Developing a Multi Platform Countermeasure to Ensure a Secure Home
- Frieslaar, Ibraheem, Irwin, Barry V W
- Authors: Frieslaar, Ibraheem , Irwin, Barry V W
- Date: 2016
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427772 , vital:72461 , https://www.researchgate.net/profile/Ibraheem-Fries-laar/publication/312219190_Developing_a_Multi_Platform_Countermeasure_to_Ensure_a_Secure_Home/links/587747d508ae8fce492fb5e2/Developing-a-Multi-Platform-Countermeasure-to-Ensure-a-Secure-Home.pdf
- Description: This research proposes an investigation into the side channel analysis attacks against the AES algorithm on high powered devices. Currently the research field into this aspect is fairly new and there is room for more information to be discovered. This research proposes using a Raspberry Pi in conjunction with a Software Defined Radio to capture electromagnetic emanations in the low and high frequency domains. Two well-known side channel attacks will be used to recover the secret information based on the electromagnetic emanations. Furthermore, this research proposes investigating into a possible software countermeasure by using the high-powered devices features such as multi-threading.
- Full Text:
- Date Issued: 2016
- Authors: Frieslaar, Ibraheem , Irwin, Barry V W
- Date: 2016
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427772 , vital:72461 , https://www.researchgate.net/profile/Ibraheem-Fries-laar/publication/312219190_Developing_a_Multi_Platform_Countermeasure_to_Ensure_a_Secure_Home/links/587747d508ae8fce492fb5e2/Developing-a-Multi-Platform-Countermeasure-to-Ensure-a-Secure-Home.pdf
- Description: This research proposes an investigation into the side channel analysis attacks against the AES algorithm on high powered devices. Currently the research field into this aspect is fairly new and there is room for more information to be discovered. This research proposes using a Raspberry Pi in conjunction with a Software Defined Radio to capture electromagnetic emanations in the low and high frequency domains. Two well-known side channel attacks will be used to recover the secret information based on the electromagnetic emanations. Furthermore, this research proposes investigating into a possible software countermeasure by using the high-powered devices features such as multi-threading.
- Full Text:
- Date Issued: 2016
A Framework for the Static Analysis of Malware focusing on Signal Processing Techniques
- Zeisberger, Sascha, Irwin, Barry V W
- Authors: Zeisberger, Sascha , Irwin, Barry V W
- Date: 2012
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427914 , vital:72473 , https://www.researchgate.net/profile/Barry-Ir-win/publication/327622833_A_Framework_for_the_Static_Analysis_of_Mal-ware_focusing_on_Signal_Processing_Techniques/links/5b9a1396a6fdcc59bf8dfc87/A-Framework-for-the-Static-Analysis-of-Malware-focusing-on-Signal-Processing-Techniques.pdf
- Description: The information gathered through conventional static analysis of malicious binaries has become increasingly limited. This is due to the rate at which new malware is being created as well as the increasingly complex methods employed to obfuscating these binaries. This paper discusses the development of a framework to analyse malware using signal processing techniques, the initial iteration of which focuses on common audio processing techniques such as Fourier transforms. The aim of this research is to identify characteristics of malware and the encryption methods used to obfuscate malware. This is achieved through the analysis of their binary structure, potentially providing an additional metric for autonomously fingerprinting malware.
- Full Text:
- Date Issued: 2012
- Authors: Zeisberger, Sascha , Irwin, Barry V W
- Date: 2012
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427914 , vital:72473 , https://www.researchgate.net/profile/Barry-Ir-win/publication/327622833_A_Framework_for_the_Static_Analysis_of_Mal-ware_focusing_on_Signal_Processing_Techniques/links/5b9a1396a6fdcc59bf8dfc87/A-Framework-for-the-Static-Analysis-of-Malware-focusing-on-Signal-Processing-Techniques.pdf
- Description: The information gathered through conventional static analysis of malicious binaries has become increasingly limited. This is due to the rate at which new malware is being created as well as the increasingly complex methods employed to obfuscating these binaries. This paper discusses the development of a framework to analyse malware using signal processing techniques, the initial iteration of which focuses on common audio processing techniques such as Fourier transforms. The aim of this research is to identify characteristics of malware and the encryption methods used to obfuscate malware. This is achieved through the analysis of their binary structure, potentially providing an additional metric for autonomously fingerprinting malware.
- Full Text:
- Date Issued: 2012
Cost-effective realisation of the Internet of Things
- Andersen, Michael, Irwin, Barry V W
- Authors: Andersen, Michael , Irwin, Barry V W
- Date: 2012
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427930 , vital:72474 , https://www.researchgate.net/profile/Barry-Irwin/publication/326225063_Cost-effec-tive_realisation_of_the_Internet_of_Things/links/5b3f2262a6fdcc8506ffe75e/Cost-effective-realisation-of-the-Internet-of-Things.pdf
- Description: A hardware and software platform, created to facilitate power usage and power quality measurements along with direct power line actuation is under development. Additional general purpose control and sensing interfaces have been integrated. Measurements are persistently stored on each node to allow asynchronous retrieval of data without the need for a central server. The device communicates using an IEEE 802.15. 4 radio transceiver to create a self-configuring mesh network. Users can interface with the mesh network by connecting to any node via USB and utilising the developed high level API and interactive environment.
