Network Security Resiliency - Recently, Cloud Computing became one of today’s great innovations for provisioning Information Technology (IT) resources. Moreover, a new model has been introduced named Fog Computing, which addresses Cloud Computing paradigm issues regarding time delay and high cost. However, security challenges are still a big concern about the vulnerabilities to both Cloud and Fog Computing systems. Man- in- the- Middle (MITM) is considered one ofthe most destructive attacks in a Fog Computing context. Moreover, it’s very complex to detect MiTM attacks as it is performed passively at the SoftwareDefined Networking (SDN) level, also the Fog Computing paradigm is ideally suitable for MITM attacks. In this paper, a MITM mitigation schemewill be proposed consisting of an SDN network (Fog Leaders) which controls a layer of Fog Nodes. Furthermore, Multi-Path TCP (MPTCP) has been used between all edge devices and Fog Nodes to improve resource utilization and security. The proposed solution performance evaluation has been carried out in a simulation environment using Mininet, Ryu SDN controller and Multipath TCP (MPTCP) Linux kernel. The experimental results showed thatthe proposed solution improves security, network resiliency and resource utilization without any significant overheads compared to the traditional TCP implementation.
Authored by Hossam ELMansy, Khaled Metwally, Khaled Badran
Network Security Architecture - As a result of globalization, the COVID-19 pandemic and the migration of data to the cloud, the traditional security measures where an organization relies on a security perimeter and firewalls do not work. There is a shift to a concept whereby resources are not being trusted, and a zero-trust architecture (ZTA) based on a zero-trust principle is needed. Adapting zero trust principles to networks ensures that a single insecure Application Protocol Interface (API) does not become the weakest link comprising of Critical Data, Assets, Application and Services (DAAS). The purpose of this paper is to review the use of zero trust in the security of a network architecture instead of a traditional perimeter. Different software solutions for implementing secure access to applications and services for remote users using zero trust network access (ZTNA) is also summarized. A summary of the author’s research on the qualitative study of “Insecure Application Programming Interface in Zero Trust Networks” is also discussed. The study showed that there is an increased usage of zero trust in securing networks and protecting organizations from malicious cyber-attacks. The research also indicates that APIs are insecure in zero trust environments and most organization are not aware of their presence.
Authored by Farhan Qazi
Network Security Architecture - Design a new generation of smart power meter components, build a smart power network, implement power meter safety protection, and complete smart power meter network security protection. The new generation of smart electric energy meters mainly complete legal measurement, safety fee control, communication, control, calculation, monitoring, etc. The smart power utilization structure network consists of the master station server, front-end processor, cryptographic machine and master station to form a master station management system. Through data collection and analysis, the establishment of intelligent energy dispatching operation, provides effective energy-saving policy algorithms and strategies, and realizes energy-smart electricity use manage. The safety protection architecture of the electric energy meter is designed from the aspects of its own safety, full-scenario application safety, and safety management. Own security protection consists of hardware security protection and software security protection. The full-scene application security protection system includes four parts: boundary security, data security, password security, and security monitoring. Security management mainly provides application security management strategies and security responsibility division strategies. The construction of the intelligent electric energy meter network system lays the foundation for network security protection.
Authored by Baofeng Li, Feng Zhai, Yilun Fu, Bin Xu
Network Security Architecture - To prevent all sorts of attacks, the technology of security service function chains (SFC) is proposed in recent years, it becomes an attractive research highlights. Dynamic orchestration algorithm can create SFC according to the resource usage of network security functions. The current research on creating SFC focuses on a single domain. However in reality the large and complex networks are divided into security domains according to different security levels and managed separately. Therefore, we propose a cross-security domain dynamic orchestration algorithm to create SFC for network security functions based on ant colony algorithm(ACO) and consider load balancing, shortest path and minimum delay as optimization objectives. We establish a network security architecture based on the proposed algorithm, which is suitable for the industrial vertical scenarios, solves the deployment problem of the dynamic orchestration algorithm. Simulation results verify that our algorithm achieves the goal of creating SFC across security domains and demonstrate its performance in creating service function chains to resolve abnormal traffic flows.
