KaaShiv InfoTech, Number 1 Inplant Training Experts in Chennai.
Inter organizational workflow systems play a fundamental role in business partnerships. We introduce and investigate the concept of workflow signatures. Not only can these signatures be used to ensure authenticity and protect integrity of workflow data, but also to prove the sequence and logical relationships, such as AND-join and AND-split, of a workflow. Hence, workflow signatures can be electronic evidence useful for auditing, that is proving compliance of business processes against some regulatory requirements. Furthermore, signing keys can be used to grant permissions to perform tasks. Since the signing keys are issued on-the-fly, authorization to execute a task within a workflow can be controlled and granted dynamically at runtime. In this paper, we propose a concrete workflow signature scheme, which is based on hierarchical identity-based cryptography, to meet security properties required by inter organizational workflows.
Inter-organizational workflow systems play a fundamental role in business partnerships. We introduce and investigate the concept of workflow signatures .Not only can these signatures be used to ensure authenticity and protect integrity of workflow data, but also to prove the sequence and logical relationships, such as AND-join and AND-split, of a workflow .Workflow signatures can be electronic evidence useful for auditing, that is proving compliance of business processes against some regulatory requirements. Furthermore, signing keys can be used to grant permissions to perform tasks. Since the signing keys are issued on-thefly, authorization to execute a task within a workflow can be controlled and granted dynamically at run-time.In this paper, we propose a concrete workflow signature scheme, which is based on hierarchical identity-based cryptography, to meet security properties required by inter-organizational workflows.
Network security situation awareness provides the unique high level security view based upon the security alert events. But the complexities and diversities of security alert data on modern networks make such analysis extremely difficult. In this paper, we analyze the existing problems of network security situation awareness system and propose a framework for network security situation awareness based on knowledge discovery. The framework consists of the modeling of network security situation and the generation of network security situation. The purpose of modeling is to construct the formal model of network security situation measurement based upon the D-S evidence theory, and support the general process of fusing and analyzing security alert events collected from security situation sensors. The generation of network security situation is to extract the frequent patterns and sequential patterns from the dataset of network security situation based upon knowledge discovery method and transform these patterns to the correlation rules of network security situation, and finally to automatically generate the network security situation graph. Application of the integrated Network Security Situation Awareness system (Net-SSA) shows that the proposed framework supports for the accurate modeling and effective generation of network security situation.
In this paper, we propose four data mining models for the Internet of Things, which are multi-layer data mining model, distributed data mining model, Grid based data mining model and data mining model from multi-technology integration perspective. Among them, multi-layer model includes four layers: (1) data collection layer, (2) data management layer, (3) event processing layer, and (4) data mining service layer. Distributed data mining model can solve problems from depositing data at different sites. Grid based data mining model allows Grid framework to realize the functions of data mining. Data mining model from multi-technology integration perspective describes the corresponding framework for the future Internet. Several key issues in data mining of IoT are also discussed.
Based on analysis on applications by perception control technology in computer network security status and security protection measures, from the angles of network physical environment and network software system environmental security, this paper provides network security system perception control solution using Internet of Things (IOT), telecom and other perception technologies. Security Perception Control System is in the computer network environment, utilizing Radio Frequency Identification (RFID) of IOT and telecom integration technology to carry out integration design for systems. In the network physical security environment, RFID temperature, humidity, gas and perception technologies are used to do surveillance on environmental data, dynamic perception technology is used for network system security environment, user-defined security parameters, security log are used for quick data analysis, extends control on I/O interface, by development of API and AT command, Computer Network Security Perception Control based on Internet and GSM/GPRS is achieved, which enables users to carry out interactive perception and control for network security environment by WEB, E-MAIL as well as PDA, mobile phone short message and Internet. In the system testing, through middleware server, security information data perception in real time with deviation of 3-5% was achieved, it proves the feasibility of Computer Network Security Perception Control System.
With tremendous attacks in the Internet, there is a high demand for network analysts to know about the situations of network security effectively. Traditional network security tools lack the capability of analyzing and assessing network security situations comprehensively. In this paper, we introduce a novel network situation awareness tool CNSSA (Comprehensive Network Security Situation Awareness) to perceive network security situations comprehensively. Based on the fusion of network information, CNSSA makes a quantitative assessment on the situations of network security. It visualizes the situations of network security in its multiple and various views, so that network analysts can know about the situations of network security easily and comprehensively. The case studies demonstrate how CNSSA can be deployed into a real network and how CNSSA can effectively comprehend the situation changes of network security in real time.
The foundation of network security have not been paid enough concentrations, and the comprehensive considerations for the solution models in network security have not been explored thoroughly. In this paper, we make the first attempt to establish several models for the security of network protocols. We divide the security of network protocols into two folders: the implementation security of network protocols, and the design security of network protocols. Four models are proposed to clarify the security problems: software vulnerability model, scalability model, authentication model, and covert model. We also propose several defense principles for all models. The security reduction is also proposed to transform the solution method for security problems to other available security verification and testing approaches. For example, the implementation security of network protocols is reduced to the security of software implementation for parsing protocols, so that the fuzzy test can be used for verification. The pressure test are used for scalability model. The exploration of the paper can help to stimulate the further discussions on the foundations of network security, especially the design security of network protocols.
