a cooperation enforcement protocol for wireless sensor networks. This dissertation presents a trust-based cluster head election mechanism used to elect new cluster heads. This solution prevents a major security breach against the routing protocol, namely, the election of malicious or compromised cluster heads. This dissertation also describes a location-aware, trust-based, compromise node detection, and isolation mechanism. Both of these mechanisms rely on the ability of a node to monitor its neighbors. Using neighbor monitoring techniques, the nodes are able to determine their neighbors’ reputation and trust level through probabilistic modeling. The mechanisms were designed to mitigate internal attacks within wireless sensor networks. The feasibility of the approach is demonstrated through extensive simulations. The dissertation also addresses non-cooperation problems in multi-user wireless sensor networks. A scalable lightweight enforcement algorithm using evolutionary game theory is also designed. The effectiveness of this cooperation enforcement algorithm is validated through mathematical analysis and simulation. This research has advanced the knowledge of wireless sensor network security and cooperation by developing new techniques based on mathematical models. By doing this, we have enabled others to build on our work towards the creation of highly trusted wireless sensor networks. This would facilitate its full utilization in many fields ranging from civilian to military applications.

Trust Based Security Mechanisms for Wireless Sensor Networks

Wireless sensor networks are emerging as effective tools in the gathering and dissemination of data. They can be applied in many fields including health, environmental monitoring, home automation and the military. Like all other computing systems it is necessary to include security features, so that security sensitive data traversing the network is protected. However, traditional security techniques cannot be applied to wireless sensor networks. This is due to the constraints of battery power, memory, and the computational capacities of the miniature wireless sensor nodes. Therefore, to address this need, it becomes necessary to develop new lightweight security protocols. This dissertation focuses on designing a suite of lightweight trust-based security mechanisms and a cooperation enforcement protocol for wireless sensor networks. This dissertation presents a trust-based cluster head election mechanism used to elect new cluster heads. This solution prevents a major security breach against the routing protocol, namely, the election of malicious or compromised cluster heads. This dissertation also describes a location-aware, trust-based, compromise node detection, and isolation mechanism. Both of these mechanisms rely on the ability of a node to monitor its neighbors. Using neighbor monitoring techniques, the nodes are able to determine their neighbors’ reputation and trust level through probabilistic modeling. The mechanisms were designed to mitigate internal attacks within wireless sensor networks. The feasibility of the approach is demonstrated through extensive simulations. The dissertation also addresses non-cooperation problems in multi-user wireless sensor networks. A scalable lightweight enforcement algorithm using evolutionary game theory is also designed. The effectiveness of this cooperation enforcement algorithm is validated through mathematical analysis and simulation. This research has advanced the knowledge of wireless sensor network security and cooperation by developing new techniques based on mathematical models. By doing this, we have enabled others to build on our work towards the creation of highly trusted wireless sensor networks. This would facilitate its full utilization in many fields ranging from civilian to military applications.

Design and Development of Network Monitoring Strategies in P4-enabled Programmable Switches

Network monitoring is of paramount importance for effective network management: it allows to constantly observe the network’s behavior to ensure it is working as intended and can trigger both automated and manual remediation procedures in case of failures and anomalies. The concept of SDN decouples the control logic from legacy network infrastructure to perform centralized control on multiple switches in the network, and in this context, the responsibility of switches is only to forward packets according to the flow control instructions provided by controller. However, as current SDN switches only expose simple per-port and per-flow counters, the controller has to do almost all the processing to determine the network state, which causes significant communication overhead and excessive latency for monitoring purposes. The absence of programmability in the data plane of SDN prompted the advent of programmable switches, which allow developers to customize the data-plane pipeline and implement novel programs operating directly in the switches. This means that we can offload certain monitoring tasks to programmable data planes, to perform fine-grained monitoring even at very high packet processing speeds. Given the central importance of network monitoring exploiting programmable data planes, the goal of this thesis is to enable a wide range of monitoring tasks in programmable switches, with a specific focus on the ones equipped with programmable ASICs. Indeed, most network monitoring solutions available in literature do not take computational and memory constraints of programmable switches into due account, preventing, de facto, their successful implementation in commodity switches. This claims that network monitoring tasks can be executed in programmable switches. Our evaluations show that the contributions in this thesis could be used by network administrators as well as network security engineers, to better understand the network status depending on different monitoring metrics, and thus prevent network infrastructure and service outages.

