scholarly journals Can a Network Attack Be Simulated in an Emulated Environment for Network Security Training?

2017 ◽  
Author(s):  
Samuel Chapman ◽  
Richard Smith ◽  
Leandros Maglaras ◽  
Helge Janicke
Keyword(s):  
Network Security ◽  
Network Traffic ◽  
Requirements Specification ◽  
Network Services ◽  
Network Environment ◽  
Network Attack ◽  
Related Subject ◽  
Security Training ◽  
Network Topologies ◽  
Subject Areas

This paper outlines a tool developed with the purpose of creating a simple configurable emulated network environment that can be used in cyber defence exercises. Research has been conducted into the various related subject areas: cyber defence exercises, network threats, network emulation, network traffic replay, network topologies, and common network services. From this research a requirements specification was produced to encapsulate the features required to create this tool. A network, containing many of the aspects researched, was designed and implemented using Netkit-NG to act as a blueprint for the tool and to further knowledge in the construction of an emulated network. Following this the tool was developed and tested to ensure requirements were met.

scholarly journals Can a Network Attack Be Simulated in an Emulated Environment for Network Security Training?

2017 ◽  
Vol 6 (3) ◽  
pp. 16 ◽  
Author(s):  
Samuel Chapman ◽  
Richard Smith ◽  
Leandros Maglaras ◽  
Helge Janicke
Keyword(s):  
Network Security ◽  
Network Attack ◽  
Security Training

scholarly journals Entropy Based Features Distribution for Anti-DDoS Model in SDN

2021 ◽  
Vol 13 (3) ◽  
pp. 1522
Author(s):  
Raja Majid Ali Ujjan ◽  
Zeeshan Pervez ◽  
Keshav Dahal ◽  
Wajahat Ali Khan ◽  
Asad Masood Khattak ◽  
...  
Keyword(s):  
Network Security ◽  
False Positive ◽  
Denial Of Service ◽  
Network Services ◽  
Detection Accuracy ◽  
Data Sets ◽  
Traffic Patterns ◽  
Average Accuracy ◽  
Ddos Detection ◽  
Quantitative Results

In modern network infrastructure, Distributed Denial of Service (DDoS) attacks are considered as severe network security threats. For conventional network security tools it is extremely difficult to distinguish between the higher traffic volume of a DDoS attack and large number of legitimate users accessing a targeted network service or a resource. Although these attacks have been widely studied, there are few works which collect and analyse truly representative characteristics of DDoS traffic. The current research mostly focuses on DDoS detection and mitigation with predefined DDoS data-sets which are often hard to generalise for various network services and legitimate users’ traffic patterns. In order to deal with considerably large DDoS traffic flow in a Software Defined Networking (SDN), in this work we proposed a fast and an effective entropy-based DDoS detection. We deployed generalised entropy calculation by combining Shannon and Renyi entropy to identify distributed features of DDoS traffic—it also helped SDN controller to effectively deal with heavy malicious traffic. To lower down the network traffic overhead, we collected data-plane traffic with signature-based Snort detection. We then analysed the collected traffic for entropy-based features to improve the detection accuracy of deep learning models: Stacked Auto Encoder (SAE) and Convolutional Neural Network (CNN). This work also investigated the trade-off between SAE and CNN classifiers by using accuracy and false-positive results. Quantitative results demonstrated SAE achieved relatively higher detection accuracy of 94% with only 6% of false-positive alerts, whereas the CNN classifier achieved an average accuracy of 93%.

Generation Method of Power Network Security Defense Strategy Based on Markov Decision Process

2021 ◽  
Author(s):  
Wang Yang ◽  
Liu Dong ◽  
Wang Dong ◽  
Xu Chun
Keyword(s):  
Network Security ◽  
Response Time ◽  
Markov Decision Process ◽  
Decision Process ◽  
Evolutionary Game ◽  
Power Network ◽  
Network Attack ◽  
Defense Strategy ◽  
Markov Decision ◽  
Attack And Defense

Aiming at the problem that the current generation method of power network security defense strategy ignores the dependency relationship between nodes, resulting in closed-loop attack graph, which makes the defense strategy not generate attack path, resulting in poor defense effect and long generation response time of power network security defense strategy, a generation method of power network security defense strategy based on Markov decision process is proposed. Based on the generation of network attack and defense diagram, the paper describes the state change of attack network by using Markov decision-making process correlation principle, introduces discount factor, calculates the income value of attack and defense game process, constructs the evolutionary game model of attack and defense, solves the objective function according to the dynamic programming theory, obtains the optimal strategy set and outputs the final results, and generates the power network security defense strategy. The experimental results show that the proposed method has good defense effect and can effectively shorten the generation response time of power network security defense strategy.