Managing complex enterprise networks requires an understanding at a fine granularity than traditional network monitoring. The ability to correlate and visualize the dynamics and inter-relationships among various network components such as hosts, users, and applications is non-trivial. Network security visualization is a highlighted topic of network security research in recent years, The existing research situation of network security visualization is analyzed. the paper first proposed the network security situation awareness model, and analysis network security situation awareness method, at last, and designed and implemented the security situation visualization prototype system based on geographic information systems, network topology graph, attack paths. The security situation data show in multiple views, multi-angle, multi-level display to the user by visualization technology, therefore the performance of the security situation will be more accurate and vivid, assessment of network security situation become timely and accurate, laying the foundation for rapid decision-making..
This paper presents an ontological approach to perceive the current security status of the network. Computer network is a dynamic entity whose state changes with the introduction of new services, installation of new network operating system, and addition of new hardware components, creation of new user roles and by attacks from various actors instigated by aggressors. Various security mechanisms employed in the network does not give the complete picture of security of complete network. In this paper we have proposed taxonomy and ontology which may be used to infer impact of various events happening in the network on security status of the network. Vulnerability, Network and Attack are the main taxonomy classes in the ontology. Vulnerability class describes various types of vulnerabilities in the network which may in hardware components like storage devices, computing devices or networks devices. Attack class has many subclasses like Actor class which is entity executing the attack, Goal class describes goal of the attack, Attack mechanism class defines attack methodology, Scope class describes size and utility of the target, Automation level describes the automation level of the attack Evaluation of security status of the network is required for network security situational awareness. Network class has network operating system, users, roles, hardware components and services as its subclasses. Based on this taxonomy ontology has been developed to perceive network security status. Finally a framework, which uses this ontology as knowledgebase has been proposed.
With the rapid development of the Internet, the network structure becomes larger and more complicated and attacking methods are more sophisticated, too. To enhance network security, Network Security Situation Analysis (NSSA) technology is a research hot spot in the network security domain. But at present, the NSSA framework and model which not only analyze the affected results of the network security but also the process how the network security is affected are less. In this paper, a novel NSSA framework is presented. The framework includes two parts: calculate the Network Security Situation Value (NSSV) and discover intrusion processes. NSSA quantitative assesses the impact on network security caused by attacks upon Analytical Hierarchy Process (AHP) and hierarchical network structure. Based on attack classification, intrusion processes discover the process how network security is affected. At last from the experiments results, NSSV exactly changes as attacks take place and the accurate intrusion processes are discovered. The applicability of the framework and algorithms are verified.
Internet security problems remain a major challenge with many security concerns such as Internet worms, spam, and phishing attacks. Botnets, well-organized distributed network attacks, consist of a large number of bots that generate huge volumes of spam or launch Distributed Denial of Service (DDoS) attacks on victim hosts. New emerging botnet attacks degrade the status of Internet security further. To address these problems, a practical collaborative network security management system is proposed with an effective collaborative Unified Threat Management (UTM) and traffic probers. A distributed security overlay network with a centralized security center leverages a peer-to-peer communication protocol used in the UTMs collaborative module and connects them virtually to exchange network events and security rules. Security functions for the UTM are retrofitted to share security rules. In this paper, we propose a design and implementation of a cloud-based security center for network security forensic analysis. We propose using cloud storage to keep collected traffic data and then processing it with cloud computing platforms to find the malicious attacks. As a practical example, phishing attack forensic analysis is presented and the required computing and storage resources are evaluated based on real trace data. The cloud-based security center can instruct each collaborative UTM and prober to collect events and raw traffic, send them back for deep analysis, and generate new security rules. These new security rules are enforced by collaborative UTM and the feedback events of such rules are returned to the security center. By this type of close-loop control, the collaborative network security management system can identify and address new distributed attacks more quickly and effectively.
Network security situational awareness(NSSA) has been a hot research spot in the network security domain. In this paper, a quantification method for NSSA based on conditional random fields(CRFs) was proposed. The data of network attacks from intrusion detection system (IDS), the hosts' vulnerabilities and the hosts' states were firstly combined as the network security factors. And then the network security threat degree was defined to quantify the risk of the whole network and classify the attacks. A diverse set of effective features were incorporated in CRFs Model. Finally the experiments on the DARPA 2000 data set generate the explicit network security situational graph. It proves that the method introduced in this paper can represent network risk more accurate and offer a good quantification for the network security situation.
