While vehicle-to-everything communication technology enables information sharing and cooperative control for vehicles, it also poses a significant threat to the vehicles' driving security owing to cyber-attacks. In particular, Sybil malicious attacks hidden in the vehicle broadcast information flow are challenging to detect, thereby becoming an urgent issue requiring attention. Several researchers have considered this problem and proposed different detection schemes. However, the detection performance of existing schemes based on plausibility checks and neighboring observers is affected by the traffic and attacker densities. In this study, we propose a malicious attack detection scheme based on traffic-flow information fusion, which enables the detection of Sybil attacks without neighboring observer nodes. Our solution is based on the basic safety message, which is broadcast by vehicles periodically. It first constructs the basic features of traffic flow to reflect the traffic state, subsequently fuses it with the road detector information to add the road fusion features, and then classifies them using machine learning algorithms to identify malicious attacks. The experimental results demonstrate that our scheme achieves the detection of Sybil attacks with an accuracy greater than 90 % at different traffic and attacker densities. Our solutions provide security for achieving a usable vehicle communication network.
Authored by Ye Chen, Yingxu Lai, Zhaoyi Zhang, Hanmei Li, Yuhang Wang
The intrusion detection systems are vital for the sustainability of Cooperative Intelligent Transportation Systems (C-ITS) and the detection of sybil attacks are particularly challenging. In this work, we propose a novel approach for the detection of sybil attacks in C-ITS environments. We provide an evaluation of our approach using extensive simulations that rely on real traces, showing our detection approach's effectiveness.
Authored by Badis Hammi, Mohamed Idir, Rida Khatoun
Smart cities are a wide range of projects made to facilitate the problems of everyday life and ensure security. Our interest focuses only on the Intelligent Transport System (ITS) that takes care of the transportation issues using the Vehicular Ad-Hoc Network (VANET) paradigm as its base. VANETs are a promising technology for autonomous driving that provides many benefits to the user conveniences to improve road safety and driving comfort. VANET is a promising technology for autonomous driving that provides many benefits to the user's conveniences by improving road safety and driving comfort. The problem with such rapid development is the continuously increasing digital threats. Among all these threats, we will target the Sybil attack since it has been proved to be one of the most dangerous attacks in VANETs. It allows the attacker to generate multiple forged identities to disseminate numerous false messages, disrupt safety-related services, or misuse the systems. In addition, Machine Learning (ML) is showing a significant influence on classification problems, thus we propose a behavior-based classification algorithm that is tested on the provided VeReMi dataset coupled with various machine learning techniques for comparison. The simulation results prove the ability of our proposed mechanism to detect the Sybil attack in VANETs.
Authored by Dhia Laouiti, Marwane Ayaida, Nadhir Messai, Sameh Najeh, Leila Najjar, Ferdaous Chaabane
As a result of the inherent weaknesses of the wireless medium, ad hoc networks are susceptible to a broad variety of threats and assaults. As a direct consequence of this, intrusion detection, as well as security, privacy, and authentication in ad-hoc networks, have developed into a primary focus of current study. This body of research aims to identify the dangers posed by a variety of assaults that are often seen in wireless ad-hoc networks and provide strategies to counteract those dangers. The Black hole assault, Wormhole attack, Selective Forwarding attack, Sybil attack, and Denial-of-Service attack are the specific topics covered in this thesis. In this paper, we describe a trust-based safe routing protocol with the goal of mitigating the interference of black hole nodes in the course of routing in mobile ad-hoc networks. The overall performance of the network is negatively impacted when there are black hole nodes in the route that routing takes. As a result, we have developed a routing protocol that reduces the likelihood that packets would be lost as a result of black hole nodes. This routing system has been subjected to experimental testing in order to guarantee that the most secure path will be selected for the delivery of packets between a source and a destination. The invasion of wormholes into a wireless network results in the segmentation of the network as well as a disorder in the routing. As a result, we provide an effective approach for locating wormholes by using ordinal multi-dimensional scaling and round trip duration in wireless ad hoc networks with either sparse or dense topologies. Wormholes that are linked by both short route and long path wormhole linkages may be found using the approach that was given. In order to guarantee that this ad hoc network does not include any wormholes that go unnoticed, this method is subjected to