A Canonical Implementation Of The Advanced Encryption Standard On The Graphics Processing Unit
- Pilkington, Nick, Irwin, Barry V W
- Authors: Pilkington, Nick , Irwin, Barry V W
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430007 , vital:72659 , https://digifors.cs.up.ac.za/issa/2008/Proceedings/Research/47.pdf
- Description: This paper will present an implementation of the Advanced Encryption Standard (AES) on the graphics processing unit (GPU). It investigates the ease of implementation from first principles and the difficulties encountered. It also presents a performance analysis to evaluate if the GPU is a viable option for a cryptographics platform. The AES implementation is found to yield orders of maginitude increased performance when compared to CPU based implementations. Although the implementation introduces complica-tions, these are quickly becoming mitigated by the growing accessibility pro-vided by general programming on graphics processing units (GPGPU) frameworks like NVIDIA’s Compute Uniform Device Architechture (CUDA) and AMD/ATI’s Close to Metal (CTM).
- Full Text:
- Date Issued: 2008
- Authors: Pilkington, Nick , Irwin, Barry V W
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430007 , vital:72659 , https://digifors.cs.up.ac.za/issa/2008/Proceedings/Research/47.pdf
- Description: This paper will present an implementation of the Advanced Encryption Standard (AES) on the graphics processing unit (GPU). It investigates the ease of implementation from first principles and the difficulties encountered. It also presents a performance analysis to evaluate if the GPU is a viable option for a cryptographics platform. The AES implementation is found to yield orders of maginitude increased performance when compared to CPU based implementations. Although the implementation introduces complica-tions, these are quickly becoming mitigated by the growing accessibility pro-vided by general programming on graphics processing units (GPGPU) frameworks like NVIDIA’s Compute Uniform Device Architechture (CUDA) and AMD/ATI’s Close to Metal (CTM).
- Full Text:
- Date Issued: 2008
An Analysis of Network Scanning Traffic as it relates to Scan-Detection in Network Intrusion Detection Systems
- Barnett, Richard J, Irwin, Barry V W
- Authors: Barnett, Richard J , Irwin, Barry V W
- Date: 2008
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428156 , vital:72490 , https://www.researchgate.net/profile/Barry-Ir-win/publication/326225058_An_Analysis_of_Network_Scanning_Traffic_as_it_relates_to_Scan-Detec-tion_in_Network_Intrusion_Detection_Systems/links/5b3f21eaa6fdcc8506ffe659/An-Analysis-of-Network-Scanning-Traffic-as-it-relates-to-Scan-Detection-in-Network-Intrusion-Detection-Systems.pdf
- Description: Network Intrusion Detection is, in a modern network, a useful tool to de-tect a wide variety of malicious traffic. The ever present prevalence of scanning activity on the Internet is fair justification to warrant scan de-tection as a component of network intrusion detection. Whilst current systems are able to perform scan-detection, the methods they use are often flawed and exhibit an inability to detect scans in an efficient and scalable manner. Existing research by van Riel and Irwin has illustrated a number of flaws present in the open source systems Snort and Bro. This paper builds on this by describing current research at Rhodes Uni-versity in which these flaws are being addressed. In particular, this re-search will address the flaws in the scan-detection engines in Snort and Bro by developing new plug-ins for these systems which take into con-sideration the improvements which are identified over the course of the research.
- Full Text:
- Date Issued: 2008
- Authors: Barnett, Richard J , Irwin, Barry V W
- Date: 2008
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428156 , vital:72490 , https://www.researchgate.net/profile/Barry-Ir-win/publication/326225058_An_Analysis_of_Network_Scanning_Traffic_as_it_relates_to_Scan-Detec-tion_in_Network_Intrusion_Detection_Systems/links/5b3f21eaa6fdcc8506ffe659/An-Analysis-of-Network-Scanning-Traffic-as-it-relates-to-Scan-Detection-in-Network-Intrusion-Detection-Systems.pdf
- Description: Network Intrusion Detection is, in a modern network, a useful tool to de-tect a wide variety of malicious traffic. The ever present prevalence of scanning activity on the Internet is fair justification to warrant scan de-tection as a component of network intrusion detection. Whilst current systems are able to perform scan-detection, the methods they use are often flawed and exhibit an inability to detect scans in an efficient and scalable manner. Existing research by van Riel and Irwin has illustrated a number of flaws present in the open source systems Snort and Bro. This paper builds on this by describing current research at Rhodes Uni-versity in which these flaws are being addressed. In particular, this re-search will address the flaws in the scan-detection engines in Snort and Bro by developing new plug-ins for these systems which take into con-sideration the improvements which are identified over the course of the research.
