Prevent Network Attacks Research Articles

Attack Graph Analysis for Network Anti-Forensics

The development of technology in computer networks has boosted the percentage of cyber-attacks today. Hackers are now able to penetrate even the strongest IDS and firewalls. With the help of anti-forensic techniques, attackers defend themselves, from being tracked by destroying and distorting evidences. To detect and prevent network attacks, the main modus of operandi in network forensics is the successful implementation and analysis of attack graph from gathered evidences. This paper conveys the main concepts of attack graphs, requirements for modeling and implementation of graphs. It also contributes the aspect of incorporation of anti-forensic techniques in attack graph which will help in analysis of the diverse possibilities of attack path deviations and thus aids in recommendation of various defense strategies for better security. To the best of our knowledge, this is the first time network anti-forensics has been fully discussed and the attack graphs are employed to analyze the network attacks. The experimental analysis of anti-forensic techniques using attack graphs were conducted in the proposed test-bed which helped to evaluate the model proposed and suggests preventive measures for the improvement of security of the networks.

Research on Firewall System for Confidential Network

To satisfy the special needs of confidential networks, a protection method of combining ingress and egress access control for network boundary security is proposed. In preventing network attacks, a combined mechanism of packets filtering firewall and intrusion detection system based on artificial neural network and rule matching is implemented to increase the accuracy of intrusion detection. In preventing information leakage, techniques of identity authentication and content filtering are integrated into the mechanism of egress access control so that strategies with more flexibility in security auditing and access control can be implemented, which is effective to prevent the sensitive or secret data from leaking out and to trace the source of leakage.

An architecture for exploiting multi‐core processors to parallelize network intrusion prevention

AbstractIt is becoming increasingly difficult to implement effective systems for preventing network attacks, due to the combination of the rising sophistication of attacks requiring more complex analyses to detect; the relentless growth in the volume of network traffic that we must analyze; and, critically, the failure in recent years for uniprocessor performance to sustain the exponential gains that for so many years CPUs have enjoyed. For commodity hardware, tomorrow's performance gains will instead come from multi‐core architectures in which a whole set of CPUs executes concurrently. Taking advantage of the full power of multi‐core processors for network intrusion prevention requires an in‐depth approach. In this work we frame an architecture customized for parallel execution of network attack analysis. At the lowest layer of the architecture is an ‘Active Network Interface’, a custom device based on an inexpensive FPGA platform. The analysis itself is structured as an event‐based system, which allows us to find many opportunities for concurrent execution, since events introduce a natural asynchrony into the analysis while still maintaining good cache locality. A preliminary evaluation demonstrates the potential of this architecture. Copyright © 2009 John Wiley & Sons, Ltd.