experimental testing. In order to fight against selective forwarding attacks in wireless ad-hoc networks, we have developed three different techniques. The first method is an incentive-based algorithm that makes use of a reward-punishment system to drive cooperation among three nodes for the purpose of vi forwarding messages in crowded ad-hoc networks. A unique adversarial model has been developed by our team, and inside it, three distinct types of nodes and the activities they participate in are specified. We have shown that the suggested strategy that is based on incentives prohibits nodes from adopting an individualistic behaviour, which ensures collaboration in the process of packet forwarding. To guarantee that intermediate nodes in resource-constrained ad-hoc networks accurately convey packets, the second approach proposes a game theoretic model that uses non-cooperative game theory. This model is based on the idea that game theory may be used. This game reaches a condition of desired equilibrium, which assures that cooperation in multi-hop communication is physically possible, and it is this state that is discovered. In the third algorithm, we present a detection approach that locates malicious nodes in multihop hierarchical ad-hoc networks by employing binary search and control packets. We have shown that the cluster head is capable of accurately identifying the malicious node by analysing the sequences of packets that are dropped along the path leading from a source node to the cluster head. A lightweight symmetric encryption technique that uses Binary Playfair is presented here as a means of safeguarding the transport of data. We demonstrate via experimentation that the suggested encryption method is efficient with regard to the amount of energy used, the amount of time required for encryption, and the memory overhead. This lightweight encryption technique is used in clustered wireless ad-hoc networks to reduce the likelihood of a sybil attack occurring in such networks
Authored by Chethana C, Piyush Pareek, Victor de Albuquerque, Ashish Khanna, Deepak Gupta
KYC or Know Your Customer is the procedure to verify the individuality of its consumers & evaluating the possible dangers of illegitimate trade relations. A few problems with the existing KYC manual process are that it is less secure, time-consuming and expensive. With the advent of Blockchain technology, its structures such as consistency, security, and geographical diversity make them an ideal solution to such problems. Although marketing solutions such as KYC-chain.co, K-Y-C. The legal right to enable blockchain-based KYC authentication provides a way for documents to be verified by a trusted network participant. This project uses an ETHereum based Optimised KYC Block-chain system with uniform A-E-S encryption and compression built on the LZ method. The system publicly verifies a distributed encryption, is protected by cryptography, operates by pressing the algorithm and is all well-designed blockchain features. The suggested scheme is a novel explanation based on Distributed Ledger Technology or Blockchain technology that would cut KYC authentication process expenses of organisations & decrease the regular schedule for completion of the procedure whilst becoming easier for clients. The largest difference in the system in traditional methods is the full authentication procedure is performed in just no time for every client, regardless of the number of institutions you desire to be linked to. Furthermore, since DLT is employed, validation findings may be securely distributed to consumers, enhancing transparency. Based on this method, a Proof of Concept (POC) is produced with Ethereum's API, websites as endpoints and the android app as the front office, recognising the viability and efficacy of this technique. Ultimately, this strategy enhances consumer satisfaction, lowers budget overrun & promotes transparency in the customer transport network.
Authored by Bhavya Dhiman, Rubin S
This paper introduces a new type of attack on isolated, air-gapped workstations. Although air-gap computers have no wireless connectivity, we show that attackers can use the SATA cable as a wireless antenna to transfer radio signals at the 6 GHz frequency band. The Serial ATA (SATA) is a bus interface widely used in modern computers and connects the host bus to mass storage devices such as hard disk drives, optical drives, and solid-state drives. The prevalence of the SATA interface makes this attack highly available to attackers in a wide range of computer systems and IT environments. We discuss related work on this topic and provide technical background. We show the design of the transmitter and receiver and present the implementation of these components. We also demonstrate the attack on different computers and provide the evaluation. The results show that attackers can use the SATA cable to transfer a brief amount of sensitive information from highly secured, air-gap computers wirelessly to a nearby receiver. Furthermore, we show that the attack can operate from user mode, is effective even from inside a Virtual Machine (VM), and can successfully work with other running workloads in the background. Finally, we discuss defense and mitigation techniques for this new air-gap attack.