Authored by Weidong Xiao, Xu Zhang, Dongbin Wang
Network Security Architecture - Software-Defined Networking or SDN (Software-Defined Networking) is a technology for software control and management of the network in order to improve its properties. Unlike classic network management technologies, which are complex and decentralized, SDN technology is a much more flexible and simple system. The new architecture may be vulnerable to several attacks leading to resource depletion and preventing the SDN controller from providing support to legitimate users. One such attack is the Distributed Denial of Service (DDoS), which is on the rise today. We suggest Modified-DDoSNet, a system for detecting DDoS attacks in the SDN environment. A model based on Deep Learning (DL) techniques will be implemented, combining a Recurrent Neural Network (RNN) with an Autoencoder. The proposed model, which was first trained to detect attacks, was implemented in the security architecture of the SDN network, as a new component. The security architecture of the SDN network contains a total of 13 components, each of which represents an individual part of the architecture, where the first component is the RNN - autoencoder. The model itself, which is the first component, was trained in the CICDDoS2019 dataset. It has high reliability for attack detection, which increases the security of the SDN network architecture.
Authored by Jovan Gojic, Danijel Radakovic
Network Security Architecture - Network security isolation technology is an important means to protect the internal information security of enterprises. Generally, isolation is achieved through traditional network devices, such as firewalls and gatekeepers. However, the security rules are relatively rigid and cannot better meet the flexible and changeable business needs. Through the double sandbox structure created for each user, each user in the virtual machine is isolated from each other and security is ensured. By creating a virtual disk in a virtual machine as a user storage sandbox, and encrypting the read and write of the disk, the shortcomings of traditional network isolation methods are discussed, and the application of cloud desktop network isolation technology based on VMwarer technology in universities is expounded.
Authored by Kai Ye
Network Security Architecture - In view of the current network security architecture of power grid enterprises does not adapt to new regulatory regulations, does not adapt to the development trend of digitalization, and the new technology of network security is not covered, this paper designs a set of network security architecture containing element views, capability views and measures views on the basis of the IPDRR network security architecture model, combined with the requirements of power grid enterprises for network security architecture, which covers the network security requirements of "collection, transmission, storage, application" and information system life cycle at the level of information system architecture. Meet new regulations and provide leadership with an understanding of the security posture of the enterprise, improving the organization s ability to defend against attacks.
Authored by Jinqiang Fan, Yonggang Xu, Jing Ma
Network Reconnaissance - Through communication reconnaissance, the code stream of mobile communication cell users is obtained, and the code stream of single user are separated from the mixed code stream, which is vital for the behavior analysis and intelligent management of mobile terminals. In this process, the Cell Radio Network Temporary Identifier (C-RNTD is a specific sign of the user terminal, and is also the key to identify and separate different users code stream. However, there are few related studies on CRNTI and acquisition of code stream. To overcome the problem, the combining method about comprehensive searching of the 4th Generation Mobile Communication Technology (4G) Physical Downlink Control Channel (PDCCH), and interception of Sth Generation Mobile Communication Technology (5G) Physical Random Access Channel (PRACH) is proposed, to obtain the users C-RNTI effectively. According to the corresponding downlink control information (DCI), Physical Downlink Shared Channel (PDSCH) are correctly demodulated, descrambled and decoded to obtain the code stream within it. Finally, the communication reconnaissance receiver is used to carry out a real reconnaissance experiment on the actual 4G/5G\_ mobile communication system. The results, i.e. the obtained C-RNTI and code stream verify the correctness and efficiency of the proposed method. It lays an important technical foundation for the accurate identification and management of mobile communication user terminals.
