The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
For security, management and accounting, network administrators benefit from knowledge of IP and MAC address bindings. In IPv6, learning these bindings is not as straightforward as it is in IPv4. This paper presents a new approach to track IPv6 address assignments in LANs. The method is based on a study of implementation of IPv6 (mainly neighbor discovery) in current operating systems. The detection...
In the previous work, a novel flow-net methodology for accountability was proposed to build accountable audit data as well as to retrieve useful information by exploring the audit data. In this work, we attempt to instantiate the flow-net methodology in a distributed/networked system by exploiting log files which are recorded locally on each node in the system. To improve the efficiency of retrieving...
In recent years, there has been a growing interest in information protection and security for large organizations. This has led to a growing demand for more aggressive forms of security to complement the existing techniques. One of these security methods involves the use of distributed honey nets. Honey nets are network systems deployed for the sole purpose of being compromised, in order to assess...
The current ubiquity of information coupled with the reliance on such data by businesses has led to a great deal of resources being deployed to ensure the security of this information. Threats can come from a number of sources and the dangers from those insiders closest to the source have increased significantly recently. This paper focuses on techniques used to identify and manage threats as well...
This paper proposes the virtual honeynet collaboration system (VHS) to improve the designs and concepts of the honeynet architectures. Using virtualization technologies (VTs) as a development platform, the proposed approach combines honeynet technologies to develop a new virtual honeynet architecture that implements VHS. This study also proposes the honeypot redirect-outbound (HRO) algorithm and the...
This paper describes a new botnet that we have discovered at the beginning of December 2009. Our Net Flow-based network monitoring system reported an increasing amount of Telnet scanning probes. Tracing back to a source we have identified world wide infected DSL modems and home routers. Nowadays, various vendors use Linux in this kind of devices. A further investigation has shown that most of deployed...
In order to make the healthy and stable operation of the next generation Internet, this paper designs a network traffic monitoring system oriented IPv6. The System uses the collected Net Flow data to make statistics and analysis. The key technologies used in the system were introduced and the main framework of the system was given. The system has been tested in the cernet2, and the test results show...
Previous distributed anomaly detection efforts have operated on summary statistics gathered from each node. This has the advantage that the audit trail is limited in size since event sets can be succinctly represented. While this minimizes the bandwidth consumed and helps scale the detection to a large number of nodes, it limits the infrastructure's ability to identify the source of anomalies. We...
In this paper we aim to enable security within SIP enterprise domains by providing monitoring capabilities at three levels: the network traffic, the server logs and the billing records. We propose an anomaly detection approach based on appropriate feature extraction and one-class Support Vector Machines (SVM). We propose methods for anomaly/attack type classification and attack source identification...
Recording raw network traffic for long-term periods can be extremely beneficial for a multitude of monitoring and security applications. However, storing all traffic of high volume networks is infeasible even for short-term periods due to the increased storage requirements. Traditional approaches for data reduction like aggregation and sampling either require knowing the traffic features of interest...
Online social networks with millions of users are very popular nowadays. They provide a platform for the users to present themselves and to interact with each other. In this paper, we present a totally distributed platform for social online networks based on the p2p paradigm, called LifeSocial.KOM. It provides the same functionality as common online social networks, while distributing the operational...
Voice over Internet Protocol based systems become more and more part of business critical IT infrastructures. To increase the robustness of voice applications, automated security testing is required to detect security vulnerabilities in an efficient way. In this paper we present a fuzzer framework to detect security vulnerabilities in Voice over Internet Protocol Softphones, which implement Session...
Recent years have seen substantial development in computer and network security design. This has been manifested as an every increasing range of new protocols, new encryption algorithms, new methods of authentication, smarter firewalls and intrusion detection techniques, new anti-malware products and many more. During the same period of time increasing demands for more trustworthy network infrastructure...
In this paper, we propose a bot detection method that enhances traffic analysis of Network based IDS (NIDS) by using process contextual information obtained from monitored machines. Existing NIDS classifies hosts suspected of doing both of the Command and Control (C&C) communication and infection activities as bots. However, this approach cannot conduct finer-grained analysis than IP address level,...
Situational assessment is significant for host-level security. Most existing approaches are generally limited to network security that is different from host-level security. In this paper, we introduce an approach to assess host security. Analyzing process and file behaviors, we propose a series of security indices, based on which we compute the value of process situation (PS) and file situation (FS)...
In the Age of Information, network education pays more attention to the application of IT technology and the training of talents, which makes learning more of customization and of opening up. In order to better enable learners to go beyond the limitations of space and time to acquire knowledge; in order to provide excellent learning environment for greater freedom and greater choice of learning activities...
The current network protecting methods are ineffective in controlling the hosts of intranet. This paper first analyzes the threats coming from intranet. Then designs and implements an intranet security detecting system which can detect if the intranet is working in a secure state. Finally, it combines the detecting results of this system and those of the vulnerability scanners, constructs a logical...
The network security situation assessment model based on artificial immune in this paper abstracts and expands the immune mechanism of self body tolerance, immune memory and immune monitor etc and the concepts related to antibody concentration, it can make real time and quantitative security situation assessment towards the system, and it provides evidence needed for the system to make real time adjustment...
Since Wireless and mobile networks have become increasingly heterogeneous and particularly dynamic, multiple security requirements must be addressed in a flexible and dynamic manner to cope with runtime changing context. Therefore, a generic security adaptation reference monitor must be developed to deal with extremely dynamic security conditions and also performances. In this paper, we present our...
This paper, from the LAN Monitor concept, presents LAN Monitor of traditional non-switched networks monitoring as well as the effective solution for switched networks monitoring in terms of ARP spoofing and propose several effective approaches for these two kinds of cases at the same time.
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.