Authored by Mordechai Guri
Highly secure devices are often isolated from the Internet or other public networks due to the confidential information they process. This level of isolation is referred to as an ’air-gap .’In this paper, we present a new technique named ETHERLED, allowing attackers to leak data from air-gapped networked devices such as PCs, printers, network cameras, embedded controllers, and servers. Networked devices have an integrated network interface controller (NIC) that includes status and activity indicator LEDs. We show that malware installed on the device can control the status LEDs by blinking and alternating colors, using documented methods or undocumented firmware commands. Information can be encoded via simple encoding such as Morse code and modulated over these optical signals. An attacker can intercept and decode these signals from tens to hundreds of meters away. We show an evaluation and discuss defensive and preventive countermeasures for this exfiltration attack.
Authored by Mordechai Guri
Designing a Framework of an Integrated Network and Security Operation Center: A Convergence Approach
Cyber-security incidents have grown significantly in modern networks, far more diverse and highly destructive and disruptive. According to the 2021 Cyber Security Statistics Report [1], cybercrime is up 600% during this COVID pandemic, the top attacks are but are not confined to (a) sophisticated phishing emails, (b) account and DNS hijacking, (c) targeted attacks using stealth and air gap malware, (d) distributed denial of services (DDoS), (e) SQL injection. Additionally, 95% of cyber-security breaches result from human error, according to Cybint Report [2]. The average time to identify a breach is 207 days as per Ponemon Institute and IBM, 2022 Cost of Data Breach Report [3]. However, various preventative controls based on cyber-security risk estimation and awareness results decrease most incidents, but not all. Further, any incident detection delay and passive actions to cyber-security incidents put the organizational assets at risk. Therefore, the cyber-security incident management system has become a vital part of the organizational strategy. Thus, the authors propose a framework to converge a "Security Operation Center" (SOC) and a "Network Operations Center" (NOC) in an "Integrated Network Security Operation Center" (INSOC), to overcome cyber-threat detection and mitigation inefficiencies in the near-real-time scenario. We applied the People, Process, Technology, Governance and Compliance (PPTGC) approach to develop the INSOC conceptual framework, according to the requirements we formulated for its operation [4], [5]. The article briefly describes the INSOC conceptual framework and its usefulness, including the central area of the PPTGC approach while designing the framework.
Authored by Deepesh Shahjee, Nilesh Ware
Unmanned Aerial Vehicles (UAVs) are drawing enormous attention in both commercial and military applications to facilitate dynamic wireless communications and deliver seamless connectivity due to their flexible deployment, inherent line-of-sight (LOS) air-to-ground (A2G) channels, and high mobility. These advantages, however, render UAV-enabled wireless communication systems susceptible to eavesdropping attempts. Hence, there is a strong need to protect the wireless channel through which most of the UAV-enabled applications share data with each other. There exist various error correction techniques such as Low Density Parity Check (LDPC), polar codes that provide safe and reliable data transmission by exploiting the physical layer but require high transmission power. Also, the security gap achieved by these error-correction techniques must be reduced to improve the security level. In this paper, we present deep learning (DL) enabled punctured LDPC codes to provide secure and reliable transmission of data for UAVs through the Additive White Gaussian Noise (AWGN) channel irrespective of the computational power and channel state information (CSI) of the Eavesdropper. Numerical result analysis shows that the proposed scheme reduces the Bit Error Rate (BER) at Bob effectively as compared to Eve and the Signal to Noise Ratio (SNR) per bit value of 3.5 dB is achieved at the maximum threshold value of BER. Also, the security gap is reduced by 47.22 % as compared to conventional LDPC codes.