SME internationalisation from a network perspective : an empirical study on a Finnish-Greek business network

The study examines the internationalisation process of a contemporary SME firm and explores the impact of its business network on this development. The objective of the study is to understand SME internationalisation and its dynamics from a network perspective. The purpose of this research project is to describe and explore the development process of a firm and its business network by identifying the changes, critical events and influence factors that form this development. It is a qualitative case study, which focuses on a Finnish focal firm and its respective business network as it expands into the Greek market. It is a longitudinal research process, which covers a period of time from 1994 to 2004. The empirical study concentrates on the paper trading and converting business. The study builds on the network theory and the framework provided by Johanson and Mattsson's (1988) model on network internationalisation. The incremental internationalisation theories and network theories form the theoretical focus. The research project is organised according to a process view. The focal firm evolves from a domestically-oriented small subsidiary into an internationally experienced company, which has activities in several market areas and numerous business networks in various market segments and product categories. The findings illustrate the importance of both the domestic and foreign business network context in a firm's internationalisation process. The results of the study suggest theoretical modifications on a firm's internationalisation process by broadening the perspective and incorporating the strategic context of a firm. The findings suggest that internationalisation process is a non-linear process, which does not have a deterministic order in its development. The findings emphasise the significance of relational networks, both managerial and entrepreneurial, for establishing position in foreign markets. It implies that a firm's evolution is significantly influenced by its business network and by critical events. Business networks gain coherence due to common goals and they use accumulated capabilities to exploit market opportunities. The business network sets constraints and provides opportunities, which makes the related decision making strategically important. The firm co-evolves with its business network. The research project provides an instrumental case study with a description of an SME internationalisation process. It contributes to existing knowledge by illustrating dynamics in an international business network and by pinpointing the importance of suppliers, customers, partners, ownerships and competition to the internationalisation process.

Worldwide Infrastructure Security Report 2011

Arbor Network's annual Internet security report for 2011/12. We will discuss this report in INFO6003 lectures.

INFO6003: Worldwide Infrastructure Security Report 2011 - notes

Notes about the Arbor WISR 2011 report, which we'll run through in the lecture.

INFO6003: IPv6 Impact on Security

A brief discussion of some of the impacts of introducing IPv6

INFO6003: Network revision

Notes on revision topics for TJC's network and campus security lectures.

Scalable model-based configuration management of security services in complex enterprise networks

Security administrators face the challenge of designing, deploying and maintaining a variety of configuration files related to security systems, especially in large-scale networks. These files have heterogeneous syntaxes and follow differing semantic concepts. Nevertheless, they are interdependent due to security services having to cooperate and their configuration to be consistent with each other, so that global security policies are completely and correctly enforced. To tackle this problem, our approach supports a comfortable definition of an abstract high-level security policy and provides an automated derivation of the desired configuration files. It is an extension of policy-based management and policy hierarchies, combining model-based management (MBM) with system modularization. MBM employs an object-oriented model of the managed system to obtain the details needed for automated policy refinement. The modularization into abstract subsystems (ASs) segment the system-and the model-into units which more closely encapsulate related system components and provide focused abstract views. As a result, scalability is achieved and even comprehensive IT systems can be modelled in a unified manner. The associated tool MoBaSeC (Model-Based-Service-Configuration) supports interactive graphical modelling, automated model analysis and policy refinement with the derivation of configuration files. We describe the MBM and AS approaches, outline the tool functions and exemplify their applications and results obtained. Copyright (C) 2010 John Wiley & Sons, Ltd.

A Gradient-Type Method For Real-Time State Estimation Of Water Distribution Networks

Drinking water distribution networks risk exposure to malicious or accidental contamination. Several levels of responses are conceivable. One of them consists to install a sensor network to monitor the system on real time. Once a contamination has been detected, this is also important to take appropriate counter-measures. In the SMaRT-OnlineWDN project, this relies on modeling to predict both hydraulics and water quality. An online model use makes identification of the contaminant source and simulation of the contaminated area possible. The objective of this paper is to present SMaRT-OnlineWDN experience and research results for hydraulic state estimation with sampling frequency of few minutes. A least squares problem with bound constraints is formulated to adjust demand class coefficient to best fit the observed values at a given time. The criterion is a Huber function to limit the influence of outliers. A Tikhonov regularization is introduced for consideration of prior information on the parameter vector. Then the Levenberg-Marquardt algorithm is applied that use derivative information for limiting the number of iterations. Confidence intervals for the state prediction are also given. The results are presented and discussed on real networks in France and Germany.

Modelo AC para el despacho combinado de contratos bilaterales y bolsa de energía considerando restricciones de seguridad

Reliability is a key aspect in power system design and planning. Maintaining a reliable power system is a very important issue for their design and operation. Under the new competitive framework of the electricity sector, power systems find ever more and more strained to operate near their limits. Under this new scenario, it is crucial for the system operator to use tools that facilitate an energy dispatch that minimizes possible power cuts. This paper presents a mathematical model to calculate an energy dispatch that considers security constraints (single contingencies in transmission lines and transformers). The model involves pool markets and fixed bilateral contracts. Traditional methodologies that include security constraints are usually based in multistage dispatch processes. In this case, we propose a single-stage model that avoids the economic inefficiencies which result when conventional multi-stage dispatch approaches are applied. The proposed model includes an AC representation of the transport system and allows calculating the cost overruns incurred in due to reliability restrictions. We found that complying with fixed bilateral contracts, when they go above certain levels, might lead to congestion problems in transmission lines.