Nation's network infrastructure such as the Global Information Grid (GIG) for the Department of Defense (DoD) and the OneNet for the Homeland Security Department are tran-sitioning to the Internet Protocol version 6 (IPv6) per DoD CIO Memorandum of June 2003 and the Office of Management and Budget memorandum OMB-05-22. There exist IPv6 specific security vulnerabilities in these network infrastructures that need to be mitigated in order to achieve security parity with the existing IPv4 operations. From the perspective of the Homeland Security technologies, the existence of additional security vulnerabilities implies a possibility for two pronged threats. First, the IPv6 specific vulnerabilities reduce the security posture of the network infrastructure itself; second, other critical infrastructure sectors that depend on IPv6 need additional protection. For example, the future supervisory control and data acquisition (SCADA) industrial capabilities would increasingly use the IPv6 infrastructure, as would the voice communications, the voice and video collaboration, and sharing of data such as the image data and surveillance and reconnaissance data. This paper presents three contiguous results. First, it briefly presents the new IPv6 capabilities; second, it presents a brief analysis of the security vulnerabilities arising from these capabilities; and third, it presents a new security model for IPv6 network infrastructures that has the potential to mitigate these vulnerabilities. The new model is based on the end-to-end connectivity that is restored in IPv6, thus allowing the use of host based security (HBS) systems together with the perimeter security devices. However, the use of HBS complicates the security trust management. Therefore the third component of the model is introduced, namely a policy based security management (PBSM) approach. The PBSM approach allows the secure deployment of the host based security systems. It provides the capabilities needed to specify - - the trust zones via a set of security policy rules that together specify a trust zone. Hosts belong to one or more trust zones. Accordingly, the host based security policies are derived from the zone security policies for all the zones to which a host belongs. In addition, the PBSM approach has the potential to support more sophisticated security capabilities such as a risk adaptive access control and dynamic security response to a changing operational picture. The capabilities are needed to enable net-centric security operations.
Due to the extensive use of Internet services and emerging security threats, most enterprise networks deploy varieties of security devices for controlling resource access based on organizational security requirements. These requirements are becoming more fine-grained, where access control depends on heterogeneous isolation patterns like access deny, trusted communication, and payload inspection. However, organizations are looking to design usable and optimal security configurations that can harden the network security within enterprise budget constraints. This requires analyzing various alternative security architectures in order to find a security design that satisfies the organizational security requirements as well as the business constraints. In this paper, we present ConfigSynth, an automated framework for synthesizing network security configurations by exploring various security design alternatives to provide an optimal solution. The main design alternatives include different kinds of isolation patterns for traffic flows in different segments of the network. ConfigSynth takes security requirements and business constraints along with the network topology as inputs. Then it synthesizes optimal and cost-effective security configurations satisfying the constraints. ConfigSynth also provides optimal placements of different security devices in the network according to the given network topology. ConfigSynth uses Satisfiability Modulo Theories (SMT) for modeling this synthesis problem. We demonstrate the scalability of the tool using simulated experiments.
At present, network security attacks are numerous. Traditional single defense equipment and testing equipment are unable to meet the requirements of network security under the new circumstances. Therefore, the research on network security situation has become a hot topic in the field of network security. To enhance the accuracy and time effectiveness of the network security situation forecast, a fuzzy prediction method of network security situation based on Markov is proposed in this paper. The method is based on the Markov state transition matrix that depicts the correlation of network security and predicts the security status. By introducing the vulnerability information to build the membership degree of fuzzy security situation for the security status and integrating improved Zadeh formula, the prediction value of the network security situation is obtained. Finally, the effectiveness of the method is shown by the experiment results on KDD CUP99 data and DARPA2000 data.
With the development of networks countermeasure technology, network security early-warning has become a key technology of constructing networks defense in depth architectures. Focusing on network real environment, upgrading comprehensive capacity of the network security defense, a complete set of network security early-warning control mechanism are first discussed; then, based on network defense in depth model, the design ideas, reaching goals, design principle and implementation technology of network security early-warning system are presented; and finally, from the dynamic monitoring, intrusion detection, real-time early-warning and process status tracking, the system function design and the procedure design of main function module are also given. This design model is valuable for guiding the developing practice of network security early-warning system.
With the advent internet in the 1990s to the present day facilities of ubiquitous computing, the internet has changed the computing world in a drastic way. It has traveled from the concept of parallelcomputing to distributed computing to grid computing and recently to cloud computing. Although the idea of cloud computing has been around for quite some time, it is an emerging field of computer science. Cloud computing can be defined as a computing environment where computing needs by one party can be outsourced to another party and when need be arise to use the computing power or resources like database or emails, they can access them via internet. Cloud computing is a recent trend in IT that moves computing and data away from desktop and portable PCs into large data centers. The main advantage of cloud computing is that customers do not have to pay for infrastructure, its installation, required man power to handle such infrastructure and maintenance. In this paper we will discuss what makes all this possible, what is the architectural design of cloud computing and its applications.
In the wake of recent events, network security and reliability have become top issues for service providers and enterprises. The worldwide cost of cyber attacks is estimated to have been in the $145 billion dollar range for 2003. 2003 was also regarded as the "worst year ever" for computer viruses and worms; in 2001 the Code Red worm took several days to create widespread damage, whereas Slammer in 2003 had significant impact in just minutes. Over 90% of network attacks resulting in significant financial loss originate from inside a network's perimeter. Unfortunately, there appears to be no end in sight to these threats to network security; in fact, there is an increasing trend of attacking financial resources in addition to computing resources. The newly ratified ITU-T Recommendation X.805 "security architecture for systems providing end-to-end communications" was developed as the framework for the architecture and dimensions in achieving end-to-end security of distributed applications. It provides a comprehensive, multilayered, end-to-end network security framework across eight security dimensions in order to combat network security threats. We introduce the X.805 standard and describe how it can be applied to all phases of a network security program. We also provide examples of the business impact of network security vulnerabilities and the application of X.805 for network security assessments. Enterprises and service providers alike should use X.805 to provide a rigorous approach to network security throughout the entire lifecycle of their security programs.