Authored by Himanshu Sharma, Neeraj Kumar, Raj Tekchandani, Nazeeruddin Mohammad
Shipboard marine radar systems are essential for safe navigation, helping seafarers perceive their surroundings as they provide bearing and range estimations, object detection, and tracking. Since onboard systems have become increasingly digitized, interconnecting distributed electronics, radars have been integrated into modern bridge systems. But digitization increases the risk of cyberattacks, especially as vessels cannot be considered air-gapped. Consequently, in-depth security is crucial. However, particularly radar systems are not sufficiently protected against harmful network-level adversaries. Therefore, we ask: Can seafarers believe their eyes? In this paper, we identify possible attacks on radar communication and discuss how these threaten safe vessel operation in an attack taxonomy. Furthermore, we develop a holistic simulation environment with radar, complementary nautical sensors, and prototypically implemented cyberattacks from our taxonomy. Finally, leveraging this environment, we create a comprehensive dataset (RadarPWN) with radar network attacks that provides a foundation for future security research to secure marine radar communication.
Authored by Konrad Wolsing, Antoine Saillard, Jan Bauer, Eric Wagner, Christian van Sloun, Ina Fink, Mari Schmidt, Klaus Wehrle, Martin Henze
A Privacy-preserving Approach to Distributed Set-membership Estimation over Wireless Sensor Networks
This paper focuses on the system on wireless sensor networks. The system is linear and the time of the system is discrete as well as variable, which named discrete-time linear time-varying systems (DLTVS). DLTVS are vulnerable to network attacks when exchanging information between sensors in the network, as well as putting their security at risk. A DLTVS with privacy-preserving is designed for this purpose. A set-membership estimator is designed by adding privacy noise obeying the Laplace distribution to state at the initial moment. Simultaneously, the differential privacy of the system is analyzed. On this basis, the real state of the system and the existence form of the estimator for the desired distribution are analyzed. Finally, simulation examples are given, which prove that the model after adding differential privacy can obtain accurate estimates and ensure the security of the system state.
Authored by Xuefeng Yang, Li Liu, Yinggang Zhang, Yihao Li, Pan Liu, Shili Ai
Nowadays, IoT networks and devices exist in our everyday life, capturing and carrying unlimited data. However, increasing penetration of connected systems and devices implies rising threats for cybersecurity with IoT systems suffering from network attacks. Artificial Intelligence (AI) and Machine Learning take advantage of huge volumes of IoT network logs to enhance their cybersecurity in IoT. However, these data are often desired to remain private. Federated Learning (FL) provides a potential solution which enables collaborative training of attack detection model among a set of federated nodes, while preserving privacy as data remain local and are never disclosed or processed on central servers. While FL is resilient and resolves, up to a point, data governance and ownership issues, it does not guarantee security and privacy by design. Adversaries could interfere with the communication process, expose network vulnerabilities, and manipulate the training process, thus affecting the performance of the trained model. In this paper, we present a federated learning model which can successfully detect network attacks in IoT systems. Moreover, we evaluate its performance under various settings of differential privacy as a privacy preserving technique and configurations of the participating nodes. We prove that the proposed model protects the privacy without actually compromising performance. Our model realizes a limited performance impact of only ∼ 7% less testing accuracy compared to the baseline while simultaneously guaranteeing security and applicability.
Authored by Zacharias Anastasakis, Konstantinos Psychogyios, Terpsi Velivassaki, Stavroula Bourou, Artemis Voulkidis, Dimitrios Skias, Antonis Gonos, Theodore Zahariadis
Existing defense strategies against adversarial attacks (AAs) on AI/ML are primarily focused on examining the input data streams using a wide variety of filtering techniques. For instance, input filters are used to remove noisy, misleading, and out-of-class inputs along with a variety of attacks on learning systems. However, a single filter may not be able to detect all types of AAs. To address this issue, in the current work, we propose a robust, transferable, distribution-independent, and cross-domain supported framework for selecting Adaptive Filter Ensembles (AFEs) to minimize the impact of data poisoning on learning systems. The optimal filter ensembles are determined through a Multi-Objective Bi-Level Programming Problem (MOBLPP) that provides a subset of diverse filter sequences, each exhibiting fair detection accuracy. The proposed framework of AFE is trained to model the pristine data distribution to identify the corrupted inputs and converges to the optimal AFE without vanishing gradients and mode collapses irrespective of input data distributions. We presented preliminary experiments to show the proposed defense outperforms the existing defenses in terms of robustness and accuracy.
