Search Results (1 - 13 of 13 Results)

Sort By  
Sort Dir
 
Results per page  

Kim, Dae WookData-Driven Network-Centric Threat Assessment
Doctor of Philosophy (PhD), Wright State University, 2017, Computer Science and Engineering PhD
As the Internet has grown increasingly popular as a communication and information sharing platform, it has given rise to two major types of Internet security threats related to two primary entities: end-users and network services. First, information leakages from networks can reveal sensitive information about end-users. Second, end-users systems can be compromised through attacks on network services, such as scanning-and-exploit attacks, spamming, drive-by downloads, and fake anti-virus software. Designing threat assessments to detect these threats is, therefore, of great importance, and a number of the detection systems have been proposed. However, these existing threat assessment systems face significant challenges in terms of i) behavioral diversity, ii) data heterogeneity, and iii) large data volume. To address the challenges of the two major threat types, this dissertation offers three unique contributions. First, we built a new system to identify network users via Domain Name System (DNS) traffic, which is one of the most important behavior-based tracking methods for addressing privacy threats. The goal of our system is to boost the effectiveness of existing user identification systems by designing effective fingerprint patterns based on semantically limited DNS queries that are missed by existing tracking efforts. Second, we built a novel system to detect fake anti-virus (AV) attacks, which represent an active trend in the distribution of Internet-based malware. Our system aims to boost the effectiveness of existing fake AV attack detection by detecting fake AV attacks in three challenging scenarios: i) fake AV webpages that require user interaction to install malware, instead of using malicious content to run automatic exploitation without users consent (e.g., shellcode); ii) fake AV webpages designed to impersonate real webpages using a few representative elements, such as the names and icons of anti-virus products from authentic anti-virus webpages; and iii) fake AV webpages that offer up-to-date solutions (e.g.,product versions and threat names) to emerging threats. Finally, we built a novel system to detect malicious online social network (OSN) accounts that participate in online promotion events. The goal of our work is to boost the effectiveness of existing detection methods, such as spammer detection and fraud detection. To achieve our goal, our framework that systematically integrates features that characterize malicious OSN accounts based on three of their characteristics: their general behaviors, their recharging patterns, and their currency usage, and then leverages statistical classifier for detection.

Committee:

Junjie Zhang, Ph.D. (Advisor); Adam Robert Bryant, Ph.D. (Committee Member); Bin Wang, Ph.D. (Committee Member); Xuetao Wei, Ph.D. (Committee Member)

Subjects:

Computer Science

Keywords:

network security; fake anti-virus software; intrusion detection; web document analysis; statistical classification; Domain Name System; behavioral fingerprints; privacy; online social networks; virtual currency; malicious accounts

Agbeko, Joseph D.K.M.AEvaluation and Application of Bloom Filters in Computer Network Security
Master of Science in Mathematics, Youngstown State University, 2009, Department of Mathematics and Statistics

Unstructured Peer-to-Peer (P2P) networks for content distribution are decentralized and robust. Searching for content in the network is based on the Gnutella Protocol. Broadcast Updates Look-up Search Protocol (BULLS) reverses Gnutella and enables a local look-up search at the cost of storing all the files shared in the network. In this thesis we introduce the use of bloom filters in the design and evaluation of a data structure that reduces space and search time in P2P networks based on BULLS. We also discuss the main ideas of a new Space Efficient Local Look-up Search (SELLS) protocol that is based on BULLS and uses this new data structure.

The new data structured is called the Inverse Bloom Filter (IBF) and uses bloom filters. A bloom filter is a space efficient probabilistic structure for membership queries. That is,they can be used to efficiently determine if a file is stored at a host. The cost is a small probability of error called false positive.

The challenge is to evaluate the search efficiency (i.e., remember searches that have not been successful) of bloom filters as the primary data structure of SELLS. The empirical evaluation can be achieved using real file names from a P2P network and determining the false positive rate of the bloom filter.