- Full Text:
- Date Issued: 2008
An Evaluation Of Scan-Detection Algorithms In Network Intrusion Detection Systems
- Barnett, Richard J, Irwin, Barry V W
- Authors: Barnett, Richard J , Irwin, Barry V W
- Date: 2008
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428701 , vital:72530 , https://digifors.cs.up.ac.za/issa/2008/Proceedings/Research/29.pdf
- Description: Network Intrusion Detection Systems are becoming more prevalent as devices to protect a network. However, the methods they use for some forms of detection are flawed. This paper builds upon existing research by van Riel and Irwin which illustrated these flaws in Snort and Bro's scan-detection engines. Indeed, it has been ascertained that a number of different scanning techniques are not identified by either Snort or Bro. This paper highlights current research into the improvement of these scan detection algorithms and presents insight into how this re-search is being conducted at Rhodes University. This research will im-prove on the scan detection engines in Snort and Bro, permitting them to be used in a production environment without fear of succumbing to the false negative problem which currently exists.
- Full Text:
- Date Issued: 2008
- Authors: Barnett, Richard J , Irwin, Barry V W
- Date: 2008
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428701 , vital:72530 , https://digifors.cs.up.ac.za/issa/2008/Proceedings/Research/29.pdf
- Description: Network Intrusion Detection Systems are becoming more prevalent as devices to protect a network. However, the methods they use for some forms of detection are flawed. This paper builds upon existing research by van Riel and Irwin which illustrated these flaws in Snort and Bro's scan-detection engines. Indeed, it has been ascertained that a number of different scanning techniques are not identified by either Snort or Bro. This paper highlights current research into the improvement of these scan detection algorithms and presents insight into how this re-search is being conducted at Rhodes University. This research will im-prove on the scan detection engines in Snort and Bro, permitting them to be used in a production environment without fear of succumbing to the false negative problem which currently exists.
- Full Text:
- Date Issued: 2008
An Investigation into the Performance of General Sorting on Graphics Processing Units
- Pilkington, Nick, Irwin, Barry V W
- Authors: Pilkington, Nick , Irwin, Barry V W
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429881 , vital:72648 , https://doi.org/10.1007/978-1-4020-8741-7_65
- Description: Sorting is a fundamental operation in computing and there is a constant need to push the boundaries of performance with different sorting algo-rithms. With the advent of the programmable graphics pipeline, the par-allel nature of graphics processing units has been exposed allowing programmers to take advantage of it. By transforming the way that data is represented and operated on parallel sorting algorithms can be im-plemented on graphics processing units where previously only graphics processing could be performed. This paradigm of programming exhibits potentially large speedups for algorithms.
- Full Text:
- Date Issued: 2008
- Authors: Pilkington, Nick , Irwin, Barry V W
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429881 , vital:72648 , https://doi.org/10.1007/978-1-4020-8741-7_65
- Description: Sorting is a fundamental operation in computing and there is a constant need to push the boundaries of performance with different sorting algo-rithms. With the advent of the programmable graphics pipeline, the par-allel nature of graphics processing units has been exposed allowing programmers to take advantage of it. By transforming the way that data is represented and operated on parallel sorting algorithms can be im-plemented on graphics processing units where previously only graphics processing could be performed. This paradigm of programming exhibits potentially large speedups for algorithms.