- Full Text:
- Date Issued: 2012
- Authors: Andersen, Michael , Irwin, Barry V W
- Date: 2012
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427930 , vital:72474 , https://www.researchgate.net/profile/Barry-Irwin/publication/326225063_Cost-effec-tive_realisation_of_the_Internet_of_Things/links/5b3f2262a6fdcc8506ffe75e/Cost-effective-realisation-of-the-Internet-of-Things.pdf
- Description: A hardware and software platform, created to facilitate power usage and power quality measurements along with direct power line actuation is under development. Additional general purpose control and sensing interfaces have been integrated. Measurements are persistently stored on each node to allow asynchronous retrieval of data without the need for a central server. The device communicates using an IEEE 802.15. 4 radio transceiver to create a self-configuring mesh network. Users can interface with the mesh network by connecting to any node via USB and utilising the developed high level API and interactive environment.
- Full Text:
- Date Issued: 2012
Normandy: A Framework for Implementing High Speed Lexical Classification of Malicious URLs
- Egan, Shaun P, Irwin, Barry V W
- Authors: Egan, Shaun P , Irwin, Barry V W
- Date: 2012
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427958 , vital:72476 , https://www.researchgate.net/profile/Barry-Ir-win/publication/326224974_Normandy_A_Framework_for_Implementing_High_Speed_Lexical_Classification_of_Malicious_URLs/links/5b3f21074585150d2309dd50/Normandy-A-Framework-for-Implementing-High-Speed-Lexical-Classification-of-Malicious-URLs.pdf
- Description: Research has shown that it is possible to classify malicious URLs using state of the art techniques to train Artificial Neural Networks (ANN) using only lexical features of a URL. This has the advantage of being high speed and does not add any overhead to classifications as it does not require look-ups from external services. This paper discusses our method for implementing and testing a framework which automates the generation of these neural networks as well as testing involved in trying to optimize the performance of these ANNs.
- Full Text:
- Date Issued: 2012
- Authors: Egan, Shaun P , Irwin, Barry V W
- Date: 2012
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427958 , vital:72476 , https://www.researchgate.net/profile/Barry-Ir-win/publication/326224974_Normandy_A_Framework_for_Implementing_High_Speed_Lexical_Classification_of_Malicious_URLs/links/5b3f21074585150d2309dd50/Normandy-A-Framework-for-Implementing-High-Speed-Lexical-Classification-of-Malicious-URLs.pdf
- Description: Research has shown that it is possible to classify malicious URLs using state of the art techniques to train Artificial Neural Networks (ANN) using only lexical features of a URL. This has the advantage of being high speed and does not add any overhead to classifications as it does not require look-ups from external services. This paper discusses our method for implementing and testing a framework which automates the generation of these neural networks as well as testing involved in trying to optimize the performance of these ANNs.
- Full Text:
- Date Issued: 2012
A Framework for DNS Based Detection of Botnets at the ISP Level
- Stalmans, Etienne, Irwin, Barry V W
- Authors: Stalmans, Etienne , Irwin, Barry V W
- Date: 2011
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427984 , vital:72478 , https://www.researchgate.net/profile/Barry-Ir-win/publication/327622932_A_Framework_for_DNS_Based_Detection_of_Botnets_at_the_ISP_Level/links/5b9a14e1458515310583fc19/A-Framework-for-DNS-Based-Detection-of-Botnets-at-the-ISP-Level.pdf
- Description: The rapid expansion of networks and increase in internet connected devices has lead to a large number of hosts susceptible to virus infec-tion. Infected hosts are controlled by attackers and form so called bot-nets. These botnets are used to steal data, mask malicious activity and perform distributed denial of service attacks. Traditional protection mechanisms rely on host based detection of viruses. These systems are failing due to the rapid increase in the number of vulnerable hosts and attacks that easily bypass detection mechanisms. This paper pro-poses moving protection from the individual hosts to the Internet Ser-vice Provider (ISP), allowing for the detection and prevention of botnet traffic. DNS traffic inspection allows for the development of a lightweight and accurate classifier that has little or no effect on network perfor-mance. By preventing botnet activity at the ISP level, it is hoped that the threat of botnets can largely be mitigated.