Authored by Arunava Roy, Dipankar Dasgupta
Realize the same-city and remote disaster recovery of the infectious disease network direct reporting system of the China Medical Archives Information Center. Method: A three-tier B/S/DBMS architecture is used in the disaster recovery center to deploy an infectious disease network direct reporting system, and realize data-level disaster recovery through remote replication technology; realize application-level disaster recovery of key business systems through asynchronous data technology; through asynchronous the mode carries on the network direct report system disaster tolerance data transmission of medical files. The establishment of disaster recovery centers in different cities in the same city ensures the direct reporting system and data security of infectious diseases, and ensures the effective progress of continuity work. The results show that the efficiency of remote disaster recovery and backup based on big data has increased by 9.2%
Authored by Yingjue Wang, Lei Gong, Min Zhang
In recent times, Network-on-Chip (NoC) has become state of the art for communication in Multiprocessor System-on-Chip due to the existing scalability issues in this area. However, these systems are exposed to security threats such as extraction of secret information. Therefore, the need for secure communication arises in such environments. In this work, we present a communication protocol based on authenticated encryption with recovery mechanisms to establish secure end-to-end communication between the NoC nodes. In addition, a selected key agreement approach required for secure communication is implemented. The security functionality is located in the network adapter of each processing element. If data is tampered with or deleted during transmission, recovery mechanisms ensure that the corrupted data is retransmitted by the network adapter without the need of interference from the processing element. We simulated and implemented the complete system with SystemC TLM using the NoC simulation platform PANACA. Our results show that we can keep a high rate of correctly transmitted information even when attackers infiltrated the NoC system.
Authored by Julian Haase, Sebastian Jaster, Elke Franz, Diana Göhringer
Port knocking provides an added layer of security on top of the existing security systems of a network. A predefined port knocking sequence is used to open the ports, which are closed by the firewall by default. The server determines the valid request if the knocking sequence is correct and opens the desired port. However, this sequence poses a security threat due to its static nature. This paper presents the port knock sequence-based communication protocol in the Software Defined network (SDN). It provides better management by separating the control plane and data plane. At the same time, it causes a communication overhead between the switches and the controller. To avoid this overhead, we are using the port knocking concept in the data plane without any involvement of the SDN controller. This study proposes three port knock sequence-based protocols (static, partial dynamic, and dynamic) in the data plane. To test the protocol in SDN environment, the P4 implementation of the underlying model is done in the BMV2 (behavioral model version 2) virtual switch. To check the security of the protocols, an informal security analysis is performed, which shows that the proposed protocols are secured to be implemented in the SDN data plane.
Authored by Isha Pali, Ruhul Amin
Dynamic Host Control Protocol (DHCP) is a protocol which provides IP addresses and network configuration parameters to the hosts present in the network. This protocol is deployed in small, medium, and large size organizations which removes the burden from network administrator to manually assign network parameters to every host in the network for establishing communication. Every vendor who plans to incorporate DHCP service in its device follows the working flow defined in Request for Comments (RFC). DHCP Starvation and DHCP Flooding attack are Denial of Service (DoS) attacks to prevents provision of IP addresses by DHCP. Port Security and DHCP snooping are built-in security features which prevents these DoS attacks. However, novel techniques have been devised to bypass these security features which uses ARP and ICMP protocol to perform the attack. The purpose of this research is to analyze implementation of DHCP in multiple devices to verify the involvement of both ARP and ICMP in the address acquisition process of DHCP as per RFC and to validate the results of prior research which assumes ARP or ICMP are used by default in all of devices.