This paper studied the related theories of the network security event correlation analysis methods, and proposed the network security event correlation analysis method based on similar degree of the attributes. a detailed description and analysis of the method is gived in this paper, the method can realize the classification and merge of network security events according to the attributes similar degree of network security events. The similar degree of security events are identified by the similar degrees of characteristic attributes. It can not only remove redundant safety incidents, but also can compress security event number. Thus, it can effectively improve the network administrator's security incident analysis efficiency. The experimental results show that: the method is suitable for the massive security event information analysis and aggregation, can effectively reduce the number of security incidents, has a certain value.
In recent years, the agricultural information network construction has made a great progress in China. With the level of network openness improved, the probability of network attacked is increasing. So, it needs a higher demand for network stability and security. Through analyzing the status quo of agricultural information network security and network security defensive strategy architecture, this paper proposes a construction solution of agricultural information network security comprehensive management platform. Based on the different functions and regions of agricultural information network system, this solution optimizes the design and deployment with the way of security management and security technology. It makes the target of systematic and intensive management about agricultural information network security comprehensive defensive architecture is achieved
A Cloud computing system provides infrastructure layer services to users by managing virtualized infrastructure resources. The infrastructure resources include CPU, hyper visor, storage, and networking. Each category of infrastructure resources is a subsystem in a cloud computing system. The cloud computing system coordinates infrastructure subsystems to provide services to users. Most current cloud computing systems lacks pluggability in their infrastructure subsystems and decision algorithms, which restricts the development of infrastructure subsystems and decision algorithms incloud computing system. A cloud computing system should have the flexibility to switch from one infrastructure subsystem to another, and one decision algorithm to another with ease. This paper describes Roystonea, a hierarchical distributed cloud computing system with plug gable component architecture. The component pluggability ability gives administrators the flexibility to use the most appropriate subsystem as they wish. The component pluggability of Roystonea is based on a specifically designed interfaces among Roystonea controlling system and infrastructure subsystems components. The component pluggability also encourages the development of infrastructure subsystems in cloud computing. Roystonea provides a test bed for designing decision algorithms used in cloud computing system. The decision algorithms are totally isolated from other components in Roystonea architecture, so the designers of the decision algorithms can focus on algorithm design without worrying about how his algorithm will interact with other Roystonea components. We believed that component pluggability will be one of the most important issues in the research of cloud computing system.
In the Age of Information, network education pays more attention to the application of IT technology and the training of talents, which makes learning more of customization and of opening up. In order to better enable learners to go beyond the limitations of space and time to acquire knowledge; in order to provide excellent learning environment for greater freedom and greater choice of learning activities space, the project to building campus network has become the basis of all university building work. It is directly related to the quality and level of their teaching and scientific research work. The campus network has a number of tasks such as teaching, research, management and communication with the outside. Therefore, the issue of network security has become a priority to campus network management. Obviously, the current Internet is convenient but at the same time it is unsafe. As part of the Internet and the unique attributes of campus network, it is more easily attacked when enjoying the service provided by the Internet. This paper starts from the current security status of the campus network, analyzing threatens to campus network security and strategies to maintenance of network security, so as to establish a suitable campus network security system, and introduce some current popular campus network information security solutions
SSAP is developed for national backbone networks, large network operators, large enterprises and other large-scale networks. The system collects, interprets and displays the security factors which cause changes of network situation, and predicts the future development trend of these security factors. This paper describes its architecture and key technologies: security data integration technology for distributed heterogeneous network, association analysis technology oriented the major network security events, real-time analysis technology based on the data flow and multi-dimensional analysis for network security data, network security situation prediction technology, and so on. The performance tests show that SSAP has high real-time and accuracy in security situation analysis and trend prediction. The system meets the demands of analysis and prediction for large-scale network security situation.
The proposal of network security situational awareness (NSSA) research means a breakthrough and an innovation to the traditional network security technologies, and it has become a new hot research topic in network security field. Combined with evolutionary strategy and neural network, a quantitative method of network security situational awareness is proposed in this paper. Evolutionary strategy is used to optimize the parameters of neural network, and then the evolutionary neural network model is established to extract the network security situational factors, so the quantification of network security situation is achieved. Finally simulated experiment is done to validate that the evolutionary neural network model can extract situational factors and the model has better generalization ability, which supports the network security technical technologies greatly.
Stochastic game theory is proposed to apply in the research on network security situational awareness (NSSA), which is a research focus in network security field at present. A novel dynamic awareness method of network security situation (NSS) based on analyses of network service states is proposed in this paper. Realizing situation awareness is a dynamic process, and the diverse states of network services are just direct mirrors of the whole network security situation. Network security situation reflects what is happening in the network, including both the offense and defense behaviors in it. Stochastic game model of network security system is constructed in this paper, and network security situation is quantified by the game mathematical formulation, costs or rewards of attackers and defenders are established, and finally non-linear programming is used to compute the Nash equilibrium points, at which point both of the two sides get a balance between their benefits. Network security situation can then be dynamically achieved by visualizing the diverse metrics information of network services at Nash equilibrium during the operating of network system.