- Full Text:
- Date Issued: 2011
- Authors: Stalmans, Etienne , Irwin, Barry V W
- Date: 2011
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427984 , vital:72478 , https://www.researchgate.net/profile/Barry-Ir-win/publication/327622932_A_Framework_for_DNS_Based_Detection_of_Botnets_at_the_ISP_Level/links/5b9a14e1458515310583fc19/A-Framework-for-DNS-Based-Detection-of-Botnets-at-the-ISP-Level.pdf
- Description: The rapid expansion of networks and increase in internet connected devices has lead to a large number of hosts susceptible to virus infec-tion. Infected hosts are controlled by attackers and form so called bot-nets. These botnets are used to steal data, mask malicious activity and perform distributed denial of service attacks. Traditional protection mechanisms rely on host based detection of viruses. These systems are failing due to the rapid increase in the number of vulnerable hosts and attacks that easily bypass detection mechanisms. This paper pro-poses moving protection from the individual hosts to the Internet Ser-vice Provider (ISP), allowing for the detection and prevention of botnet traffic. DNS traffic inspection allows for the development of a lightweight and accurate classifier that has little or no effect on network perfor-mance. By preventing botnet activity at the ISP level, it is hoped that the threat of botnets can largely be mitigated.
- Full Text:
- Date Issued: 2011
A fuzz testing framework for evaluating and securing network applications
- Zeisberger, Sascha, Irwin, Barry V W
- Authors: Zeisberger, Sascha , Irwin, Barry V W
- Date: 2011
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428000 , vital:72479 , https://www.researchgate.net/profile/Barry-Ir-win/publication/327622655_A_Fuzz_Testing_Framework_for_Evaluating_and_Securing_Network_Applications/links/5b9a153b92851c4ba8181b0d/A-Fuzz-Testing-Framework-for-Evaluating-and-Securing-Network-Applications.pdf
- Description: Research has shown that fuzz-testing is an effective means of increasing the quality and security of software and systems. This project proposes the im-plementation of a testing framework based on numerous fuzz-testing tech-niques. The framework will allow a user to detect errors in applications and locate critical areas in the applications that are responsible for the detected errors. The aim is to provide an all-encompassing testing framework that will allow a developer to quickly and effectively deploy fuzz tests on an applica-tion and ensure a higher level of quality control before deployment.
- Full Text:
- Date Issued: 2011
- Authors: Zeisberger, Sascha , Irwin, Barry V W
- Date: 2011
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428000 , vital:72479 , https://www.researchgate.net/profile/Barry-Ir-win/publication/327622655_A_Fuzz_Testing_Framework_for_Evaluating_and_Securing_Network_Applications/links/5b9a153b92851c4ba8181b0d/A-Fuzz-Testing-Framework-for-Evaluating-and-Securing-Network-Applications.pdf
- Description: Research has shown that fuzz-testing is an effective means of increasing the quality and security of software and systems. This project proposes the im-plementation of a testing framework based on numerous fuzz-testing tech-niques. The framework will allow a user to detect errors in applications and locate critical areas in the applications that are responsible for the detected errors. The aim is to provide an all-encompassing testing framework that will allow a developer to quickly and effectively deploy fuzz tests on an applica-tion and ensure a higher level of quality control before deployment.
- Full Text:
- Date Issued: 2011
High Speed Lexical Classification of Malicious URLs
- Egan, Shaun P, Irwin, Barry V W
- Authors: Egan, Shaun P , Irwin, Barry V W
- Date: 2011
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428055 , vital:72483 , https://www.researchgate.net/profile/Barry-Ir-win/publication/326225046_High_Speed_Lexical_Classification_of_Malicious_URLs/links/5b3f20acaca27207851c60f9/High-Speed-Lexical-Classification-of-Malicious-URLs.pdf
- Description: It has been shown in recent research that it is possible to identify malicious URLs through lexi-cal analysis of their URL structures alone. Lightweight algorithms are defined as methods by which URLs are analyzed that do not use external sources of information such as WHOIS lookups, blacklist lookups and content analysis. These parameters include URL length, number of delimiters as well as the number of traversals through the directory structure and are used throughout much of the research in the paradigm of lightweight classification. Methods which include external sources of information are often called fully featured classifications and have been shown to be only slightly more effective than a purely lexical analysis when considering both false-positives and falsenegatives. This distinction allows these algorithms to be run client side without the introduction of additional latency, but still providing a high level of accuracy through the use of modern techniques in training classifiers. Both AROW and CW classifier update methods will be used as prototype implementations and their effectiveness will be com-pared to fully featured analysis results. These methods are selected because they are able to train on any labeled data, including instances in which their prediction is correct, allowing them to build a confidence in specific lexical features.