scholarly journals Application of Grounded Theory in Determining Required Elements for IPv6 Risk Assessment Equation

2018 ◽  
Vol 150 ◽  
pp. 06005
Author(s):  
Athirah Rosli ◽  
Abidah Mat Taib ◽  
Wan Nor Ashiqin Wan Ali ◽  
Ros Syamsul Hamid
Keyword(s):  
Risk Assessment ◽  
Decision Making ◽  
Grounded Theory ◽  
Network Security ◽  
Strategic Planning ◽  
Internet Protocol ◽  
Network Environment ◽  
Ipv6 Network ◽  
Robust Network ◽  
Network Administrators

The deployment of Internet Protocol version 6 (IPv6) has raised security concerns among the network administrators. Thus, in strengthening the network security, administrator requires an appropriate method to assess the possible risks that occur in their networks. Aware of the needs to calculate risk in IPv6 network, it is essential to an organization to have an equation that is flexible and consider the requirements of the network. However, the existing risk assessment equations do not consider the requirement of the network. Therefore, this paper presents the adaptation of grounded theory to search for elements that are needed to develop IPv6 risk assessment (IRA6) equation. The attack scenarios’ experiments; UDP Flooding, TCP Flooding and Multicast attacks were carried out in different network environment to show how the IPv6 risk assessment equation being used. The result shows that the IRA6 equation is more flexible to be used regardless the network sizes and easier to calculate the risk value compared to the existing risk assessment equations. Hence, network administrators can have a proper decision making and strategic planning for a robust network security.

scholarly journals Entropy-based network traffic anomaly classification method resilient to deception

2021 ◽  
pp. 45-45
Author(s):  
Juma Ibrahim ◽  
Slavko Gajin
Keyword(s):  
Anomaly Detection ◽  
Network Traffic ◽  
Real Life ◽  
Classification Method ◽  
Practical Implementation ◽  
Network Environment ◽  
Detection Techniques ◽  
Basic Set ◽  
Anomaly Classification ◽  
Traffic Anomaly

Entropy-based network traffic anomaly detection techniques are attractive due to their simplicity and applicability in a real-time network environment. Even though flow data provide only a basic set of information about network communications, they are suitable for efficient entropy-based anomaly detection techniques. However, a recent work reported a serious weakness of the general entropy-based anomaly detection related to its susceptibility to deception by adding spoofed data that camouflage the anomaly. Moreover, techniques for further classification of the anomalies mostly rely on machine learning, which involves additional complexity. We address these issues by providing two novel approaches. Firstly, we propose an efficient protection mechanism against entropy deception, which is based on the analysis of changes in different entropy types, namely Shannon, R?nyi, and Tsallis entropies, and monitoring the number of distinct elements in a feature distribution as a new detection metric. The proposed approach makes the entropy techniques more reliable. Secondly, we have extended the existing entropy-based anomaly detection approach with the anomaly classification method. Based on a multivariate analysis of the entropy changes of multiple features as well as aggregation by complex feature combinations, entropy-based anomaly classification rules were proposed and successfully verified through experiments. Experimental results are provided to validate the feasibility of the proposed approach for practical implementation of efficient anomaly detection and classification method in the general real-life network environment.

scholarly journals A Markov-Based Intrusion Tolerance Finite Automaton

2021 ◽  
Vol 28 (2) ◽  
pp. 89-100
Keyword(s):  
Network Security ◽  
Markov Model ◽  
Finite Automaton ◽  
Network Services ◽  
Intrusion Tolerance ◽  
Security Strategy ◽  
Automatic Learning ◽  
Learning Mechanism ◽  
Proposed Model ◽  
Tolerance Model

It is inevitable for networks to be invaded during operation. The intrusion tolerance technology comes into being to enable invaded networks to provide the necessary network services. This paper introduces an automatic learning mechanism of the intrusion tolerance system to update network security strategy, and derives an intrusion tolerance finite automaton model from an existing intrusion tolerance model. The proposed model was quantified by the Markov theory to compute the stable probability of each state. The calculated stable probabilities provide the theoretical guidance and basis for administrators to better safeguard network security. Verification results show that it is feasible, effective, and convenient to integrate the Markov model to the intrusion tolerance finite automaton.