Authored by Junhao Chen, Rong Shi, Ke Deng
Network Reconnaissance - With increasing number of data thefts courtesy of new and complex attack mechanisms being used everyday, declaring the internet as unsafe would be the understatement of the century. For current security experts the scenario is equivalent to an endless cat-and-mouse game across a constantly changing landscape. Hence relying on firewalls and anti-virus softwares is like trying to fight a modern, well-equipped army using sticks and stones. All that an attacker needs to successfully breach our system is the right social networking or the right malware used like a packing or encoding technique that our tools won’t detect. Therefore it is the need of the hour to shift our focus beyond edge defense, which largely involves validating the tools, and move towards identification of a breach followed by an appropriate response. This is achieved by implementing an ethereal network which is an end-to-end host and network approach that can actually scale as well as provide true breach detection. The objective is not just blocking; it is significant time reduction. When mundane methods involving firewalls and antiviruses fail, we need to determine what happened and respond. Any industry report uses the term weeks, months, and even years to determine the time of response, which is not good enough. Our goal is to bring it down to hours. We are talking about dramatic time reduction to improve our response, hence an effective breach detection approach is mandatory. A MHN (Modern Honey Network) with a honeypot system has been used to make management and deployment easier and to secure the honeypots. We have used various honeypots such as Glastopf, Dionaea honeypots, Kippo. The dubious activity will be recorded and the attacks details detected in MHN server. The final part of our research is reconnaissance. Since it can be awfully complicated we simplify the process by having our main focus on reconnaissance. Because if a malware or an insider threat breaks into something, they don’t know what they now have access to. This makes them feel the need to do reconnaissance. So, focusing on that behaviour provides us a simple way to determine that we have some unusual activity - whether it is an IOT device that has been compromised or whatever it may be, that has breached our network. Finally we deploy MHN, deploy Dionaea, Kippo, Snort honeypots and Splunk integration for analyzing the captured attacks which reveals the service port under attack and the source IP address of the attacker.
Authored by Sourav Mishra, Vijay Chaurasiya
Network Reconnaissance - Multi-UAV cooperative reconnaissance for target search, localization, and tracking has attracted much attention in both civil and military applications, where strategies need to be designed for UAVs to finish the reconnaissance task cooperatively and in the time optimal manner. Different from the state-of-theart of recent research where all the UAVs involved are equipped with homogeneous payloads, this work exploits payload diversity to enhance the time efficiency of the cooperation and proposes a fast multi-UAV cooperative reconnaissance (FMUCR) method. FMUCR groups UAVs in pairs. In each pair, one UAV is equipped with a passive positioning radar, referred to as p-UAV, while another is equipped with an active positioning radar, referred to as a-UAV. FMUCR exploits the large detection range and rough target location detection of passive radar to enable fast search and directional tracking of a target, while the precise target position calculation of active radar to enable accurate tracking of a target. Specifically, the task area is partitioned into subareas according to the number of UAV pairs. Each UAV pair conducts target search, localization, and tracking in one subarea, where the p-UAV leads searching and preliminary tracking of targets, while accurate tracking of targets are taken over by the a-UAV. Algorithms for off-line path planning and on-line path planning are designed, respectively, for target search and target tracking. The comparative simulation demonstrates that, FMUCR can greatly shorten the target discovery time with little loss in target tracking accuracy.
Authored by Yinghong Ma, Xunan Li, Yi Jiao, Lin Guo, Suping Ren, Qi Zhang
Network Reconnaissance - Web applications are frequent targets of attack due to their widespread use and round the clock availability. Malicious users can exploit vulnerabilities in web applications to steal sensitive information, modify and destroy data as well as deface web applications. The process of exploiting web applications is a multi-step process and the first step in an attack is reconnaissance, in which the attacker tries to gather information about the target web application. In this step, the attacker uses highly efficient automated scanning tools to scan web applications. Following reconnaissance, the attacker proceeds to vulnerability scanning and subsequently attempts to exploit the vulnerabilities discovered to compromise the web application. Detection of reconnaissance scans by malicious users can be combined with other traditional intrusion detection and prevention systems to improve the security of web applications. In this paper, a method for detecting reconnaissance scans through analysis of web server access logs is proposed. The proposed approach uses an LSTM network based deep learning approach for detecting reconnaissance scans. Experiments conducted show that the proposed approach achieves a mean precision, recall and f1-score of 0.99 over three data sets and precision, recall and f1-score of 0.97, 0.96 and 0.96 over the combined dataset.