- Full Text:
- Date Issued: 2008
Guidelines for Constructing Robust Discrete-Time Computer Network Simulations
- Richter, John, Irwin, Barry V W
- Authors: Richter, John , Irwin, Barry V W
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429896 , vital:72649 , https://doi.org/10.1007/978-1-4020-8737-0_69
- Description: Developing network simulations is a complex task that is often per-formed in research and testing. The components required to build a network simulator are common to many solutions. In order to expedite further simulation development, these components have been outlined and detailed in this paper. The process for generating and using these components is then detailed, and an example of a simulator that has been implemented using this system, is detailed
- Full Text:
- Date Issued: 2008
- Authors: Richter, John , Irwin, Barry V W
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429896 , vital:72649 , https://doi.org/10.1007/978-1-4020-8737-0_69
- Description: Developing network simulations is a complex task that is often per-formed in research and testing. The components required to build a network simulator are common to many solutions. In order to expedite further simulation development, these components have been outlined and detailed in this paper. The process for generating and using these components is then detailed, and an example of a simulator that has been implemented using this system, is detailed
- Full Text:
- Date Issued: 2008
High level internet scale traffic visualization using hilbert curve mapping
- Irwin, Barry V W, Pilkington, Nick
- Authors: Irwin, Barry V W , Pilkington, Nick
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429911 , vital:72650 , https://doi.org/10.1007/978-3-540-78243-8_10
- Description: A high level analysis tool was developed for aiding in the analysis of large volumes of network telescope traffic, and in particular the comparisons of data col-lected from multiple telescope sources. Providing a visual means for the evaluation of worm propagation algorithms has also been achieved. By using a Hilbert curve as a means of ordering points within the visual-ization space, the concept of nearness between nu-merically sequential network blocks was preserved. The design premise and initial results obtained using the tool developed are discussed, and a number of fu-ture extensions proposed.
- Full Text:
- Date Issued: 2008
- Authors: Irwin, Barry V W , Pilkington, Nick
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429911 , vital:72650 , https://doi.org/10.1007/978-3-540-78243-8_10
- Description: A high level analysis tool was developed for aiding in the analysis of large volumes of network telescope traffic, and in particular the comparisons of data col-lected from multiple telescope sources. Providing a visual means for the evaluation of worm propagation algorithms has also been achieved. By using a Hilbert curve as a means of ordering points within the visual-ization space, the concept of nearness between nu-merically sequential network blocks was preserved. The design premise and initial results obtained using the tool developed are discussed, and a number of fu-ture extensions proposed.
- Full Text:
- Date Issued: 2008
Location and mapping of 2.4 GHz RF transmitters
- Wells, David D, Siebörger, Ingrid G, Irwin, Barry V W
- Authors: Wells, David D , Siebörger, Ingrid G , Irwin, Barry V W
- Date: 2008
- Language: English
- Type: Conference paper
- Identifier: vital:6604 , http://hdl.handle.net/10962/d1009324
- Description: This paper describes the use of a MetaGeek WiSpy dongle in conjunction with custom developed client-server software for the accurate identication of Wireless nodes within an organisation. The MetaGeek WiSpy dongle together with the custom developed software allow for the determination of the positions of Wi-Fi transceivers to within a few meters, which can be helpful in reducing the area for physical searches in the event of rogue units. This paper describes the tool and methodology for a site survey as a component that can be used in organisations wishing to audit their environments for wireless networks. The tool produced from this project, the WiSpy Signal Source Mapping Tool, is a three part application based on a client-server architecture. One part interfaces with a low cost 2.4 GHz spectrum analyser, another stores the data collected from all the spectrum analysers and the last part interprets the data to provide a graphical overview of the Wi-Fi network being analysed. The location of the spectrum analysers are entered as GPS points, and the tool can interface with a GPS device to automatically update its geographical location. The graphical representation of the 2.4 GHz spectrum populated with Wi-Fi devices (Wi-Fi network) provided a fairly accurate method in locating and tracking 2.4 GHz devices. Accuracy of the WiSpy Signal Source Mapping Tool is hindered by obstructions or interferences within the area or non line of sight.
- Full Text:
- Date Issued: 2008
- Authors: Wells, David D , Siebörger, Ingrid G , Irwin, Barry V W
- Date: 2008
- Language: English
- Type: Conference paper
- Identifier: vital:6604 , http://hdl.handle.net/10962/d1009324
- Description: This paper describes the use of a MetaGeek WiSpy dongle in conjunction with custom developed client-server software for the accurate identication of Wireless nodes within an organisation. The MetaGeek WiSpy dongle together with the custom developed software allow for the determination of the positions of Wi-Fi transceivers to within a few meters, which can be helpful in reducing the area for physical searches in the event of rogue units. This paper describes the tool and methodology for a site survey as a component that can be used in organisations wishing to audit their environments for wireless networks. The tool produced from this project, the WiSpy Signal Source Mapping Tool, is a three part application based on a client-server architecture. One part interfaces with a low cost 2.4 GHz spectrum analyser, another stores the data collected from all the spectrum analysers and the last part interprets the data to provide a graphical overview of the Wi-Fi network being analysed. The location of the spectrum analysers are entered as GPS points, and the tool can interface with a GPS device to automatically update its geographical location. The graphical representation of the 2.4 GHz spectrum populated with Wi-Fi devices (Wi-Fi network) provided a fairly accurate method in locating and tracking 2.4 GHz devices. Accuracy of the WiSpy Signal Source Mapping Tool is hindered by obstructions or interferences within the area or non line of sight.