- Full Text:
- Date Issued: 2011
- Authors: Egan, Shaun P , Irwin, Barry V W
- Date: 2011
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428055 , vital:72483 , https://www.researchgate.net/profile/Barry-Ir-win/publication/326225046_High_Speed_Lexical_Classification_of_Malicious_URLs/links/5b3f20acaca27207851c60f9/High-Speed-Lexical-Classification-of-Malicious-URLs.pdf
- Description: It has been shown in recent research that it is possible to identify malicious URLs through lexi-cal analysis of their URL structures alone. Lightweight algorithms are defined as methods by which URLs are analyzed that do not use external sources of information such as WHOIS lookups, blacklist lookups and content analysis. These parameters include URL length, number of delimiters as well as the number of traversals through the directory structure and are used throughout much of the research in the paradigm of lightweight classification. Methods which include external sources of information are often called fully featured classifications and have been shown to be only slightly more effective than a purely lexical analysis when considering both false-positives and falsenegatives. This distinction allows these algorithms to be run client side without the introduction of additional latency, but still providing a high level of accuracy through the use of modern techniques in training classifiers. Both AROW and CW classifier update methods will be used as prototype implementations and their effectiveness will be com-pared to fully featured analysis results. These methods are selected because they are able to train on any labeled data, including instances in which their prediction is correct, allowing them to build a confidence in specific lexical features.
- Full Text:
- Date Issued: 2011
Near Real-time Aggregation and Visualisation of Hostile Network Traffic
- Hunter, Samuel O, Irwin, Barry V W
- Authors: Hunter, Samuel O , Irwin, Barry V W
- Date: 2011
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428067 , vital:72484 , https://www.researchgate.net/profile/Barry-Irwin/publication/327622653_Near_Real-time_Aggregation_and_Visualisation_of_Hostile_Network_Traffic/links/5b9a1474a6fdcc59bf8dfcc2/Near-Real-time-Aggregation-and-Visualisation-of-Hostile-Network-Traffic.pdf4
- Description: Efficient utilization of hostile network traffic for visualization and defen-sive purposes require near real-time availability of such data. Hostile or malicious traffic was obtained through the use of network telescopes and honeypots, as they are effective at capturing mostly illegitimate and nefarious traffic. The data is then exposed in near real-time through a messaging framework and visualized with the help of a geolocation based visualization tool. Defensive applications with regards to hostile network traffic are explored; these include the dynamic quarantine of malicious hosts internal to a network and the egress filtering of denial of service traffic originating from inside a network.
- Full Text:
- Date Issued: 2011
- Authors: Hunter, Samuel O , Irwin, Barry V W
- Date: 2011
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428067 , vital:72484 , https://www.researchgate.net/profile/Barry-Irwin/publication/327622653_Near_Real-time_Aggregation_and_Visualisation_of_Hostile_Network_Traffic/links/5b9a1474a6fdcc59bf8dfcc2/Near-Real-time-Aggregation-and-Visualisation-of-Hostile-Network-Traffic.pdf4
- Description: Efficient utilization of hostile network traffic for visualization and defen-sive purposes require near real-time availability of such data. Hostile or malicious traffic was obtained through the use of network telescopes and honeypots, as they are effective at capturing mostly illegitimate and nefarious traffic. The data is then exposed in near real-time through a messaging framework and visualized with the help of a geolocation based visualization tool. Defensive applications with regards to hostile network traffic are explored; these include the dynamic quarantine of malicious hosts internal to a network and the egress filtering of denial of service traffic originating from inside a network.
- Full Text:
- Date Issued: 2011
Passive Traffic Inspection for Automated Firewall Rule Set Generation
- Pranschke, Georg-Christian, Irwin, Barry V W, Barnett, Richard J
- Authors: Pranschke, Georg-Christian , Irwin, Barry V W , Barnett, Richard J
- Date: 2009
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428114 , vital:72487 , https://d1wqtxts1xzle7.cloudfront.net/49200001/Automated_Firewall_Rule_Set_Generation_T20160928-12076-1n830lx-libre.pdf?1475130103=andresponse-content-disposi-tion=inline%3B+filename%3DAutomated_Firewall_Rule_Set_Generation_T.pdfandExpires=1714733377andSignature=Q0miMvZNpP7c60n42m54TvFG4hIdujVJBilbpvDKquBk54RPwU22pH6-40mpmOxIFBllKUmOgZfS9SwzuiANn-AZ2bhAELyZmf2bJ5MgceaYH5wnPjX9VzP04C2BACzhO5YutUfwkysburUx-zNdiemSofx2p1DwOszXaJNauYdP8RcHQmFl8aOnkoc3kmU02eKz8WiQISntJtu5Gpo8txP-Z6f1BEzvlVGd432tndhRwpsEVWGW43~oXsdaWQu72S8pTakgKPREqaD7CUHKMXiiUBfuiSj1nFo2n4xZQlFHqbMT7TAYzBPM0GObe~kBe5s2nY6dnOMUKUsSaeTUtqA__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: The introduction of network filters and chokes such as firewalls in exist-ing operational network is often problematic, due to considerations that need to be made to minimise the interruption of existent legitimate traf-fic. This often necessitates the time consuming manual analysis of net-work traffic over a period of time in order to generate and vet the rule bases to minimise disruption of legitimate flows. To improve upon this, a system facilitating network traffic analysis and firewall rule set genera-tion is proposed. The system shall be capable to deal with the ever in-creasing traffic volumes and help to provide and maintain high uptimes. A high level overview of the design of the components is presented. Additions to the system are scoring metrics which may assist the admin-istrator to optimise the rule sets for the most efficient matching of flows, based on traffic volume, frequency or packet count. A third party pack-age-Firewall Builder-is used to target the resultant rule sets to a number of different firewall and network Filtering platforms.