Authored by Bronjon Gogoi, Rahul Deka, Suchitra Pyarelal
Network Reconnaissance - Reconnaissance (Recon) is an essential step in exploring an area to steal information gathering, and it also plays a crucial role in penetration testing. This paper aims to automate the reconnaissance process of bug hunting on a target using python programming. Information gathering is an essential step for any recon process, and it helps us to identify the targets as well as helps us to list out the areas where the user can work to exploit them. The main emphasis of this paper is on bug bounty and bug hunting – the former being the result/reward of performing the latter. This paper is purposely written for penetration testers to make it easy for them and automate the process of Information gathering, which is the very crucial phase of Penetration testing.
Authored by Keshav Kaushik, Suman Yadav, Vikas Chauhan, Aditya Rana
Network Reconnaissance - Footprinting and Reconnaissance is a vital part of every process that has existed existing on earth. The report introduces footprinting and reconnaissance, the types of footprinting and reconnaissance methods, their impacts, and ways to prevent the risks to raise awareness for possible threats from footprinting and reconnaissance. Comparison has been made between the different types of footprinting and reconnaissance and discussions on scenarios that should be used is being made as well. Examples of different types of footprinting and reconnaissance methods and tools have been listed for better understandings of the difference in types. Real-life scenarios and examples are being provided to show the impacts of footprinting and reconnaissance. The report contains demonstrations of two simple passive reconnaissance tools, theHarvester and Wayback Machine. Discussions and analysis of how the tools could be used to gain precious information from their targets and the possible impacts from information gained through the tools are being made. Possible solutions to protect the users from footprinting and reconnaissance have been provided and discussed. Critical analysis of the report and the topic by the author is being made right by the end of the conclusion. Conclusion of how the author has thought about footprinting and reconnaissance and information through researching about the topic had been mentioned in the end.
Authored by Kek Lianq, Vinesha Selvarajah
Network Reconnaissance - For the evaluation of UAV reconnaissance effectiveness under multiple conditions, an UAV reconnaissance effectiveness evaluation method based on rough set and neural network is proposed. In the method, the influencing factors are determined to construct the UAV reconnaissance effectiveness index system, then the redundant factors are removed combined with rough set theory, finally on the basis of the simplified factors BP neural network optimized through genetic algorithm is used to build an evaluation model of UAV reconnaissance effectiveness for improving the prediction accuracy. The simulation result shows that the method can not only overcome the shortcomings of the traditional BP neural network, such as poor fault tolerance and slow convergence speed, but also better evaluate the UAV reconnaissance effectiveness.
Authored by Wang Minghua, Zhang Yingzhuo, Zhang Longgang, Gan Xusheng
Network Reconnaissance - Network reconnaissance is a core security functionality, which can be used to detect hidden unauthorized devices or to identify missing devices. Currently, there is a lack of network reconnaissance tools capable of discovering Internet of Things (IoT) devices across multiple protocols. To bridge this gap, we introduce IoT-Scan, an extensible IoT network reconnaissance tool. IoT-Scan is based on softwaredefined radio (SDR) technology, which allows for a flexible implementation of radio protocols. We propose passive, active, multi-channel, and multi-protocol scanning algorithms to speed up the discovery of devices with IoT-Scan. We implement the scanning algorithms and compare their performance with four popular IoT protocols: Zigbee, Bluetooth LE, Z-Wave, and LoRa. Through experiments with dozens of IoT devices, we demonstrate that our implementation experiences minimal packet losses, and achieves performance near a theoretical benchmark.
