Detecting attacks on networks

As Internet based and intranet based network systems have evolved, they have become invaluable tools that businesses can use to share information and conduct business with online partners. However, hackers have also learned to use these systems to access private networks and their resources. Studies have shown that many organizations have suffered external and internal network intrusions. Internet systems are subject to various types of attacks. Traditional network security products, such as firewalls, can be penetrated from outside and can also leave organizations vulnerable to internal attacks. Generally, victims do not find out that their networks have been attacked until they examine system logs the next day, after the damage has been done. Network intrusion detection systems solve this problem by detecting external and internal security breaches as they happen and immediately notifying security personnel and network administrators by e mail or pager. Intrusion detection systems use several types of algorithms to detect possible security breaches, including algorithms for statistical anomaly detection, rule based anomaly detection, and a hybrid of the two     

Detecting attacks in high-speed networks: Issues and solutions

ABSTRACT

Intrusion detection systems are one of the necessities of networks to identify the problem of network attacks. Organizations striving to protect their data from intruders are often challenged by attackers, who find new ways to attack and compromise the security of the network. The detection process becomes quite difficult while dealing with high-speed and distributed attacks that are performed using botnets. These attacks threat both the confidentiality of legitimate users and the infrastructure of the network and to protect them, early discovery of network attacks is important. In this paper, an open source Intrusion Detection System (IDS), Snort is presented as a solution to detect DoS and Port Scan network attacks in a high-speed network. A set of custom rules has been proposed for Snort to detect DoS and Port Scan attacks in high-speed network. The rules are compared and tested using different attack generators like Scapy, Hping3, LOIC and Nmap. Snort’s efficiency in detecting the DoS and Port Scan attacks using the new rules is experimentally proved to be around 99% for all the attacks except for Ping of Death. The proposed system works well for different attack generators in a high-speed network.     

Detecting node replication attacks in wireless sensor networks: A survey

A wireless sensor network (WSN) consists of a number of tiny, low-cost, and resource-constrained sensor nodes, but is often deployed in unattended and harsh environments to perform various monitoring tasks. As a result, WSNs are susceptible to many application-dependent and application-independent attacks. In this paper we consider a typical threat in the latter category known as the node replication attack, where an adversary prepares her own low-cost sensor nodes and deceives the network into accepting them as legitimate ones. To do so, the adversary only needs to physically capture one node, extract its secret credentials, reproduce the node in large quantity, and then deploy the replicas under her control into the network, possibly at strategic positions, to cripple various WSN applications with little effort. Defending against such node replication attacks has recently become an imperative research topic in sensor network security, and the design issues may involve different and more threatening challenges than detecting typical application-dependent attacks. In this survey, we classify existent detections in the literature, and explore the various proposals in each category. We look into necessary technical details and make certain comparisons, so as to demonstrate their respective contributions as well as limitations. We also present the technical challenges and indicate some possible directions for future research.     

基于工业自动化的无线传感器网络的开发

提出了一种适合工业自动化的无线传感器的网络结构,设计了无线传感器网络的终端节点模块以及工业现场常用的二次仪表的通信问题,实现了工业无线网络和有线网络的灵活配置、网关节点的开发,解决了无线传感器网关节点与上位机之间关键的可靠通信问题,并开发了上位机的监控组态软件,实验结果证实了提出的方法是有效的.     

Intelligence in industrial automation

We represent definitions of intellectualization as applied to industrial automation. Main characteristics of intelligent devices, intelligent algorithmic products and software for automation systems are briefly specified. We name peculiarities of intelligent branches: smart grid and intelligent buildings. A theory of self-replication is discussed in the sphere of intelligent robot industry.     

Detecting and displaying novel computer attacks with Macroscope

Macroscope is a network-based intrusion detection system that uses bottleneck verification (BV) to detect user-to-superuser attacks. BV detects novel computer attacks by looking for users performing high privilege operations without passing through legal “bottleneck” checkpoints that grant those privileges. Macroscope's BV implementation models many common Unix commands, and has extensions to detect intrusions that exploit trust relationships, as well as previously installed Trojan programs. BV performs at a false alarm rate more than two orders of magnitude lower than a reference signature verification system, while simultaneously increasing the detection rate from roughly 20% to 80% of user-to-superuser attacks     

Detecting Sybil attacks in VANETs

Sybil attacks have been regarded as a serious security threat to Ad hoc Networks and Sensor Networks. They may also impair the potential applications in Vehicular Ad hoc Networks (VANETs) by creating an illusion of traffic congestion. In this paper, we make various attempts to explore the feasibility of detecting Sybil attacks by analyzing signal strength distribution. First, we propose a cooperative method to verify the positions of potential Sybil nodes. We use a Random Sample Consensus (RANSAC)-based algorithm to make this cooperative method more robust against outlier data fabricated by Sybil nodes. However, several inherent drawbacks of this cooperative method prompt us to explore additional approaches. We introduce a statistical method and design a system which is able to verify where a vehicle comes from. The system is termed the Presence Evidence System (PES). With PES, we are able to enhance the detection accuracy using statistical analysis over an observation period. Finally, based on realistic US maps and traffic models, we conducted simulations to evaluate the feasibility and efficiency of our methods. Our scheme proves to be an economical approach to suppressing Sybil attacks without extra support from specific positioning hardware.     

Detecting sybil attacks in vehicular ad hoc networks using fuzzy logic and arithmetic optimization algorithm

The Journal of Supercomputing - In vehicular ad hoc networks (VANETs), Sybil attacks are serious security problems that can seriously affect the operations of the VANETs by producing fake...     