- Full Text:
- Date Issued: 2009
- Authors: Pranschke, Georg-Christian , Irwin, Barry V W , Barnett, Richard J
- Date: 2009
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428114 , vital:72487 , https://d1wqtxts1xzle7.cloudfront.net/49200001/Automated_Firewall_Rule_Set_Generation_T20160928-12076-1n830lx-libre.pdf?1475130103=andresponse-content-disposi-tion=inline%3B+filename%3DAutomated_Firewall_Rule_Set_Generation_T.pdfandExpires=1714733377andSignature=Q0miMvZNpP7c60n42m54TvFG4hIdujVJBilbpvDKquBk54RPwU22pH6-40mpmOxIFBllKUmOgZfS9SwzuiANn-AZ2bhAELyZmf2bJ5MgceaYH5wnPjX9VzP04C2BACzhO5YutUfwkysburUx-zNdiemSofx2p1DwOszXaJNauYdP8RcHQmFl8aOnkoc3kmU02eKz8WiQISntJtu5Gpo8txP-Z6f1BEzvlVGd432tndhRwpsEVWGW43~oXsdaWQu72S8pTakgKPREqaD7CUHKMXiiUBfuiSj1nFo2n4xZQlFHqbMT7TAYzBPM0GObe~kBe5s2nY6dnOMUKUsSaeTUtqA__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: The introduction of network filters and chokes such as firewalls in exist-ing operational network is often problematic, due to considerations that need to be made to minimise the interruption of existent legitimate traf-fic. This often necessitates the time consuming manual analysis of net-work traffic over a period of time in order to generate and vet the rule bases to minimise disruption of legitimate flows. To improve upon this, a system facilitating network traffic analysis and firewall rule set genera-tion is proposed. The system shall be capable to deal with the ever in-creasing traffic volumes and help to provide and maintain high uptimes. A high level overview of the design of the components is presented. Additions to the system are scoring metrics which may assist the admin-istrator to optimise the rule sets for the most efficient matching of flows, based on traffic volume, frequency or packet count. A third party pack-age-Firewall Builder-is used to target the resultant rule sets to a number of different firewall and network Filtering platforms.
- Full Text:
- Date Issued: 2009
An Analysis of Network Scanning Traffic as it relates to Scan-Detection in Network Intrusion Detection Systems
- Barnett, Richard J, Irwin, Barry V W
- Authors: Barnett, Richard J , Irwin, Barry V W
- Date: 2008
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428156 , vital:72490 , https://www.researchgate.net/profile/Barry-Ir-win/publication/326225058_An_Analysis_of_Network_Scanning_Traffic_as_it_relates_to_Scan-Detec-tion_in_Network_Intrusion_Detection_Systems/links/5b3f21eaa6fdcc8506ffe659/An-Analysis-of-Network-Scanning-Traffic-as-it-relates-to-Scan-Detection-in-Network-Intrusion-Detection-Systems.pdf
- Description: Network Intrusion Detection is, in a modern network, a useful tool to de-tect a wide variety of malicious traffic. The ever present prevalence of scanning activity on the Internet is fair justification to warrant scan de-tection as a component of network intrusion detection. Whilst current systems are able to perform scan-detection, the methods they use are often flawed and exhibit an inability to detect scans in an efficient and scalable manner. Existing research by van Riel and Irwin has illustrated a number of flaws present in the open source systems Snort and Bro. This paper builds on this by describing current research at Rhodes Uni-versity in which these flaws are being addressed. In particular, this re-search will address the flaws in the scan-detection engines in Snort and Bro by developing new plug-ins for these systems which take into con-sideration the improvements which are identified over the course of the research.