Authored by Stefan Gvozdenovic, Johannes Becker, John Mikulskis, David Starobinski
Network Reconnaissance - Short-wave band signal density, complex electromagn-etic environment and relatively limited detection equipment often lead to low detection efficiency. Aiming at this situation, a scheduling method of short-wave detection equipment based on Hopfield neural network is proposed to carry out cooperative detection of short-wave signals. In this paper, the definition of effective detection probability is given, the constraints of effective detection are sorted out, and the mathematical model of detection equipment scheduling is designed, which is realized by Hopfield neural network. This method uses the global optimization technology to schedule multiple detection sensors, so that different detection sensors can cooperate reasonably and maximize the overall benefit of detection system. Simulation results show the feasibility and effectiveness of the proposed method.
Authored by Hang Zhang, Yang Liu, Fei Wen
Network Reconnaissance - In the battlefield reconnaissance and monitoring environment, the application of Wireless Sensor Network (WSN) requires high timeliness and reliability of data transmission. To meet the battlefield demand, a transmission protocol is designed in this paper. This protocol combines network coding technology to fully play the function of node collaboration in the transmission process and use the channel broadcast characteristics. The data is transmitted in real-time and reliably through the aggregation node to the command control center, providing a real-time update database for the battlefield commander. Through theoretical and simulation analysis, this protocol can meet the requirements of the battlefield reconnaissance and monitoring environmental log, and the system can still maintain better network performance in the condition of low probability of transmission of battlefield environment.
Authored by Gang Qi, Wei Xia, Ronggen Zhao, Jiangbo Zhao
Network Control Systems Security - This study focuses on the stability issue of network control systems (NCSs) under possible hybrid attacks (HAs), which has important research value in network security. Firstly, the HAs method of deception cyber attacks (CAs) and random CAs are studied, which broadly consider the complexity of the types of attacks. Secondly, a novel time-delay-product boundary looped function (BLF) is developed, fully considering the delay and sampling information. In addition, the initial constraints of the criterion on the matrices are effectively relaxed. Then, a new dynamic memory sample data (DMSD) controller under HAs is constructed to control the asymptotical stable (AS) of NCSs. Finally, a numerical experiment is presented to verify the correctness and feasibility of the theory.
Authored by Xiao Cai, Kun She, PooGyeon Park, Kaibo Shi, Yeng Soh
Network Control Systems Security - The huge advantages of cloud computing technology and the bottlenecks in the development of traditional network control systems have prompted the birth of cloud control systems to address the shortcomings of traditional network control systems in terms of bandwidth and performance. However, the information security issues faced by cloud control systems are more complex, and distributed denial-of-service (DDoS) attacks are a typical class of attacks that may lead to problems such as latency in cloud control systems and seriously affect the performance of cloud control systems. In this paper, we build a single-capacity water tank cloud control semi-physical simulation system with heterogeneous controllers and propose a DDoS attack detection method for cloud control systems based on bidirectional long short-term memory neural network (BiLSTM), study the impact of DDoS attacks on cloud control systems. The experimental results show that the BiLSTM algorithm can effectively detect the DDoS attack on the cloud control system.
Authored by Shengliang Xu, Song Zheng
Network Control Systems Security - Machine tool is known as the mother of industry. CNC machine tool is the embodiment of modern automatic control productivity. In the context of the rapid development of the industrial Internet, a large number of equipment and systems are interconnected through the industrial Internet, realizing the flexible adaptation from the supply side to the demand side. As the a typical core system of industrial Internet, CNC system is facing the threat of industrial virus and network attack. The problem of information security is becoming more and more prominent. This paper analyzes the security risks of the existing CNC system from the aspects of terminal security, data security and network security. By comprehensively using the technologies of data encryption, identity authentication, digital signature, access control, secure communication and key management, this paper puts forward a targeted security protection and management scheme, which effectively strengthens the overall security protection ability.