- Full Text:
- Date Issued: 2008
Mapping the location of 2.4 GHz transmitters to achieve optimal usage of an IEEE 802.11 network
- Wells, David D, Siebörger, Ingrid G, Irwin, Barry V W
- Authors: Wells, David D , Siebörger, Ingrid G , Irwin, Barry V W
- Date: 2008
- Language: English
- Type: Conference paper
- Identifier: vital:6605 , http://hdl.handle.net/10962/d1009325
- Description: This paper describes the use of a low cost 2.4 GHz spectrum analyser, the MetaGeek WiSpy device, in conjunction with custom developed client-server software for the accurate identification of 2.4 GHz transmitters within a given area. The WiSpy dongle together with the custom developed software allow for determination of the positions of Wi-Fi transmitters to within a few meters, which can be helpful in reducing the work load for physical searches in the process of surveying the Wi-Fi network and geographical area. This paper describes the tool and methodology for a site survey as a component that can be used in organisations wishing to audit their environments for Wi-Fi networks. The tool produced from this project, the WiSpy Signal Source Mapping Tool, is a three part application based on a client-server architecture. One part interfaces with a low cost 2.4 GHz spectrum analyser, another stores the data collected from all the spectrum analysers and the third part interprets the data to provide a graphical overview of the Wi-Fi network being analysed. The location of the spectrum analysers are entered as GPS points, and the tool can interface with a GPS device to automatically update its geographical location. The graphical representation of the 2.4 GHz spectrum populated with Wi-Fi devices (Wi-Fi network) provided a fairly accurate method in locating and tracking 2.4 GHz devices. Accuracy of the WiSpy Signal Source Mapping Tool is hindered by obstructions, interferences within the area or non line of sight.
- Full Text:
- Date Issued: 2008
- Authors: Wells, David D , Siebörger, Ingrid G , Irwin, Barry V W
- Date: 2008
- Language: English
- Type: Conference paper
- Identifier: vital:6605 , http://hdl.handle.net/10962/d1009325
- Description: This paper describes the use of a low cost 2.4 GHz spectrum analyser, the MetaGeek WiSpy device, in conjunction with custom developed client-server software for the accurate identification of 2.4 GHz transmitters within a given area. The WiSpy dongle together with the custom developed software allow for determination of the positions of Wi-Fi transmitters to within a few meters, which can be helpful in reducing the work load for physical searches in the process of surveying the Wi-Fi network and geographical area. This paper describes the tool and methodology for a site survey as a component that can be used in organisations wishing to audit their environments for Wi-Fi networks. The tool produced from this project, the WiSpy Signal Source Mapping Tool, is a three part application based on a client-server architecture. One part interfaces with a low cost 2.4 GHz spectrum analyser, another stores the data collected from all the spectrum analysers and the third part interprets the data to provide a graphical overview of the Wi-Fi network being analysed. The location of the spectrum analysers are entered as GPS points, and the tool can interface with a GPS device to automatically update its geographical location. The graphical representation of the 2.4 GHz spectrum populated with Wi-Fi devices (Wi-Fi network) provided a fairly accurate method in locating and tracking 2.4 GHz devices. Accuracy of the WiSpy Signal Source Mapping Tool is hindered by obstructions, interferences within the area or non line of sight.
- Full Text:
- Date Issued: 2008
Spam Construction Trends
- Irwin, Barry V W, Friedman, Blake
- Authors: Irwin, Barry V W , Friedman, Blake
- Date: 2008
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428762 , vital:72534 , https://www.researchgate.net/profile/Barry-Ir-win/publication/220803159_Spam_Construction_Trends/links/53fc76bd0cf2dca8ffff22fb/Spam-Construction-Trends.pdf
- Description: This paper replicates and extends Observed Trends in Spam Construction Tech-niques: A Case Study of Spam Evolution. A corpus of 169,274 spam email was col-lected over a period of five years. Each spam email was tested for construction techniques using SpamAssassin’s spamicity tests. The results of these tests were col-lected in a database. Formal definitions of Pu and Webb’s co-existence, extinction and complex trends were developed and applied to the results within the database. A comparison of the Spam Evolution Study and this paper’s results took place to de-termine the relevance of the trends. A geolocation analysis was conducted on the corpus, as an extension, to determine the major geographic sources of the corpus.
