Cyber Threat Intelligence and Analytics
Permanent URI for this collection
1 - 4 of 4
ItemA SPL Framework for Adaptive Deception-based Defense( 2018-01-03)In cyber defense, integrated deception mechanisms have been proposed as part of the system operation to enhance security by planting fake resources. The objective is to entice attackers and confuse them in determining the legitimacy of those resources. Although several strategies exist to implement deception in a software system, developing and integrating such solutions are primarily made in an ad-hoc fashion. This hinders reuse and does not consider the operation life cycle management. Additionally, support for adaptive deception is not considered. To alleviate these problems, we propose a framework based on software product lines and aspect-oriented techniques to generate adaptive deception-based defense strategies. We illustrate the feasibility of our approach with an example from the web applications domain, by integrating honeywords into an authentication mechanism to mitigate offline password cracking attacks.
ItemA Novel Hybrid Authentication Model for Geo Location Oriented Routing in Dynamic Wireless Mesh Networks( 2018-01-03)Authentication is an essential part of any network and plays a pivotal role in ensuring the security of a network by preventing unauthorised devices/users access to the network. As dynamic wireless mesh networks are evolving and being accepted in various fields, there is a strong need to improve the security of the network. It’s features like self-organizing and self-healing make it great but get undermined when rigid authentication schemes are used. We propose a hybrid authentication scheme for such dynamic mesh networks under three specified scenarios; full authentication, quick authentication and new node authentication. The proposed schemes are applied on our previous works on dynamic mesh routing protocol, Geo location Oriented Routing Protocol (GLOR Simulation results show our proposed scheme is efficient in terms of resource utilization as well as defending against security threats.
ItemTechniques to Improve Stable Distribution Modeling of Network Traffic( 2018-01-03)The stable distribution has been shown to more accurately model some aspects of network traffic than alternative distributions. In this work, we quantitatively examine aspects of the modeling performance of the stable distribution as envisioned in a statistical network cyber event detection system. We examine the flexibility and robustness of the stable distribution, extending previous work by comparing the performance of the stable distribution against alternatives using three different, public network traffic data sets with a mix of traffic rates and cyber events. After showing the stable distribution to be the overall most accurate for the examined scenarios, we use the Hellinger metric to investigate the ability of the stable distribution to reduce modeling error when using small data windows and counting periods. For the selected case and metric, the stable model is compared to a Gaussian model and is shown to produce the best overall fit as well as the best (or at worst, equivalent) fit for all counting periods. Additionally, the best stable fit occurs at a counting period that is five times shorter than the best Gaussian case. These results imply that the stable distribution can provide a more robust and accurate model than Gaussian-based alternatives in statistical network anomaly detection implementations while also facilitating faster system detection and response.