Network security model is a complex nonlinear system, and the network security situation value possesses the chaotic characters. The predictability of these situation values is of great significance for network security management. This paper proposes a novel prediction method, which is based on the echo state networks (ESNs) with small-world property. We can utilize this method to predict the network security situation after training and testing the acquired historical attack records. Verified by simulation results, the method has a higher prediction accuracy and speed compared with the conventional ESNs. Therefore it can reflect the network security situation in the future timely and accurately. We believe that this achievement will provide some practical guides for network administrators to supervise the network status.
The security evaluation for an information network system is an important management tool to insure its normal operation. We must realize the comprehensive network security risks and take effective security measures. A network evaluation model and the corresponding fuzzy algorithm are presented and adapt the hierarchical method to characterize the security risk situation. The model combined with the importance of the security measure, environment and the key nodes. The evaluation method based on RST is used to evaluate the key nodes and the fuzzy mathematics is used to analyze the whole network security situation. Compared with others, the method can automatically create a rule-based security evaluation model to evaluate the security threat from the individual security elements and the combination of security elements, and then evaluation the network situation. It is shown by experimental results that this system provides a valuable model and algorithms to help to find the security rules, adjust the security measure, improve the security performance and design the appropriate security risk evaluation and management tools.
Nowadays, many computers have been infected with the computer anomalies or viruses. The availability of network security visualization tools greatly facilitate to detect, perceive and defend computer users from being affected by these anomalies. Many of the network security visualization tools are designed particularly for users with advanced network security awareness even though the tools are indispensable by various types of computer users. We proposed an expert-aware approach to designing a system which formulated with a large amount of network data or high-dimensional data and adaptive for different types of users. In the preliminary phase, we proposed and implemented initial pre-expertise classification system which provides a default setting for the expert-aware network security visualization tool. The tool will learn from continual user feedbacks in order to statistically satisfy the needs of majority tool users. The expert-aware approach looks at the users' expertise level in network security and adapts the visualization views that are best suitable for the user. Initial results of the implementation of the system show that it is capable of representing several of network security data not only on two-dimensional space on a computer but also beyond that space. Systems features, such as system effectiveness and efficiency of data visualization have been improved. Our experiments in a network lab suggest that the tool can be further improved as the tool for distribution to a wide range of computer user.
Information Technology infrastructure continues to grow with evolving technology. The invention of the Internet has increased the use of computer and the mobile device. Nowadays, many people in the world use these devices. As a result, a large amount of data stored device and each device in the Internet were required to be connected each other because of sharing information. New business model has emerged with the increase of data and the development of Internet and mobile technology. This new business model is referred to as cloud computing. The cloud computing offers many advantages, but there are also many disadvantages. The advantages are flexibility and scalability and better security and large enterprises. This paper identifies security threats focused on cloud computing which is an essential part of the companies that want to use cloud computing services. The fundamental risk factors particular the cloud are elaborated. Finally, this paper provides some solutions about security threats for enterprise and service provider for the cloud computing deployment in order to provide the security of information. This paper does not mention new idea or innovation about cloud computing. Purpose of this study is intended to be a guide for people who is interested in cloud computing and want to take advantage of the cloud computing services.
Malicious attacks are frequently launched to make specified network service unavailable, compromising end hosts for political or business purpose. Though network security appliances are widely deployed to resist these attacks, there is a lack of dynamic and collaborative platform to flexibly configure and manage all the security elements. In this paper, we present NetSecu, a platform based on Java and Click Router, which can dynamically enable, disable and configure security elements such as firewall, IPS and AV. Furthermore, a collaborate module is implemented to integrate individual NetSecu platform into a Secure Overlay Network, providing collaborative traffic control against DDoS attack. Equipped with collaborate module, NetSecu platforms are organized in a tree hierarchy where each level node is registered to its father node. A Central Management Site acts as the root node for large scale deployment. The policy is distributed from higher level to lower level NetSecu nodes, while security events are aggregated from lower level to higher level. Performance evaluation shows that our NetSecu system can achieve line rate with and without security function. Finally we deploy the NetSecu platform in multiple sites, where our design is fully demonstrated and tested.
Computer networks are inevitably attacked as a result of their openness, while network attack usually actualized by exploiting vulnerability existing in network environment. Attack graph, consisted of lots of related atomic attacks, can fully display the exploitation and dependence relations among all of the vulnerabilities existed in network. Thus, it is a very useful tool for network vulnerability analysis and network security evaluation. However, the prevalent Attacker's Ability Monotonic Assumption (AAMA) constraint for attack graph generation could not make full use of the direction of network attack and the hierarchy of defense. As a result, using AAMA to constraint the process of attack graph generation is not only inefficient but also couldn't reduce the complexity of attack graph, especially for large-scale complicated network. According to lots of experiment and theoretical analysis, we found that it is mainly the existence of Circuitous Attack Paths (CAP) in attack graph lead to it complexity and the low efficiency of generation. To address this problem, we proposed the concept of Network Security Gradient (NSG) to reflect the direction of the network attack and the hierarchy of defense, and the Gradient Attack Assumption (GAA) to constraint the process of attack graph generation for the purpose of avoiding CAPs. Testified by a case study, using the GAA to constraint the process of attack graph generation can destruct those circuitous attack paths, therefore, is an effective way to improve the efficiency of attack graph generation and reduce the complexity of attack graph, and make it more useful for vulnerability analysis and network security evaluation.