Network traffic analysis using Machine Learning Techniques in IoT Network

2021 ◽  
Vol 9 (4) ◽  
pp. 0-0
Keyword(s):  
Machine Learning ◽  
Support Vector Machine ◽  
Network Traffic ◽  
Traffic Analysis ◽  
Machine Learning Techniques ◽  
Support Vector ◽  
Static And Dynamic Analysis ◽  
Network Traffic Analysis ◽  
Cyber Threats ◽  
Network Topologies

Internet of things devices are not very intelligent and resource-constrained; thus, they are vulnerable to cyber threats. Cyber threats would become potentially harmful and lead to infecting the machines, disrupting the network topologies, and denying services to their legitimate users. Artificial intelligence-driven methods and advanced machine learning-based network investigation prevent the network from malicious traffics. In this research, a support vector machine learning technique was used to classify normal and abnormal traffic. Network traffic analysis has been done to detect and prevent the network from malicious traffic. Static and dynamic analysis of malware has been done. Mininet emulator was selected for network design, VMware fusion for creating a virtual environment, hosting OS was Ubuntu Linux, network topology was a tree topology. Wireshark was used to open an existing pcap file that contains network traffic. The support vector machine classifier demonstrated the best performance with 99% accuracy.

Classification Based on Unsupervised Learning

2011 ◽  
pp. 348-395
Author(s):  
Yu Wang
Keyword(s):  
Network Security ◽  
Unsupervised Learning ◽  
Supervised Learning ◽  
Network Traffic ◽  
High Speed ◽  
Ad Hoc ◽  
Training Data ◽  
Traffic Data ◽  
Response Variable ◽  
Learning Techniques

The requirement for having a labeled response variable in training data from the supervised learning technique may not be satisfied in some situations: particularly, in dynamic, short-term, and ad-hoc wireless network access environments. Being able to conduct classification without a labeled response variable is an essential challenge to modern network security and intrusion detection. In this chapter we will discuss some unsupervised learning techniques including probability, similarity, and multidimensional models that can be applied in network security. These methods also provide a different angle to analyze network traffic data. For comprehensive knowledge on unsupervised learning techniques please refer to the machine learning references listed in the previous chapter; for their applications in network security see Carmines, Edward & McIver (1981), Lane & Brodley (1997), Herrero, Corchado, Gastaldo, Leoncini, Picasso & Zunino (2007), and Dhanalakshmi & Babu (2008). Unlike in supervised learning, where for each vector 1 2 ( , , , ) n X x x x = ? we have a corresponding observed response, Y, in unsupervised learning we only have X, and Y is not available either because we could not observe it or its frequency is too low to be fit ted with a supervised learning approach. Unsupervised learning has great meanings in practice because in many circumstances, available network traffic data may not include any anomalous events or known anomalous events (e.g., traffics collected from a newly constructed network system). While high-speed mobile wireless and ad-hoc network systems have become popular, the importance and need to develop new unsupervised learning methods that allow the modeling of network traffic data to use anomaly-free training data have significantly increased.

scholarly journals The Abnormal Detection for Network Traffic of Power IoT Based on Device Portrait

2020 ◽  
Vol 2020 ◽  
pp. 1-9
Author(s):  
Jiaxuan Fei ◽  
Qigui Yao ◽  
Mingliang Chen ◽  
Xiangqun Wang ◽  
Jie Fan
Keyword(s):  
Machine Learning ◽  
Internet Of Things ◽  
Network Traffic ◽  
Learning Algorithm ◽  
Machine Learning Algorithm ◽  
Traffic Data ◽  
Network Environment ◽  
Security Measures ◽  
Privacy Leakage ◽  
Traffic Characteristics

The construction of power Internet of things is an important development direction for power grid enterprises. Although power Internet of things is a kind of network, it is denser than the ordinary Internet of things points and more complex equipment types, so it has higher requirements for network security protection. At the same time, due to the special information perception and transmission mode in the Internet of things, the information transmitted in the network is easy to be stolen and resold, and traditional security measures can no longer meet the security protection requirements of the new Internet of things devices. To solve the privacy leakage and security attack caused by the illegal intrusion in the network, this paper proposes to construct a device portrait for terminal devices in the power Internet of things and detect abnormal traffic in the network based on device portrait. By collecting traffic data in the network environment, various network traffic characteristics are extracted, and abnormal traffic is analyzed and identified by the machine learning algorithm. By collecting the traffic data in the network environment, the features are extracted from the physical layer, network layer, and application layer of the message, and the device portrait is generated by a machine learning algorithm. According to the established attack mode, the corresponding traffic characteristics are analyzed, and the detection of abnormal traffic is achieved by comparing the attack traffic characteristics with the device portrait. The experimental results show that the accuracy of this method is more than 90%.

Sign in / Sign up

Export Citation Format

Share Document