- Full Text:
- Date Issued: 2008
- Authors: Barnett, Richard J , Irwin, Barry V W
- Date: 2008
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428156 , vital:72490 , https://www.researchgate.net/profile/Barry-Ir-win/publication/326225058_An_Analysis_of_Network_Scanning_Traffic_as_it_relates_to_Scan-Detec-tion_in_Network_Intrusion_Detection_Systems/links/5b3f21eaa6fdcc8506ffe659/An-Analysis-of-Network-Scanning-Traffic-as-it-relates-to-Scan-Detection-in-Network-Intrusion-Detection-Systems.pdf
- Description: Network Intrusion Detection is, in a modern network, a useful tool to de-tect a wide variety of malicious traffic. The ever present prevalence of scanning activity on the Internet is fair justification to warrant scan de-tection as a component of network intrusion detection. Whilst current systems are able to perform scan-detection, the methods they use are often flawed and exhibit an inability to detect scans in an efficient and scalable manner. Existing research by van Riel and Irwin has illustrated a number of flaws present in the open source systems Snort and Bro. This paper builds on this by describing current research at Rhodes Uni-versity in which these flaws are being addressed. In particular, this re-search will address the flaws in the scan-detection engines in Snort and Bro by developing new plug-ins for these systems which take into con-sideration the improvements which are identified over the course of the research.
- Full Text:
- Date Issued: 2008
Toward visualised network intrusion detection
- van Riel, J.P, Irwin, Barry V W
- Authors: van Riel, J.P , Irwin, Barry V W
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428238 , vital:72496 , https://www.cs.ru.ac.za/research/g02v2468/publications/vanRiel-SATNAC2006.pdf
- Description: To deal with the large volume of network data, contemporary solutions seek to automate the process of detecting intrusive activity. However, intrusion detection systems can produce an overwhelming number of alerts, and many false alarms can obscure serious intrusion attempts. To overcome these difficulties, this paper suggests combining dedicat-ed sensor network monitoring with visualisation. With the aim of evaluat-ing intrusion detection systems, we introduce the idea of using graph-ical representations to superimpose alert information over raw network traffic.
- Full Text:
- Date Issued: 2006
- Authors: van Riel, J.P , Irwin, Barry V W
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428238 , vital:72496 , https://www.cs.ru.ac.za/research/g02v2468/publications/vanRiel-SATNAC2006.pdf
- Description: To deal with the large volume of network data, contemporary solutions seek to automate the process of detecting intrusive activity. However, intrusion detection systems can produce an overwhelming number of alerts, and many false alarms can obscure serious intrusion attempts. To overcome these difficulties, this paper suggests combining dedicat-ed sensor network monitoring with visualisation. With the aim of evaluat-ing intrusion detection systems, we introduce the idea of using graph-ical representations to superimpose alert information over raw network traffic.
- Full Text:
- Date Issued: 2006
Wireless Ethernet Propagation Modeling Software
- Janse van Rensburg, Johanna, Irwin, Barry V W
- Authors: Janse van Rensburg, Johanna , Irwin, Barry V W
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428249 , vital:72497
- Description: Wireless technologies have had an enormous impact on networking in recent years. It can create new business oppurtunities and allow users to communicate and share data in a new fashion. Wireless Networks decrease installation costs, reduce the deployment time of a network and overcome physical barrier problems inherent in wiring. Unfortunately this flexibility comes at a price. The deployment, installation and setup of a WLAN is not a simple task and a number of factors need to be con-sidered. Wireless Networks are notorious for being insecure due to signal spill, ad-hoc unauthorized access points and varying encryption strengths and standards. RF (Radio Frequency) interference and physical barriers suppress a signal. In addition the channel frequencies each access point will be using in order to provide maxi-mum roaming but minimum inter access point interference need to be considered. It is a complex balancing act to take these factors into account while still maintaining coverage, performance and security requirements. In this paper the benefits and feasibility of a model will be discussed that will enable the network administrator to visualize the coverage footprint of their wireless network when the above factors are taken into consideration. The program will be able to predict the strength, prop-agation and unwanted spill of signals which could compromise the security of an organisation prior to the deployment of a WLAN. In addition the model will provide functionality to visualize a signal from audit data once the WLAN is operational. The end result will be a program that can aid in the configuration, installation and man-agement of a secure WLAN.
- Full Text:
- Date Issued: 2006
- Authors: Janse van Rensburg, Johanna , Irwin, Barry V W
- Date: 2006
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428249 , vital:72497
- Description: Wireless technologies have had an enormous impact on networking in recent years. It can create new business oppurtunities and allow users to communicate and share data in a new fashion. Wireless Networks decrease installation costs, reduce the deployment time of a network and overcome physical barrier problems inherent in wiring. Unfortunately this flexibility comes at a price. The deployment, installation and setup of a WLAN is not a simple task and a number of factors need to be con-sidered. Wireless Networks are notorious for being insecure due to signal spill, ad-hoc unauthorized access points and varying encryption strengths and standards. RF (Radio Frequency) interference and physical barriers suppress a signal. In addition the channel frequencies each access point will be using in order to provide maxi-mum roaming but minimum inter access point interference need to be considered. It is a complex balancing act to take these factors into account while still maintaining coverage, performance and security requirements. In this paper the benefits and feasibility of a model will be discussed that will enable the network administrator to visualize the coverage footprint of their wireless network when the above factors are taken into consideration. The program will be able to predict the strength, prop-agation and unwanted spill of signals which could compromise the security of an organisation prior to the deployment of a WLAN. In addition the model will provide functionality to visualize a signal from audit data once the WLAN is operational. The end result will be a program that can aid in the configuration, installation and man-agement of a secure WLAN.