With the increasing number of security devices and rules in the network, the complexity of detecting and tracing network security configuration errors become a very challenging task. This in turn increases the potential of security breaches due to rule conflicts, requirement violations or lack of security hardening. Most of the existing tools are either limited in scope as they do not offer a global analysis of different network devices or hard to comprehensively use because these tools are not declarative. Declarative logic programming can readily express network configurations and security requirements for verification analysis. In this paper, we use Prolog to model the entire network security configurations including topology, routing, firewall and IPSec. This is implemented in a tool called ConfigAnalyzer, which was also evaluated with large network and policy sizes. The tool allows for verifying reachability and security properties in flexible and expressive manner. It also allows for evaluating security configurations in terms of accessibilities credentials and rules.
Network security situation awareness is a new technology to monitor network security, and it is one of hot research domains in information security. The research situation of situation awareness all over the world is first analyzed. Network security situation awareness model (NSAM) based on simple additive weight and grey theory is presented. The construction of NSAM is divided into two stages: current network security situation evaluation modeling and future network security situation prediction modeling. The model of current network security situation evaluation using simple additive weight is established by the threat degree of various services attacked. The model of future network security situation prediction adopting grey theory is built by past and current network security situation. Test results show that NSAM is feasible and reasonable
As the volume of network data continues to increase and networks become more complex, the ability to accurately manage and analyze data quickly becomes a difficult problem. Many network management tools already use two-dimensional (2D) and three-dimensional (3D) visualization techniques to help support decision-making and reasoning of network anomalies and activity. However, a poor user interface combined with the massive amount of data could obfuscate important network details. As a result, administrators may fail to detect and identify malicious network behavior in a timely manner. 3D visualizations address this challenge by introducing monocular and binocular visual cues to portray depth and to increase the perceived viewing area. In this work, we explore these cues for 3D network security applications, with a particular emphasis on binocular disparity or stereoscopic 3D. Currently, no network security tool takes advantage of the enhanced depth perception provided by stereoscopic 3D technologies for vulnerability assessment. Compared to traditional 3D systems, stereoscopic 3D helps improve the perception of depth, which can, in turn reduce the number of errors and increase response times of network administrators. Thus, we introduce a stereoscopic 3D visual Framework for Rendering Enhanced 3D Stereoscopic Visualizations for Network Security (FRE3DS). Our novel framework uses state-of-the art 3D graphics rendering to assist in 3D visualizations for network security applications. Moreover, utilizing our framework, we propose a new 3D Stereoscopic Vulnerability Assessment Tool (3DSVAT). We illustrate the use of 3DSVAT to assist in rapid detection and correlation of attack vulnerabilities in a subset of a modified local area network data set using the enhanced perception of depth in a stereoscopic 3D environment.
Evaluation of network security is an essential step in securing any network. This evaluation can help security professionals in making optimal decisions about how to design security countermeasures, to choose between alternative security architectures, and to systematically modify security configurations in order to improve security. However, the security of a network depends on a number of dynamically changing factors such as emergence of new vulnerabilities and threats, policy structure and network traffic. Identifying, quantifying and validating these factors using security metrics is a major challenge in this area. In this paper, we propose a novel security metric framework that identifies and quantifies objectively the most significant security risk factors, which include existing vulnerabilities, historical trend of vulnerability of the remotely accessible services, prediction of potential vulnerabilities for any general network service and their estimated severity and finally policy resistance to attack propagation within the network. We then describe our rigorous validation experiments using real- life vulnerability data of the past 6 years from National Vulnerability Database (NVD)  to show the high accuracy and confidence of the proposed metrics. Some previous works have considered vulnerabilities using code analysis. However, as far as we know, this is the first work to study and analyze these metrics for network security evaluation using publicly available vulnerability information and security policy configuration.
Network security polices are essential elements in Internet security devices that provide traffic filtering, integrity, confidentiality, and authentication. Network security perimeter devices such as firewalls, IPSec, and IDS/IPS devices operate based on locally configured policies. However, configuring network security policies remains a complex and error-prone task due to rule dependency semantics and the interaction between policies in the network. This complexity is likely to increase as the network size increases. A successful deployment of a network security system requires global analysis of policy configurations of all network security devices in order to avoid policy conflicts and inconsistency. Policy conflicts may cause serious security breaches and network vulnerability such as blocking legitimate traffic, permitting unwanted traffic, and insecure data transmission. This article presents a comprehensive classification of security policy conflicts that might potentially exist in a single security device (intrapolicy conflicts) or between different network devices (interpolicy conflicts) in enterprise networks. We also show the high probability of creating such conflicts even by expert system administrators and network practitioners.
Network security visualization is a highlighted topic of network security research in recent years, The existing research situation of network security visualization is analyzed. For the technical issues that the index of security situation is not accurate, and visual effects is not straightforward, the paper designed and implemented the security situation visualization prototype system based on geographic information systems, network topology graph, attack paths. The security situation data show in multiple views, multi-angle, multi-level display to the user by visualization technology, therefore the performance of the security situation will be more accurate and vivid, assessment of network security situation become timely and accurate, laying the foundation for rapid decision-making.