Authored by Xuehong Chen, Zi Wang, Shuaifeng Yang
Network Control Systems Security - This paper is concerned with the observer-based control design for a continuous linear networked control systems under denial of service attacks. In order to save network communication resources, a new flexible event-triggered control strategy is designed on the premise that denial of service attacks are power-limited pulse width modulation interference. Considering this influence of denial of service attacks on event-triggered state, the maximum system performance lost is calculated. The sufficient conditions of system stability are derived by using the Lyapunov functional method. The constructive design of the controller is expressed in terms of linear matrix inequalities. Finally, the theoretical results are verified by a simulation example.
Authored by Jiajia Hu, Feng Zhou, Yi Zhang
Network Control Systems Security - With the rapid development of mobile communication technology and broadband wireless access technology, various wireless communication technologies emerge in an endless stream. Different technologies differ in network performance indicators and service features. Therefore, a single communication technology cannot be applied to various complex application scenarios. This paper mainly studies the design of security monitoring and management system of heterogeneous ATC network based on association algorithm. This paper designs and implements a security monitoring management system for network security perception. Based on the above research results and according to the data characteristics and scene requirements of the air traffic control system, the data organization method and monitoring management technology oriented to network security perception are combined with the air traffic control system to carry out the ground application and reverse verification of the feasibility of the scheme.
Authored by Chongxiao Yao, Xiangxi Wen
Network Control Systems Security - With the development of computer and network technology, industrial control systems are connecting with the Internet and other public networks in various ways, viruses, trojans and other threats are spreading to industrial control systems, industrial control system information security issues are becoming increasingly prominent. Under this background, it is necessary to construct the network security evaluation model of industrial control system based on the safety evaluation criteria and methods, and complete the safety evaluation of the industrial control system network according to the design scheme. Based on back propagation (BP) neural network’s evaluation of the network security status of industrial control system, this paper determines the number of neurons in BP neural network input layer, hidden layer and output layer by analyzing the actual demand, empirical equation calculation and experimental comparison, and designs the network security evaluation index system of industrial control system according to factors affecting industrial control safety, and constructs a safety rating table. Finally, by comparing the performance of BP neural network and multilinear regression to the evaluation of the network security status of industrial control system through experimental simulation, it can be found that BP neural network has higher accuracy for the evaluation of network security status of industrial control system.
Authored by Daojuan Zhang, Peng Zhang, Wenhui Wang, Minghui Jin, Fei Xiao
Network Control Systems Security - Plaintext transmission is the major way of communication in the existing security and stability control (SSC) system of power grid. Such type of communication is easy to be invaded, camouflaged and hijacked by a third party, leading to a serious threat to the safe and stable operation of power system. Focusing on the communication security in SSC system, the authors use asymmetric encryption algorithm to encrypt communication messages, to generate random numbers through random noise of electrical quantities, and then use them to generate key pairs needed for encryption, at the same time put forward a set of key management mechanism for engineering application. In addition, the field engineering test is performed to verify that the proposed encryption method and management mechanism can effectively improve the communication in SSC system while ensuring the high-speed and reliable communication.
Authored by Xinghua Chen, Lixian Huang, Dan Zheng, Jinchang Chen, Xinchao Li
Network Control Systems Security - The analysis shows how important Power Network Measuring and Characterization (PSMC) is to the plan. Networks planning and oversight for the transmission of electrical energy is becoming increasingly frequent. In reaction to the current contest of assimilating trying to cut charging in the crate, estimation, information sharing, but rather govern into PSMC reasonable quantities, Electrical Transmit Monitoring and Management provides a thorough outline of founding principles together with smart sensors for domestic spying, security precautions, and control of developed broadening power systems.
Authored by Dharam Buddhi, Prabhu A, Abdulsattar Hamad, Atul Sarojwal, Joel Alanya-Beltran, Kalyan Chakravarthi