- Full Text:
- Date Issued: 2006
Towards a Classification of Intrusion Strength
- Motara, Yusuf M, Irwin, Barry V W
- Authors: Motara, Yusuf M , Irwin, Barry V W
- Date: 2005
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428261 , vital:72498 , https://www.researchgate.net/profile/Yusuf-Mota-ra/publication/267206150_Towards_a_Classification_of_Intru-sion_Strength/links/547485820cf245eb436de34e/Towards-a-Classification-of-Intrusion-Strength.pdf
- Description: This paper proposes a new term, “intrusion strength”, for use by the se-curity community and those affected by compromised systems. It justi-fies the usefulness of such a term, proposes a preliminary ranking of intrusion strength factors, and concludes by mentioning the work nec-essary to create a full taxonomy of intrusion strength.
- Full Text:
- Date Issued: 2005
- Authors: Motara, Yusuf M , Irwin, Barry V W
- Date: 2005
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428261 , vital:72498 , https://www.researchgate.net/profile/Yusuf-Mota-ra/publication/267206150_Towards_a_Classification_of_Intru-sion_Strength/links/547485820cf245eb436de34e/Towards-a-Classification-of-Intrusion-Strength.pdf
- Description: This paper proposes a new term, “intrusion strength”, for use by the se-curity community and those affected by compromised systems. It justi-fies the usefulness of such a term, proposes a preliminary ranking of intrusion strength factors, and concludes by mentioning the work nec-essary to create a full taxonomy of intrusion strength.
- Full Text:
- Date Issued: 2005
Towards an Infrastructural Framework for Secure Electronic Publication
- Forrester, Jock, Irwin, Barry V W
- Authors: Forrester, Jock , Irwin, Barry V W
- Date: 2005
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428274 , vital:72499 , https://d1wqtxts1xzle7.cloudfront.net/3456213/No_147_-_Forrester-libre.pdf?1390832679=andresponse-content-disposi-tion=inline%3B+filename%3DTowards_an_Infrastructural_Framework_for.pdfandExpires=1714791785andSignature=TY2i5fIQcyv493crTdmDaMEDLBmnqe-s1yjeJ4OAk~-Syb12yZ1EBj-cJi8jxrmIorji6THEB4kSon43fOBcA5XUwoZ0H1T~LooHIyiqhBymL2ZtszKbFdqu1zZCrCkfR1YYAjUiVaM2BNSyC-P-mtY6S5aFcwztHl43eogmS70AIt0x76p9gIvL3xQsyE-VXBrtOrbkbQweUmgZs80bQDMnS-oou481C0BJyp8y6St6BETLKCaJC~uPYzrHOG1CwVxNZQoz38zJ3pLIzuNmdLcrlts3BbASji3c53MY-CoEGflXljrvzG6f85EBo-Oy9kjyAzvJ9gZmfISayfA-~w__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: To prevent the accidental, or deliberate, publication of documents contain-ing hidden information the organisation needs to have an Electronic Publi-cation Policy, more importantly though, it needs to have the Technical Infra-structure in place to enforce the policy. This paper outlines such a Technical Infrastructure.
- Full Text:
- Date Issued: 2005
- Authors: Forrester, Jock , Irwin, Barry V W
- Date: 2005
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428274 , vital:72499 , https://d1wqtxts1xzle7.cloudfront.net/3456213/No_147_-_Forrester-libre.pdf?1390832679=andresponse-content-disposi-tion=inline%3B+filename%3DTowards_an_Infrastructural_Framework_for.pdfandExpires=1714791785andSignature=TY2i5fIQcyv493crTdmDaMEDLBmnqe-s1yjeJ4OAk~-Syb12yZ1EBj-cJi8jxrmIorji6THEB4kSon43fOBcA5XUwoZ0H1T~LooHIyiqhBymL2ZtszKbFdqu1zZCrCkfR1YYAjUiVaM2BNSyC-P-mtY6S5aFcwztHl43eogmS70AIt0x76p9gIvL3xQsyE-VXBrtOrbkbQweUmgZs80bQDMnS-oou481C0BJyp8y6St6BETLKCaJC~uPYzrHOG1CwVxNZQoz38zJ3pLIzuNmdLcrlts3BbASji3c53MY-CoEGflXljrvzG6f85EBo-Oy9kjyAzvJ9gZmfISayfA-~w__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: To prevent the accidental, or deliberate, publication of documents contain-ing hidden information the organisation needs to have an Electronic Publi-cation Policy, more importantly though, it needs to have the Technical Infra-structure in place to enforce the policy. This paper outlines such a Technical Infrastructure.