Novel applications of SELLS could possibly include secure key distribution; building block towards securing P2P networks

Committee:

Graciela Perera, PhD (Advisor); Jamal Tartir, PhD (Committee Member); John Sullins, PhD (Committee Member)

Subjects:

Computer Science

Keywords:

Bloom filters; computer network security; space efficient; protocol

Karunanidhi, KarthikeyanARROS: Distributed Adaptive Real-Time Network Intrusion Response
Master of Science (MS), Ohio University, 2006, Computer Science (Engineering)

Research in Intrusion Response has shown that the success rate of an attack increases with time. With attacks becoming sophisticated and automated, the response to these attacks still remains a time-consuming manual process. An active response system is a mechanism that can be used in conjunction with an intrusion detection system (IDS) to provide a network administrator with the capability to respond to an attack automatically when it has been detected. Active Real-time RespOnse System (ARROS) is an active, distributed, adaptive, and real-time Intrusion Response System (IRS) that provides Intrusion Response capabilities to INBOUNDS (Integrated Network Based Ohio University Network Detective Service), a network-based, real-time, hierarchical intrusion detection and response system being developed at Ohio University. ARROS consists of distributed autonomous agents that run at various different points on the network it protects. Agents communicate with each other to share information about the network, intrusions, and co-ordinate the response. Each ARROS agent is a fully functional autonomous unit capable of responding to intrusions in a distributed fashion. Coupled with priority queuing for ARROS traffic, distributed response capabilities, and time-bound response the ARROS system is able to provide real-time active Intrusion Response while minimizing adverse effects to the host network.

Committee:

Shawn Ostermann (Advisor)

Subjects:

Computer Science

Keywords:

NETWORK INTRUSION RESPONSE; AUTOMATED, AUTOMATIC RESPONSE; COMPUTER SECURITY; NETWORK SECURITY; ACTIVE INTRUSION RESPONSE; ARROS, IRS, IR

Bontupalli, VenkatarameshIntrusion Detection and High-Speed Packet Classification Using Memristor Crossbars
Master of Science (M.S.), University of Dayton, 2015, Electrical Engineering
Intrusion Detection Systems (IDS) are intelligent specialized systems designed to interpret intrusion attempts from incoming network traffic. IDSs aim at minimizing the risk of accessing unauthorized data and potential vulnerabilities in critical systems by examining every packet entering a system. Packet inspection and Pattern matchings are often computationally intensive processes and that are the most power hungry functionalities in network intrusion detection systems. This thesis presents a high throughput, low latency and low power memristor crossbar architecture for packet header and payload matching that could be used for high-speed packet classification and malware detection. The memristor crossbar systems can perform intrusion detection through a brute force approach for static contents/signatures and a state machine approach for regular expressions. A large portion of the work completed in this thesis has been published in [1-2].

Committee:

Tarek Taha, Dr (Advisor); Eric Balster, Dr (Committee Member); Vamsy Chodavarapu, Dr (Committee Member)

Subjects:

Computer Engineering; Electrical Engineering

Keywords:

Intrusion Detection; Memristor Crossbars; High Speed Packet Classification; Low Power; Network Security; SNORT; String Matching; Regular Expression Matching

Hausrath, Nathaniel L.Methods for Hospital Network and Computer Security
MS, University of Cincinnati, 2011, Engineering and Applied Science: Computer Science
Hospital IT security presents many unique challenges that must be solved by the entire organization. Network and computer threats can cause thousands of dollars in lost time and resources, legal repercussions, and damaged repu- tation. Despite warnings from a wealth of public breach notifications, many hospitals are inadequately prepared to deal with today’s computer-based at- tacks. This thesis explores the root causes of hospital network and computer in- security, and addresses these problems with methods implemented in actual hospitals. A lack of comprehension of methods to assess and implement secu- rity measures by hospital IT security employees can hinder network visibility and prevent their ability to stop threats. In addition, these same people are unable to express security concerns in terms management can understand, harming their credibility within the business as a whole. Without this sup- port, organizational change is impossible. By addressing these concerns with a combination of people, process, and tools, we can solve complex problems, protect patient data, and ensure IT operations so hospitals can serve their community and save lives.