Evaluation for computer network information security is helpful for taking corresponding preventive measures. In order to obtain a comprehensive assessment of network security, analytic hierarchy process (AHP) model is proposed to assess the computer network information security. As the criteria and the relevant factors are decomposed hierarchically corresponding to evaluation and judgment of the problem, all kinds of factors of influencing network security are researched and the evaluation indexes for computer network information security are constructed, analytic hierarchy process (AHP) evaluation model for computer network information security is constructed on the basis of the evaluation indexes. The experimental results indicate that the evaluation of computer network information security by analytic hierarchy process is effective.
With increasing network security threats, the network vulnerability must consider exploits in the context of multistage, multi-host attack scenarios. The general approach to this problem is to construct an attack graph for a given network configuration. An attack graph consists of a number of attack paths which are essentially series of exploits which an attacker employs to reach the destination. Each attack path depicts an attack scenario. As the number of attack scenarios increases, the overall security of the network reduces. Thus there is need for quantification of security level of a given network. In this paper, two security metrics, namely probabilistic security metric and attack resistance metric, have been employed to evaluate the relative security levels of various network configurations. A case study has been presented to demonstrate the applicability of the proposed approach.
Modern enterprise infrastructures adopt multilayer network architectures and heterogeneous server environments in order to efficiently fulfill each organization's goals and objectives. These complex network architectures have resulted in increased demands of information security measures. Each organization needs to effectively deal with this major security concerns, forming a security policy according to its requirements and objectives. An efficient security policy must be proactive in order to provide sufficient defense layers against a variety of known and unknown attack classes and cases. This proactive approach is usually interpreted wrongly in only up-to-date software and hardware. Regular updates are necessary, although, not enough, because potential mis-configurations and design flaws cannot be located and patched, making the whole network vulnerable to attackers. In this paper we present how a comprehensive security level can be reached through extensive Penetration Tests (Ethical Hacking). We present a Penetration Test methodology and framework capable to expose possible exploitable vulnerabilities in every network layer. Additionally, we conducted an extensive analysis of a network penetration test case study against a network simulation lab setup, exposing common network mis-configurations and their security implications to the whole network and its users.
Focused on the network security situation evaluation, a novel hierarchical evaluation system, which is based on Grey Clustering Analysis, is proposed. In this system, network attacks are classified into "Strong", "Medium", and "Weak" three harmful levels by Grey Clustering Analysis to construct a hierarchical index system. Then, the Analytic Hierarchy Process is used to calculate the impact factor of each network attack, and form the evaluation system to calculate the network security situation value. With Grey Clustering Analysis, harmful level ownership of each network attacks is determined, and each network attacks' influence can be truly reflected. Moreover, network security situation value's calculation speed can be improved by Analytic Hierarchy Process. Finally, large amounts of electric power on-site experiments indicated that the evaluation system is well performed by showing network security situation in both coarse-grained and fine-grained analysis.
The risk analysis is an important process for enforcing and strengthening efficient and effective security. Due to the significant growth of the Internet, application services, and associated security attacks, information professionals face challenges in assessing risk of their networks. The assessment of risk may vary with the enterprise's requirements. Hence, a generic risk analysis technique is suitable. Moreover, configuring a network with correct security policy is a difficult problem. The assessment of risk aids in realizing necessary security policy. Risk is a function of security threat and impact. Security threats depend on the traffic reachability. Security devices like firewalls are used to selectively allow or deny traffic. However, the connection between the network risk and the security policy is not easy to establish. A small modification in the network topology or in the security policy, can change the risk significantly. It is hard to manually follow a systematic process for configuring the network towards security hardening. Hence, an automatic generation of proper security controls, e.g., firewall rules and host placements in the network topology, is crucial to keep the overall security risk low. In this paper, we first present a declarative model for the qualitative risk analysis. We consider transitive reachability, i.e., reachability considering one or more intermediate hosts, in order to compute exposure of vulnerabilities. Next, we formalize our risk analysis model and the security requirements as a constraint satisfaction problem using the satisfiability modulo theories (SMT). A solution to the problem synthesizes necessary firewall policies and host placements. We also evaluate the scalability of the proposed risk analysis technique as well as the synthesis model.
With the rapid development of computer network technology, the security of computer network becomes increasingly important. Three main threats facing computer network security include: hackers, computer virus and denial of service attack. Things leading to the safety of the network are mainly: resources sharing, data communication, computer virus and TCP/IP protocol security flaws. A safety network system should include at least three kinds of measures: legal measures, technical measures and review and management measures. The paper analyzes the main threat facing computer network security, discusses network security technology and advances some effective countermeasures in view of the hidden danger of current common network security.
The validity of the security policy has important impacts on the safety performance of network information system. For purpose of verifying it effectively, an assessment model of network security policy based on security capability is proposed. The relationship of defense methods, application targets, and information security attribute characteristics is analyzed based on the establishing of security domain and security policy, and the network security capability of security policy is evaluated. Result shows that the model can effectively reflect the protect ability of security policy. It provides a new solution and reference for assessing and adjusting the network security policy, so as to better ensure system security.