- Full Text:
- Date Issued: 2005
A unified patch management architecture
- White, Dominic, Irwin, Barry V W
- Authors: White, Dominic , Irwin, Barry V W
- Date: 2004
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428312 , vital:72502 , https://d1wqtxts1xzle7.cloudfront.net/49200003/A_Unified_Patch_Management_Architecture20160928-23008-tl6zi6-libre.pdf?1475130102=andresponse-content-disposi-tion=inline;+filename=A_Unified_Patch_Management_Architecture.pdfandExpires=1714792674andSignature=JMVkFUbxZO5SzFTdhoeVBJk99hD~p5HQhSlLP0sgvU6p6hRRILz8dWwB9M1OPLXDnqYG3RLWyomwNweZtQpFuFwMgyx-EV~7TA0wkCAfzQr0N9YoOjbwcbHA5Fse1c3zFw7rtpwUYoEPyO17TWplLI7IkVArlotnG~3AWf1AKVmhWQ2gvfXAEi361XRwOFlC1d2XLiKQhVTafh7OrAuGt7EDUKuczw1K4u7YZxi5I7ty~704aTvILlKoVkBpVnYC1U3sVmj8BixFhY84MYD~YvM6ym3bVkitE1iDrpFjH40nR8QF5jpkOurB~aikFgNmB1WNXo8kHbyRAjciZQOYhOg__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: This paper attempts to address the issue of harden-ing the internal security of an organisation’s network by easing its patch management. A unified architecture to aid with this process is proposed, with the view towards the implementation of an open source, cross platform tool to solve this problem.
- Full Text:
- Date Issued: 2004
- Authors: White, Dominic , Irwin, Barry V W
- Date: 2004
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428312 , vital:72502 , https://d1wqtxts1xzle7.cloudfront.net/49200003/A_Unified_Patch_Management_Architecture20160928-23008-tl6zi6-libre.pdf?1475130102=andresponse-content-disposi-tion=inline;+filename=A_Unified_Patch_Management_Architecture.pdfandExpires=1714792674andSignature=JMVkFUbxZO5SzFTdhoeVBJk99hD~p5HQhSlLP0sgvU6p6hRRILz8dWwB9M1OPLXDnqYG3RLWyomwNweZtQpFuFwMgyx-EV~7TA0wkCAfzQr0N9YoOjbwcbHA5Fse1c3zFw7rtpwUYoEPyO17TWplLI7IkVArlotnG~3AWf1AKVmhWQ2gvfXAEi361XRwOFlC1d2XLiKQhVTafh7OrAuGt7EDUKuczw1K4u7YZxi5I7ty~704aTvILlKoVkBpVnYC1U3sVmj8BixFhY84MYD~YvM6ym3bVkitE1iDrpFjH40nR8QF5jpkOurB~aikFgNmB1WNXo8kHbyRAjciZQOYhOg__andKey-Pair-Id=APKAJLOHF5GGSLRBV4ZA
- Description: This paper attempts to address the issue of harden-ing the internal security of an organisation’s network by easing its patch management. A unified architecture to aid with this process is proposed, with the view towards the implementation of an open source, cross platform tool to solve this problem.
- Full Text:
- Date Issued: 2004
Decryption of Wire-level Network Protocols for Forensic Inspection
- Authors: Irwin, Barry V W
- Date: 2004
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428339 , vital:72504 , https://www.researchgate.net/profile/Barry-Irwin/publication/327622612_Decryption_of_Wire-lev-el_Network_Protocols_for_Forensic_Inspection/links/5b9a1220299bf14ad4d6a3b1/Decryption-of-Wire-level-Network-Protocols-for-Forensic-Inspection.pdf
- Description: With the increased use of encrypted transport protocols, the problem of debugging and monitoring the contents of these protocols has in-creased in complexity. This work proposes the development of a unified means of access to the plaintext, through the use of privileged access to the encryption keys, based on the assumption that an administrator has legitimate access to one side of a communication, and is thereby able to gain access to the encryption tokens.
- Full Text:
- Date Issued: 2004
- Authors: Irwin, Barry V W
- Date: 2004
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428339 , vital:72504 , https://www.researchgate.net/profile/Barry-Irwin/publication/327622612_Decryption_of_Wire-lev-el_Network_Protocols_for_Forensic_Inspection/links/5b9a1220299bf14ad4d6a3b1/Decryption-of-Wire-level-Network-Protocols-for-Forensic-Inspection.pdf
- Description: With the increased use of encrypted transport protocols, the problem of debugging and monitoring the contents of these protocols has in-creased in complexity. This work proposes the development of a unified means of access to the plaintext, through the use of privileged access to the encryption keys, based on the assumption that an administrator has legitimate access to one side of a communication, and is thereby able to gain access to the encryption tokens.
- Full Text:
- Date Issued: 2004
- «
- ‹
- 1
- ›
- »