Committee:

John Franco, PhD (Committee Chair); Raj Bhatnagar, PhD (Committee Member); Patrick Kumpf, EdD (Committee Member)

Subjects:

Information Technology

Keywords:

hospital it Security;information security;network security;computer security;hospital information security;security

Sawant, AnkushTime-based Approach to Intrusion Detection using Multiple Self-Organizing Maps
Master of Science (MS), Ohio University, 2005, Electrical Engineering & Computer Science (Engineering and Technology)
Anomaly-based intrusion detection systems identify intrusions by monitoring network traffic for abnormal behavior. Integrated Network-Based Ohio University Network Detective Service (INBOUNDS) is an anomaly-based intrusion detection system being developed at Ohio University. The Multiple Self-organizing map based Intrusion Detection System (MSIDS) module for INBOUNDS analyzes the time-based behavior of normal network connections for anomalies, using the Self-Organizing Map (SOM) algorithm. The MSIDS module builds profiles of normal network behavior by characterizing the network traffic with four parameters. A SOM, developed for each time interval, captures the characteristic network behavior for that time interval using the four parameters. This approach achieves better characterization of normal network behavior, leading to better intrusion detection capability. During real-time operation, the four-dimensional vectors, representing the attack connection for the time intervals, are fed into respective trained SOMs. For each input vector in the four-dimensional space, a “winner” neuron is determined. If the distance between the input vector and the winner neuron for any SOM is greater than a certain threshold value, the MSIDS module classifies the network connection as an intrusion. Moreover, detecting the attack in early stages of the connection leads to near real-time response to intrusions.

Committee:

Carl Bruggeman (Advisor)

Keywords:

Network Security; Intrusion Detection; Self-Organizing Maps; Anomaly Detection

WANG, HONGHAOAn Efficient and Secure Overlay Network for General Peer-to-Peer Systems
PhD, University of Cincinnati, 2008, Engineering : Computer Science and Engineering
Currently, Peer-to-Peer overlays can be classified into two main categories: unstructured and structured ones. Unstructured overlays are simple, robust, and powerful in keyword search. Structured ones can scale to very large systems in terms of node number and geography, and guarantee to locate an object within O(Log N) hops. However, both of them face difficulties in efficiency and security of overlays. For unstructured ones, the efficiency problem presented is poor scalability. For structured ones, it is long routing latency and enormous overhead on handling system churn. Moreover, both of them are vulnerable to malicious attacks. Peer-to-Peer overlays belong to application-level network. To a great extension, overlay network designs ignore physical characteristics. As the result, their structures are far from underlying physical network or the distribution pattern of overlay peers. These inconsistencies induce system common operations costly, such as routing and lookup. On the other hand, most peers are assumed to have uniform resources and similar behaviors. Thus, Peer-to-Peer protocols were designed to be symmetric. However, in the realistic environment, peers' resources and behaviors are highly skewed. Symmetric protocols actually compromise system performance. Frequently joining and leaving of peers generates enormous traffic. The significant fraction of peers with high latency/low bandwidth links increase lookup latency. Moreover, under the environment without mutual trust, Peer-to-Peer systems are very vulnerable for varied attacks because they lack a practical authentication mechanism. From a different perspective, this dissertation proposes to construct a highly efficient and secure Peer-to-Peer overlay based on the physical network structure of the Internet and network locality of overlay peers. By naturally integrating different network-aware techniques into the Peer-to-Peer overlay, a novel SNSA (Scalable Network Structure Aware) technique has been developed. It can provide accurate information of network locality of overlay peers and sufficient physical network structure of the Internet. Based on the valuable information, a unique Peer-to-Peer overlay, which can reflect network structure and locality of overlay peers, is constructed. Also, peers are assigned different roles by their resources and behaviors. Minor capable peers are involved in overlay core operations, such as routing and lookup. Major normal ones are organized into highly dependable teams, and assigned usual tasks, such as storing objects. Not only can this overlay support both structured and unstructured systems, but also the systems are highly efficient in routing and consuming much less bandwidth. As the observation that every peer must subject to the network configuration and administration imposed by ISPs, we propose to identify each peer by its physical network characteristic, net-print. Based on the SNSA technique and the net-print, a distributed authentication and secure routing mechanisms are developed under Peer-to-Peer environment. Beware of the fact that every overlay network maintains its own network proximity system. This dissertation proposes to build a common layer to provide such information for all overlays. By deeply analyzing requirements of current overlays, three kinds of primitives are designed to provide valued knowledge of physical network and overlay peers. Not only dose this method save network resource by eliminating duplicated probes, but it also provides an efficient way to share information between overlays.