- Full Text:
- Date Issued: 2008
- Authors: Irwin, Barry V W , Friedman, Blake
- Date: 2008
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428762 , vital:72534 , https://www.researchgate.net/profile/Barry-Ir-win/publication/220803159_Spam_Construction_Trends/links/53fc76bd0cf2dca8ffff22fb/Spam-Construction-Trends.pdf
- Description: This paper replicates and extends Observed Trends in Spam Construction Tech-niques: A Case Study of Spam Evolution. A corpus of 169,274 spam email was col-lected over a period of five years. Each spam email was tested for construction techniques using SpamAssassin’s spamicity tests. The results of these tests were col-lected in a database. Formal definitions of Pu and Webb’s co-existence, extinction and complex trends were developed and applied to the results within the database. A comparison of the Spam Evolution Study and this paper’s results took place to de-termine the relevance of the trends. A geolocation analysis was conducted on the corpus, as an extension, to determine the major geographic sources of the corpus.
- Full Text:
- Date Issued: 2008
Towards a taxonomy of network scanning techniques
- Barnett, Richard J, Irwin, Barry V W
- Authors: Barnett, Richard J , Irwin, Barry V W
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430310 , vital:72682 , https://doi.org/10.1145/1456659.1456660
- Description: Network scanning is a common reconnaissance activity in network in-trusion. Despite this, it's classification remains vague and detection sys-tems in current Network Intrusion Detection Systems are incapable of detecting many forms of scanning traffic. This paper presents a classi-fication of network scanning and illustrates how complex and varied this activity is. The presented classification extends previous, well known, definitions of scanning traffic in a manner which reflects this complexity.
- Full Text:
- Date Issued: 2008
- Authors: Barnett, Richard J , Irwin, Barry V W
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430310 , vital:72682 , https://doi.org/10.1145/1456659.1456660
- Description: Network scanning is a common reconnaissance activity in network in-trusion. Despite this, it's classification remains vague and detection sys-tems in current Network Intrusion Detection Systems are incapable of detecting many forms of scanning traffic. This paper presents a classi-fication of network scanning and illustrates how complex and varied this activity is. The presented classification extends previous, well known, definitions of scanning traffic in a manner which reflects this complexity.
- Full Text:
- Date Issued: 2008
Using inetvis to evaluate snort and bro scan detection on a network telescope
- Irwin, Barry V W, van Riel, J P
- Authors: Irwin, Barry V W , van Riel, J P
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429981 , vital:72656 , https://doi.org/10.1007/978-3-540-78243-8_17
- Description: This paper presents an investigative analysis of net-work scans and scan detection algorithms. Visualisa-tion is employed to review network telescope traffic and identify incidents of scan activity. Some of the identified phenomena appear to be novel forms of host discovery. Scan detection algorithms used by the Snort and Bro intrusion detection systems are cri-tiqued by comparing the visualised scans with alert output. Where human assessment disagrees with the alert output, explanations are sought by analysing the detection algorithms. The Snort and Bro algorithms are based on counting unique connection attempts to destination addresses and ports. For Snort, notable false positive and false negative cases result due to a grossly oversimplified method of counting unique destination addresses and ports.
- Full Text:
- Date Issued: 2008
- Authors: Irwin, Barry V W , van Riel, J P
- Date: 2008
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429981 , vital:72656 , https://doi.org/10.1007/978-3-540-78243-8_17
- Description: This paper presents an investigative analysis of net-work scans and scan detection algorithms. Visualisa-tion is employed to review network telescope traffic and identify incidents of scan activity. Some of the identified phenomena appear to be novel forms of host discovery. Scan detection algorithms used by the Snort and Bro intrusion detection systems are cri-tiqued by comparing the visualised scans with alert output. Where human assessment disagrees with the alert output, explanations are sought by analysing the detection algorithms. The Snort and Bro algorithms are based on counting unique connection attempts to destination addresses and ports. For Snort, notable false positive and false negative cases result due to a grossly oversimplified method of counting unique destination addresses and ports.
- Full Text:
- Date Issued: 2008
- «
- ‹
- 1
- ›
- »