As the traditional network security assessment methods have subjective factors when the weights a assessment indexes are identified, it is difficult to make accurate and objective assessment. However, the Rough set theory has the advantages of not needing apriori knowledge when dealing with uncertain problems. Therefore, the application of the Rough set theory in network security assessment is quite necessary. This paper is identifies the principle of assessment indexes system of network security and establishes the indexes system of network security assessment, establishes security assessment model and common steps of network security assessment which are both based on the Rough set theory, and finally analyzes and validates this model by an example. The network security assessment based on the Rough set theory effectively overcomes the subjectivity of determining the weights of indexes by traditional methods, gives more objective results, and enhances the veracity and validity of network security assessment
The evaluation of network security is a hot issue in present research of network security. After acquiring each host's confidentiality, integrity and availability evaluation index by attacking the network, we can directly evaluate the network security. But, for the network with Read-Write management privilege setting to the root directory, it is necessary to execute the state transition of the security attribute value by reason of the existence of root directory Read-Write relationship. Firstly, the Read-Write transition model and correlative concepts are presented for the root directory with Read-Write privilege setting; then the model transition function is formalized by the state transition arithmetic operator ⊙. Based on the transition model, we have designed the network security state transition machine and the network security evaluation model. Finally, the method's feasibility and validity are verified by practical example analysis.
Network security problems emerge in an endless stream and cause the inestimable damage. To solve network security problems efficiently, it is not enough to make good protection at nodes or protect networks from outside attacks. Many network security problems should be solved efficiently in collaborative approaches which can integrate various resources over internet to defense network security. In this paper, we have designed and implemented a collaborative network security platform based on P2P system. The nodes participated in the P2P system can publish their designed defensible services against network security problems. Based on the published services, collaborative network applications can be developed easily to solve the network security problems on demand. An experiment against TCP SYN flooding attack is demonstrated by the designed defensible services including packets sniffing, forwarding, filtering, and logging services, which can trace the attack origins and filter malicious traffic efficiently.
Many computers have been infected with the computer anomalies. The availability of network security visualization tools greatly facilitate to perceive computer users from being affected by these anomalies. Many of the network security visualization tools are designed particularly for users with advanced network security knowledge even though the tools are indispensable by various types of computer users. We proposed an expert-aware approach to designing a system which formulated with a large amount of network data or high-dimensional data and adaptive for different types of users. In the preliminary phase, we construct an expertise classification algorithm which provides a default setting for the expert-aware network security visualization tool. The tool will learn from continual user feedbacks in order to statistically satisfy the needs of majority tool users. The expert-aware approach looks at the users' expertise level in network security and adapts the visualization views that are best suitable for the user. Initial results of the implementation of the system show that it is capable of representing several of network security data not only from small network but also complicated high dimensional network. Our main focus in this paper is to fulfill different requirements from different computer users.
In traditional Open Systems Interconnection (OSI) layered model, many security protocols in layers are proposed to provide network security. Because security protocols among layers are lack of cooperation, system performance degrades due to security redundancy and furthermore causes system overloading. Therefore, the paper proposes a cross-layer design network security management (CLDNSM) to protect system security while improve system performance, such as CPU utilization. First, the multiple security-dimension quantification (MSDQ) metric is proposed to evaluate holistic system security. Then, the proposed CLDNSM aggregates system information from layers and uses it to obtain the optimal security settings of layers according to the MSDQ metric. The simulation results show that system performance will be improved without sacrificing security protect compared to OSI layered model by using CLDNSM. Finally, to adapt to dynamic environments, security constraints will be modified automatically in a limited range to avoid system overloads, the simulation results show that the system overloads are under control
Cloud computing is becoming a popular paradigm. Many recent new services are based on cloud environments, and a lot of people are using cloud networks. Since many diverse hosts and network configurations coexist in a cloud network, it is essential to protect each of them in the cloud network from threats. To do this, basically, we can employ existing network security devices, but applying them to a cloud network requires more considerations for its complexity, dynamism, and diversity. In this paper, we propose a new framework, CloudWatcher, which provides monitoring services for large and dynamic cloud networks. This framework automatically detours network packets to be inspected by pre-installed network security devices. In addition, all these operations can be implemented by writing a simple policy script, thus, a cloud network administrator is able to protect his cloud network easily. We have implemented the proposed framework, and evaluated it on different test network environments.
Considering the multi-source information lack of automation management, analysis and evaluation in network security field, a new network security situational evaluation model based on D-S evidence theory is proposed. This method fuses multi-source alarm information through D-S evidence theory, associates with nodes vulnerability information, integrates with the severity of threats, computes the value of network security situational assessment, and draws the security-situation-graph of network. Results of case analysis show that the novel algorithm can provide more objective and detailed extract situation information so that the security administrator may form a clearer picture for the whole network security situation
Network security event correlation can find real threat through correlating security events and logs generated by different security devices and can be aware of the network security situation accurately. This paper propose a network security events correlation scheme based on rough set, build database of network security events and knowledge base, gives rule generation method and rule matcher. This method solves the simplification and correlation of massive security events through combining data discretization, attribute reduction, value reduction and rule generation.