Authored by Shameel Syed, Faheem Khuhawar, Shahnawaz Talpur, Aftab Memon, Miquel-Angel Luque-Nieto, Sanam Narejo
Intrusion Detection System (IDS) is one of the applications to detect intrusions in the network. IDS aims to detect any malicious activities that protect the computer networks from unknown persons or users called attackers. Network security is one of the significant tasks that should provide secure data transfer. Virtualization of networks becomes more complex for IoT technology. Deep Learning (DL) is most widely used by many networks to detect the complex patterns. This is very suitable approaches for detecting the malicious nodes or attacks. Software-Defined Network (SDN) is the default virtualization computer network. Attackers are developing new technology to attack the networks. Many authors are trying to develop new technologies to attack the networks. To overcome these attacks new protocols are required to prevent these attacks. In this paper, a unique deep intrusion detection approach (UDIDA) is developed to detect the attacks in SDN. Performance shows that the proposed approach is achieved more accuracy than existing approaches.
Authored by Vamsi Krishna, Venkata Matta
Nowadays, in this COVID era, work from home is quietly more preferred than work from the office. Due to this, the need for a firewall has been increased day by day. Every organization uses the firewall to secure their network and create VPN servers to allow their employees to work from home. Due to this, the security of the firewall plays a crucial role. In this paper, we have compared the two most popular open-source firewalls named pfSense and OPNSense. We have examined the security they provide by default without any other attachment. To do this, we performed four different attacks on the firewalls and compared the results. As a result, we have observed that both provide the same security still pfSense has a slight edge when an attacker tries to perform a Brute force attack over OPNSense.
Authored by Harsh Kiratsata, Deep Raval, Payal Viras, Punit Lalwani, Himanshu Patel, Panchal D.
Recently, research on AI-based network intrusion detection has been actively conducted. In previous studies, the machine learning models such as SVM (Support Vector Machine) and RF (Random Forest) showed consistently high performance, whereas the NB (Naïve Bayes) showed various performances with large deviations. In the paper, after analyzing the cause of the NB models showing various performances addressed in the several studies, we measured the performance of the Gaussian NB model according to the smoothing factor that is closely related to these causes. Furthermore, we compared the performance of the Gaussian NB model with that of the other models as a zero-day attack detection system. As a result of the experiment, the accuracy was 38.80% and 87.99% in case that the smoothing factor is 0 and default respectively, and the highest accuracy was 94.53% in case that the smoothing factor is 1e-01. In the experiment, we used only some types of the attack data in the NSL-KDD dataset. The experiments showed the applicability of the Gaussian NB model as a zero-day attack detection system in the future. In addition, it is clarified that the smoothing factor of the Gaussian NB model determines the shape of gaussian distribution that is related to the likelihood.
Authored by Kijung Bong, Jonghyun Kim
Conpot is a low-interaction SCADA honeypot system that mimics a Siemens S7-200 proprietary device on default deployments. Honeypots operating using standard configurations can be easily detected by adversaries using scanning tools such as Shodan. This study focuses on the capabilities of the Conpot honeypot, and how these competences can be used to lure attackers. In addition, the presented research establishes a framework that enables for the customized configuration, thereby enhancing its functionality to achieve a high degree of deceptiveness and realism when presented to the Shodan scanners. A comparison between the default and configured deployments is further conducted to prove the modified deployments' effectiveness. The resulting annotations can assist cybersecurity personnel to better acknowledge the effectiveness of the honeypot's artifacts and how they can be used deceptively. Lastly, it informs and educates cybersecurity audiences on how important it is to deploy honeypots with advanced deceptive configurations to bait cybercriminals.
Authored by Warren Cabral, Leslie Sikos, Craig Valli
DDoS is a major issue in network security and a threat to service providers that renders a service inaccessible for a period of time. The number of Internet of Things (IoT) devices has developed rapidly. Nevertheless, it is proven that security on these devices is frequently disregarded. Many detection methods exist and are mostly focused on Machine Learning. However, the best method has not been defined yet. The aim of this paper is to find the optimal volumetric DDoS attack detection method by first comparing different existing machine learning methods, and second, by building an adaptive lightweight heuristics model relying on few traffic attributes and simple DDoS detection rules. With this new simple model, our goal is to decrease the classification time. Finally, we compare machine learning methods with our adaptive new heuristics method which shows promising results both on the accuracy and performance levels.
