Proactive Defense for Internet-of-things: Moving Target Defense With Cyberdeception

Resource constrained Internet-of-Things (IoT) devices are highly likely to be compromised by attackers, because strong security protections may not be suitable to be deployed. This requires an alternative approach to protect vulnerable components in IoT networks. In this article, we propose an integrated defense technique to achieve intrusion prevention by leveraging cyberdeception (i.e., a decoy system) and moving target defense (i.e., network topology shuffling). We evaluate the effectiveness and efficiency of our proposed technique analytically based on a graphical security model in a software-defined networking (SDN)-based IoT network. We develop four strategies (i.e., fixed/random and adaptive/hybrid) to address “when” to perform network topology shuffling and three strategies (i.e., genetic algorithm/decoy attack path-based optimization/random) to address “how” to perform network topology shuffling on a decoy-populated IoT network, and we analyze which strategy can best achieve a system goal, such as prolonging the system lifetime, maximizing deception effectiveness, maximizing service availability, or minimizing defense cost. We demonstrated that a software-defined IoT network running our intrusion prevention technique at the optimal parameter setting prolongs system lifetime, increases attack complexity of compromising critical nodes, and maintains superior service availability compared with a counterpart IoT network without running our intrusion prevention technique. Further, when given a single goal or a multi-objective goal (e.g., maximizing the system lifetime and service availability while minimizing the defense cost) as input, the best combination of “when” and “how” strategies is identified for executing our proposed technique under which the specified goal can be best achieved.

การออพติไมซ์พารามิเตอร์ระบบป้องกันการบุกรุก Suricata สำหรับเครือข่ายความเร็วสูงแบบมัลติกิกะบิต

บทความนี้นำเสนอการศึกษาและปรับตั้งพารามิเตอร์ของ Suricata ซึ่งเป็นระบบป้องกันการบุกรุก (Intrusion Prevention Systsm: IPS) ที่ใช้แพร่หลาย การวางแผนใช้งานไอพีเอสอย่างเช่น Suricata จำเป็นต้องคำนึงถึงการทำงานแบบหลายเธรดสำหรับหน่วยประมวผลแบบหลายแกน (Multi-Thread/Multi-Cores) ภายใต้เครื่องแม่ข่ายแบบ COTS (Commodity-Of -The-Shelf)เพื่อให้ได้สมรรถนะการทำงานในเครือข่ายความเร็วสูงระดับหลายกิกะบิต เช่นในงานวิจัยนี้เน้นกรณีเครือข่ายระดับ 10 กิกะบิต งานวิจัยชิ้นนี้ทดลองและศึกษาเพื่อหาตัวแปรที่เหมาะสมสำหรับปรับแต่ง Suricata และเปรียบเทียบวิธีการรับแพ็กเก็ตจากอินเทอร์เฟสเครือข่าย 2 วิธีหลักคือ AF_PACKET และ NFQ โดยให้ทำงานแบบกระจายตัวในหลายแกนประมวลผลพร้อมกัน​ รวมทั้งศึกษาการจัดวางเธรดการประมวลผลเพื่อหารูปแบบที่ส่งผลให้ได้สมรรถนะการทำงานสูง ผลการศึกษาพบว่าวิธี AF_PACKET ให้สมรรถนะที่สูงกว่า NFQ นอกจากนี้ยังพบว่าควรจัดวางเธรดที่ใช้ทำงานของ Suricata โดยเลี่ยงการข้ามหน่วยประมวลผลเพื่อให้ได้สมรรถนะที่ดีกว่า

DESIGN OF PRIVATE CLOUD STORAGE USING SECURITY METHODS IDS AND IPS

Cloud computing is a form of technological progress that has developed along with the times, this has spurred the increasing use of the internet. By usingtechnology internet that is able to implement server a virtual, which has the aim of building a cloud computing server at the District Communications and Information Office. Padang Pariaman uses the Operating System (OS) Proxmox VE (Virtual Environment) 6.4. Cloud computing is able to provide storage services that can be used simultaneously. The results of this study produce a cloud computing server that implements a security system with themethods ids (intrusion detection system) and ips (intrusion prevention system)that are able to process data(storagestorage), use software simultaneously in the network, and use infrastructure within the scope of this research.network cloud computing at the District Communications and Information Office. Padang Pariaman using aservice model private cloud