Committee:

Dr. Yiming Hu (Advisor)

Subjects:

Computer Science

Keywords:

Peer-to-Peer; Overlay Network; Overlay Routing; Overlay Structure; Distributed Hash Table (DHT); Network Topology; Network Aware; Network Locality; Network Proximity; Network Security; Secure Routing; System Churn

Abuaitah, Giovani RimonTrusted Querying over Wireless Sensor Networks and Network Security Visualization
Master of Science in Computer Engineering (MSCE), Wright State University, 2009, Computer Engineering

Wireless sensor networks (WSNs) as an emerging technology faces numerous challenges. Sensor nodes are usually resource constrained. Sensor nodes are also vulnerable to physical attacks or node compromises. Answering queries over data is one of the basic functionalities of WSNs. Both resource constraints and security issues make designing mechanisms for data aggregation particularly challenging. In this thesis, we first explore the various security techniques for data aggregation in WSNs then we design and demonstrate the feasibility of an innovative reputation-based framework rooted in rigorous statistical theory and belief theory to characterize the trustworthiness of individual nodes and data queries in WSNs.

Detecting security vulnerabilities is an imperative task. Visualization techniques have been developed over decades and are powerful when employed in the field of network security. In this thesis, we present a novel security visualization tool called “SecVizer”.

Committee:

Bin Wang, PhD (Advisor); Yong Pei, PhD (Committee Member); Thomas Wischgoll, PhD (Committee Member)

Subjects:

Computer Science

Keywords:

trusted querying; spatial and temporal correlated wireless sensor network; WSN security; node compromise; network security visualization; parallel coordinate plot; SecVizer

Yellapragada, RamaniProbabilistic Model for Detecting Network Traffic Anomalies
Master of Science (MS), Ohio University, 2004, Computer Science (Engineering)

Anomaly-based intrusion detection is a research area in Computer Security, wherein computer and network attacks are differentiated from normal computer interactions. Anomaly-based intrusion detection systems detect attacks by analyzing either computer or network data and flagging abnormalities as intrusions. The abnormalities are detected by analyzing certain parameters that are present in the data. Our approach analyzes certain network parameters, which characterize either a connection or a network service on a monitored host or a network service on a monitored network. This categorization of parameters helps detect varied classes of attacks including denial-of-service, port scan and buffer overflow attacks.

Anomaly-based systems use various analysis techniques to detect parameter anomalies. A new approach based on Bayesian Networks technique for analyzing and detecting anomalies is presented here. The advantage of Bayesian Networks lies in their ability to adaptively learn normal values of parameters without much training, which makes it suitable for real-time analysis. Bayesian Network can be used to combine current evidence and previous knowledge to obtain the probability of anomaly. This property helps in detecting previously seen attacks faster, since the previous knowledge provides strong evidence of an attack. The same property helps reduce the number of false positives, since considerable evidence needs to accumulate for the Bayesian Network to report high probability of anomaly.

Committee:

Shawn Ostermann (Advisor)

Subjects:

Computer Science

Keywords:

Network Security; Intrusion Detection; Anomaly Detection

SHAH, VIVEKPARALLEL CLUSTER FORMATION FOR SECURED COMMUNICATION IN WIRELESS AD HOC NETWORKS
MS, University of Cincinnati, 2004, Engineering : Computer Science
Routing protocols in wireless ad hoc network are highly insecure and prone to various attacks owing to its inherent characteristics of open medium, dynamically changing topologies and distributed cooperation between the member nodes. Having a secure routing protocol in wireless ad hoc networks appears to be a problem that is not trivial to solve. We propose a scheme to enhance the fault-tolerance of cluster head’s functionality in CBRP. CBRP with a single cluster head is single point of failure and unsuitable especially for functionalities like key distribution. By distributing the cluster head service to a group of cluster heads called Council nodes and utilizing the (k, n) secret sharing scheme, we can increase the fault tolerance of network manifolds against security attacks. Simulation results obtained demonstrates that our proposed algorithm enables simultaneous formation the Council based clusters, thereby making the scheme time efficient and comparable to CBRP. Results also show that since large size clusters are formed in Council based clusters, it is feasible to apply (k, n) secret sharing concepts. The scheme is more suitable for low mobility networks due to the less signaling overhead involved in during cluster reformations.