Authored by Rani Rahbani, Jawad Khalife
Cyber attacks keep states, companies and individuals at bay, draining precious resources including time, money, and reputation. Attackers thereby seem to have a first mover advantage leading to a dynamic defender attacker game. Automated approaches taking advantage of Cyber Threat Intelligence on past attacks bear the potential to empower security professionals and hence increase cyber security. Consistently, there has been a lot of research on automated approaches in cyber risk management including works on predictive attack algorithms and threat hunting. Combining data on countermeasures from “MITRE Detection, Denial, and Disruption Framework Empowering Network Defense” and adversarial data from “MITRE Adversarial Tactics, Techniques and Common Knowledge” this work aims at developing methods that enable highly precise and efficient automatic incident response. We introduce Attack Incident Responder, a methodology working with simple heuristics to find the most efficient sets of counter-measures for hypothesized attacks. By doing so, the work contributes to narrowing the attackers first mover advantage. Experimental results are promising high average precisions in predicting effiective defenses when using the methodology. In addition, we compare the proposed defense measures against a static set of defensive techniques offering robust security against observed attacks. Furthermore, we combine the approach of automated incidence response to an approach for threat hunting enabling full automation of security operation centers. By this means, we define a threshold in the precision of attack hypothesis generation that must be met for predictive defense algorithms to outperform the baseline. The calculated threshold can be used to evaluate attack hypothesis generation algorithms. The presented methodology for automated incident response may be a valuable support for information security professionals. Last, the work elaborates on the combination of static base defense with adaptive incidence response for generating a bio-inspired artificial immune system for computerized networks.
Authored by Florian Kaiser, Leon Andris, Tim Tennig, Jonas Iser, Marcus Wiens, Frank Schultmann
Audit systems maintain detailed logs of security-related events on enterprise machines to forensically analyze potential incidents. In principle, these logs should be safely stored in a secure location (e.g., network storage) as soon as they are produced, but this incurs prohibitive slowdown to a monitored machine. Hence, existing audit systems protect batched logs asynchronously (e.g., after tens of seconds), but this allows attackers to tamper with unprotected logs.This paper presents HARDLOG, a practical and effective system that employs a novel audit device to provide fine-grained log protection with minimal performance slowdown. HARDLOG implements criticality-aware log protection: it ensures that logs are synchronously protected in the audit device before an infrequent security-critical event is allowed to execute, but logs are asynchronously protected on frequent non-critical events to minimize performance overhead. Importantly, even on non-critical events, HARDLOG ensures bounded-asynchronous protection: it sends log entries to the audit device within a tiny, bounded delay from their creation using well-known real-time techniques. To demonstrate HARDLOG’S effectiveness, we prototyped an audit device using commodity components and implemented a reference audit system for Linux. Our prototype achieves a bounded protection delay of 15 milliseconds at non-critical events alongside undelayed protection at critical events. We also show that, for diverse real-world programs, HARDLOG incurs a geometric mean performance slowdown of only 6.3%, hence it is suitable for many real-world deployment scenarios.
Authored by Adil Ahmad, Sangho Lee, Marcus Peinado
The Network Security and Risk (NSR) management team in an enterprise is responsible for maintaining the network which includes switches, routers, firewalls, controllers, etc. Due to the ever-increasing threat of capitalizing on the vulnerabilities to create cyber-attacks across the globe, a major objective of the NSR team is to keep network infrastructure safe and secure. NSR team ensures this by taking proactive measures of periodic audits of network devices. Further external auditors are engaged in the audit process. Audit information is primarily stored in an internal database of the enterprise. This generic approach could result in a trust deficit during external audits. This paper proposes a method to improve the security and integrity of the audit information by using blockchain technology, which can greatly enhance the trust factor between the auditors and enterprises.
Authored by Santosh Upadhyaya, B. Thangaraju