Controlling the Salt Wedge Intrusion in Shatt Al-Arab River by a Barrage

Shatt Al-Arab River in Al Basrah, Iraq, has recently recorded massive levels of TDS values (Total Dissolved Solids) in the water as a result of reduced fresh water discharge from sources, causing the river to become salinized due to salt wedge intrusion. Therefore, a block dam in the south reach is required to salt intrusion prevention. The main objective of this research is to simulate the hydraulic impact of a suggested barrage in Ras Al Besha on the Shatt Al-Arab River. The HEC-RAS (5.0.7) model was used to develop a one-dimensional unsteady model to gaining an understanding of the proposed barrage's influence on river behaviour. The daily discharges of the Tigris River provided as the upstream boundary conditions, while the hourly water levels of the Shatt Al-Arab River provided as the downstream boundary conditions. The model was initially run on the basis of daily discharges in Aug 2018 and March 2020 for the model's calibration and verification. Then, a model was run with a proposed barrage, Four cases of discharge were chosen which were the low and moderate discharge that equal to (20-50-100 and 250) m3/s with adopted spring tide cycle. The operation scenarios were examined under the influence of three cases of barrage gates (fully opened, 50% open and programmed opening). The results indicate that the investigated discharges will cause a significant problems in navigation depths, especially in the case of the programming of gates opening where the stages drop range between 2.01-3.3m comparing with the normal case. Furthermore, the velocity indicators show that the significant reduction in velocity upstream the barrage led to more sedimentation in the river reach.

Network Security Monitoring System Via Notification Alert

The development of information technology nowadays has become faster, and this makes network security become important. A huge increasing number of computers that are connected makes many gaps in a network. An administrator has an important role in protecting the security of the network. The problem comes when an administrator has human problems such as pain, negligence, and tiredness while needing rapid information when there is an intrusion on the network. This problem can be solved by adding a data traffic detection system known as Intrusion Detection System (IDS). IDS will be connected to Mail Gateway until that administrator can receive notifications such as alerts during an intrusion to the network anytime and anywhere. Snort as one of the network security systems should be developed as a security detection system and network security. A security intrusion prevention system or an Intrusion Prevented System (IPS). The author tries to do analysis and testing on the subjects above to produce a system capable of detecting the intruder in a network that is mobile and also makes it easy for administrators to open data anywhere and anytime using any device.

What Risk Prevention Measures Can I Use?

The question “What risk prevention measures can I use?” describes how to reduce the likelihood of a cyberattack on your organization. The chapter begins with a case study on the SolarWinds hack exemplifying how prevention measures on a specific system, network, or data cannot be effective on their own. The chapter describes why cyber risk management needs to be embedded across all facets of the organization, and how the Embedded Endurance strategy can help readers achieve that. It reviews system security prevention measures that include patch management and antivirus software. It explains network security prevention measures, including intrusion detection and intrusion prevention systems. The chapter also describes data risk prevention measures such as data governance, encryption, and data loss prevention technology, and highlights the importance of physical security for reducing cyber risk. The chapter concludes with Falco’s Embedded Endurance strategy insight on risk prevention gained at his industrial Internet-of-Things security company.

A High Granularity Approach to NetworkPacket Processing for Latency-TolerantApplications with CUDA (Corvyd)

Currently, practical network packet processing used for In-trusion Detection Systems/Intrusion Prevention Systems (IDS/IPS) tendto belong to one of two disjoint categories: software-only implementa-tions running on general-purpose CPUs, or highly specialized networkhardware implementations using ASICs or FPGAs for the most commonfunctions, general-purpose CPUs for the rest. These approaches cover tryto maximize the performance and minimize the cost, but neither system,when implemented effectively, is affordable to any clients except for thoseat the well-funded enterprise level. In this paper, we aim to improve theperformance of affordable network packet processing in heterogeneoussystems with consumer Graphics Processing Units (GPUs) hardware byoptimizing latency-tolerant packet processing operations, notably IDS,to obtain maximum throughput required by such systems in networkssophisticated enough to demand a dedicated IDS/IPS system, but notenough to justify the high cost of cutting-edge specialized hardware. Inparticular, this project investigated increasing the granularity of OSIlayer-based packet batching over that of previous batching approaches.We demonstrate that highly granular GPU-enabled packet processing isgenerally impractical, compared with existing methods, by implementingour own solution that we call Corvyd, a heterogeneous real-time packetprocessing engine.