Committee:

Dr. Dharma Agrawal (Advisor)

Subjects:

Computer Science

Keywords:

Ad Hoc Networks; Network Security; Key Distribution; Key Management; Wireless Communications

NEIMAN, ADAM MHASH STAMP MARKING SCHEME FOR PACKET TRACEBACK
MS, University of Cincinnati, 2005, Engineering : Computer Science
The Internet Protocol (IP) is the basic language that all computers use to communicate across networks and the Internet. A flaw in the design of this protocol allows at tackers to forge the sending address of IP packets, known as packet spoofing. This packet spoofing is a serious security issue on networks and the Internet because it prevents authorities from locating the true source of any spoofing attack. In this paper we analyze technologies available for coping with packet spoofing. After this discussion we present a simple method for traceback, followed by an analysis of the method's requirements.

Committee:

John Franco (Advisor)

Subjects:

Computer Science

Keywords:

hash; message authentication code; MAC; hash-keyed message authentication; HMAC; Internet Protocol; IP; spoofing; packet stamping; packet marking; traceback; computer network security; denial of service; DoS

Watkins, Trevor U.Is Microsoft a Threat to National Security? Policy, Products, Penetrations, and Honeypots
Master of Computing and Information Systems, Youngstown State University, 2009, Department of Computer Science and Information Systems
Is Microsoft a threat to national security? This thesis evaluates Microsoft's policies, business model, and products to determine whether Microsoft is a threat to national security. The first part of this thesis investigated Microsoft's policies and products. In the second part of this thesis, two networks were investigated. The first network, which will be known as network “honey,” was designed and configured to examine the techniques of hackers. The second network, which will be known as network “X,” is a real business enterprise network that was the target for penetration testing. The investigation provided an inside look at the security threats in Microsoft Windows XP SP3, Windows Vista SP1, Microsoft Server 2000 SP4, and Microsoft Server 2003 SP2 operating systems on a network. The results of this investigation serve as a microcosm to a macro-problem. Microsoft Windows networks are too vulnerable to serve as the backbone for any institution or organization's networking infrastructure, especially entities considered to be government critical infrastructures.

Committee:

Graciela Perera, PhD (Advisor); Alina Lazar, PhD (Committee Member); John Sullins, PhD (Committee Member)

Subjects:

Computer Science; Information Systems; Systems Design

Keywords:

Honeypots; penetration testing; national security; network security; Microsoft threat to national security; hackers; Microsoft Windows

DENG, HONGMEIAN INTEGRATED SECURITY SCHEME WITH RESOURCE-AWARENESS FOR WIRELESS AD HOC NETWORKS
PhD, University of Cincinnati, 2004, Engineering : Electrical Engineering
Wireless ad hoc networks have emerged as a new information-transmission paradigm based on collaborative efforts of multiple self-organized mobile nodes. Without the support from any fixed infrastructure, this type of network provides an extremely flexible method for establishing communications in situations where geographical or terrestrial constraints demand totally distributed network system. While the inherent characteristics of an ad hoc network make it useful for many applications, they also bring in a lot of research challenges. One of the important issues is the security, since conventional security approaches adopted for traditional networks are not directly applicable to ad hoc networks. Secure ad hoc network is critical to the development of any real application of wireless ad hoc networks. In this dissertation, we attempt to develop an integrated and distributed security scheme with resource-awareness to enhance the security of ad hoc networks. Our scheme can be logically divided into two parts. An efficient intrusion prevention mechanism is developed to prevent the various attacks from external intruders, and an intrusion detection mechanism is used to provide a second line of defense for the misbehaviors of internal intruders. In the intrusion prevention mechanism, the identity-based cryptography, bivariate polynomial-based pairwise key and one way hash chain techniques are used to provide various security goals, such as availability, integrity, confidentiality, authentication and non-repudiation. Considering the self-organizing property of ad hoc networks, the intrusion detection is implemented in a distributed fashion, in which the behavior of each node is monitored and analyzed using a cooperative functions involved in the network. The intrusion detection scheme can detect both the internal and external attacks, but it pays more attention on the attacks that cannot handled by the intrusion prevention approach, and the result of intrusion detection would further guide and help the intrusion preventon mechanism to efficiently isolate the malicious nodes.The proposed security scheme can be incorporated into the existing routing protocols to enhance the overall security, at the same time keep a minimal overhead to the routing protocols.

Committee:

Dr. Dharma Agrawal (Advisor)

Keywords:

wireless Ad Hoc Network; Network Security; Intrusion Detection