CUSUM算法在DDoS源端检测中的应用

在深入分析了DDoS源端检测的特点和难点的基础上,引入统计学中非参数改变点检测方法,应用非参数化递归CUSUM（Cumulative Sum）算法对代表性的源端检测系统D-WARD进行了改进。经实验验证,应用CUSUM算法的检测系统具有更低的误报率和漏报率,能够适应更复杂的网络检测环境。     

Detecting and preventing measurement errors

Modern e-beam probers may be as convenient to use as oscilloscopes, but their measurements can be misleading or even erroneous. The author warns of potential problems and suggests ways to prevent and cure faulty readings     

On the study of replay and voice conversion attacks to text-dependent speaker verification

Automatic speaker verification (ASV) is to automatically accept or reject a claimed identity based on a speech sample. Recently, individual studies have confirmed the vulnerability of state-of-the-art text-independent ASV systems under replay, speech synthesis and voice conversion attacks on various databases. However, the behaviours of text-dependent ASV systems have not been systematically assessed in the face of various spoofing attacks. In this work, we first conduct a systematic analysis of text-dependent ASV systems to replay and voice conversion attacks using the same protocol and database, in particular the RSR2015 database which represents mobile device quality speech. We then analyse the interplay of voice conversion and speaker verification by linking the voice conversion objective evaluation measures with the speaker verification error rates to take a look at the vulnerabilities from the perspective of voice conversion.     

工业自动化控制系统的设计

工业生产过程自动化系统经过长期不断的发展,特别是在充分利用计算机技术的基础上取得了很大的进步,在生产过程中已发挥其重要作用,成为生产过程安全、稳定、自动化运行不可缺少的工具。本文从工业生产自动化现状趋势、生产过程自动化系统和生产管理系统、软PLC和软DCS、生产过程控制和管理软件的融合等方面展开论述．从工业生产与自动化控制融合环节提出工业自动化控制系统设计的独特见解。     

工业自动化控制系统的设计

工业生产过程自动化系统经过长期不断的发展,特别是在充分利用计算机技术的基础上取得了很大的进步,在生产过程中已发挥其重要作用,成为生产过程安全、稳定、自动化运行不可缺少的工具。本文从工业生产自动化现状趋势、生产过程自动化系统和生产管理系统、软PLC和软DCS、生产过程控制和管理软件的融合等方面展开论述,从工业生产与自动化控制融合环节提出工业自动化控制系统设计的独特见解。     

Ethernet in industrial automation: Overcoming obstacles

Ethernet evolution history and data packet assembly in the OSI model are discussed. Limitations impeding Ethernet application in industrial automation are formulated. The paper notes that real-time Ethernet operation requires additional mechanisms which allow to avoid collisions. The mechanisms in Ethernet-compatible real-time protocols such as EtherNet/IP, PROFINET, EtherCAT, Powerlink, Modbus TCP, Foundation Fieldbus HSE, and SERCOS III are analyzed. The IEEE1588 standard enabling high-precision synchronization of network users’ clocks is examined. Characteristics and application fields of wireless Ethernet networks are listed. Ethernet redundancy mechanisms such as STP, MSTP, MRP, Link Aggregation, PRP, and HSR are considered. Innovative solutions such as powering over Ethernet and embedded Ethernet switches are described.     

Improving the real-time performance of Ethernet for plant automation （EPA） based industrial networks

Real-time Ethernet (RTE) control systems with critical real-time requirements are called fast real-time (FRT) systems. To improve the real-time performance of Ethernet for plant automation (EPA), we propose an EPA-FRT scheme. The minimum macrocycle of EPA networks is reduced by redefining the EPA network frame format, and the synchronization process is modified to acquire higher accuracy. A multi-segmented topology with a scheduling scheme is introduced to increase effective bandwidth utilization and reduce protocol overheads, and thus to shorten the communication cycle significantly. Performance analysis and practical tests on a prototype system show the effectiveness of the proposed scheme, which achieves the best performance at small periodic payload in large scale systems.     

无线传感器网络中的Sybil攻击

无线传感器网络中的Sybil攻击会破坏无线传感器网络的路由算法、公平资源分配等机制,因此研究Sybil攻击的防范和检测方法存在一定的意义.分析了Sybil攻击的破坏性,阐述了目前已有的防范和检测Sybil攻击的方法,并针对目前已有方法的不足,提出了从节点的能量消耗、计算量等性能进行优化出发,设计出有效的Sybil攻击防范和检测机制.     

An approach for detecting and preventing DDoS attacks in campus

Nowadays, Denial of Service (DoS) attacks have become a major security threat to networks and the Internet. Therefore, even a naive hacker can launch a large-scale DoS attack to the victim from providing Internet services. This article deals with the evaluation of the Snort IDS in terms of packet processing performance and detection. This work describes the aspect involved in building campus network security system and then evaluates the campus network security risks and threats, mainly analyses the attacks DoS and DDoS, and puts forward new approach for Snort campus network security solutions. The objective is to analyze the functional advantages of the solution, deployment and configuration of the open source based on Snort intrusion detection system. The evaluation metrics are defined using Snort namely comparison between basic rules with new ones, available bandwidth, CPU loading and memory usage.     

Detecting and confronting flash attacks from IoT botnets

The Journal of Supercomputing - Gone are the days when cloud providers were attacked by flash crowds causing a DoS or malware running on a very large number of servers creating a DDoS. As the...