Unauthorized Intrusion Research Articles

DECISION SUPPORT IN CYBERSECURITY PROBLEMS BASED ON MATRIX OF SIGNS OF CYBERTHREATS

Due to the globalization of the use of information technologies and systems, the main problem of ensuring their smooth functioning is the cybersecurity of electronic resources and information security from destructive and unauthorized intrusions. Systems for detecting or recognizing various network intrusions, as well as determining the quality of attacks and anomalies, have their own niche in the market.This paper describes a method and algorithms for the formation of a feature space for the base of an intellectualized decision support system in cybersecurity problems. Intellectualized support system for promoting the protection of information about yourself with complex systems. The described algorithms allow you to dynamically replenish the database when new threats appear, which will reduce the time for their analysis, at the same time for cases of difficult-to-explain symptoms and reduce the number of false positives in the system for detecting threats, anomalies and attacks on information objects

ПОБУДОВА СИСТЕМ ВИЯВЛЕННЯ АТАК В ІНФОРМАЦІЙНИХ МЕРЕЖАХ НА НЕЙРОМЕРЕЖЕВИХ СТРУКТУРАХ

Systems for detecting network intrusions and detecting signs of attacks on information systems have long been used as one of the necessary lines of defense of information systems. Today, intrusion and attack detection systems are usually software or hardware-software solutions that automate the process of monitoring events occurring in an information system or network, as well as independently analyze these events in search of signs of security problems. As the number of different types and ways of organizing unauthorized intrusions into foreign networks has increased significantly in recent years, attack detection systems (ATS) have become a necessary component of the security infrastructure of most organizations. The article proposes a software prototype of a network attack detection system based on selected methods of data mining and neural network structures. The conducted experimental researches confirm efficiency of the created model of detection for protection of an information network. Experiments with a software prototype showed high quality detection of network attacks based on neural network structures and methods of intelligent data distribution. The state of protection of information systems to counter cyber attacks is analyzed, which made it possible to draw conclusions that to ensure the security of cyberspace it is necessary to implement a set of systems and protection mechanisms, namely systems: delimitation of user access; firewall; cryptographic protection of information; virtual private networks; anti-virus protection of ITS elements; detection and prevention of intrusions; authentication, authorization and audit; data loss prevention; security and event management; security management.

Integrated Peripheral Security System for Different Areas Based on Exchange of Specific Data Rates

Securing large areas specifically establishments of national importance like military areas, nuclear site or parliament etc. from unauthorized intrusion is difficult, complex and costly. In this paper, we propose Integrated Peripheral Security System for different areas based on specific data rate exchange. This system overcomes the limitations of conventional security systems. Data rate based peripheral security system has been confined to local command unit formerly. In the proposed system, central authority can visualize, control and update the security information on local command, and provide a cost-effective solution compared to existing systems.

A Contingency Plan Framework for Cyber-Attacks

Contingency plans administered in computer centers are necessary for business continuity since organizations not only store or process data to offer different service platforms. Organizations could experience different repercussions facing external or internal risks affecting their investments. The fact of having computer support for unwanted events that affect devices is important. Cyber-attacks in data networks lead to a serious problem due to economic damages that an unauthorized intrusion entails. A contingency plan for cyber-attacks can cover just technical issues. However, these are long term projects with continuous execution and improvement, since necessary tasks master for going from production to contingency, and then reversing the changes in the case whether an emergency or an unexpected event occurs. This paper aims to be a framework reference about how to cope with a situation of cyber-attack.

Automatic Recovery of Database Structure (ARDS)

One of the evolutions of information technology which is a very fascinating feature is the application of the auto recovery. This feature enables an external system to automatically diagnose other systems, detects the error that causes the failure, then recovers and reconfigures the system. The concept of software and web auto recovery is widely used in much software such as windows operating system which restores and recovers tools.  Since the aim is to fast recover the application and keep it running and available as optimal as possible then it will be suitable to apply this capability to the database applications to fast recover from any unexpected change that may happen. This paper proposes an auto-recovery system that monitors, diagnoses, checks and heals database applications automatically and immediately with unnoticeable recovery time. The aim is to recover and to redo the changes that happened to the database by internal unauthorized user or external intrusion. To test the practical applicability of the proposed methodology, an application has been developed to demonstrate the methodology and apply it for real time database applications. The results of experiments performed on different scenarios demonstrated the ability of the proposed framework to recover database applications.

Big Data Meet Cyber-Physical Systems: A Panoramic Survey

The world is witnessing an unprecedented growth of cyber-physical systems (CPS), which are foreseen to revolutionize our world via creating new services and applications in a variety of sectors, such as environmental monitoring, mobile-health systems, intelligent transportation systems, and so on. The information and communication technology sector is experiencing a significant growth in data traffic, driven by the widespread usage of smartphones, tablets, and video streaming, along with the significant growth of sensors deployments that are anticipated in the near future. It is expected to outstandingly increase the growth rate of raw sensed data. In this paper, we present the CPS taxonomy via providing a broad overview of data collection, storage, access, processing, and analysis. Compared with other survey papers, this is the first panoramic survey on big data for CPS, where our objective is to provide a panoramic summary of different CPS aspects. Furthermore, CPS requires cybersecurity to protect them against malicious attacks and unauthorized intrusion, which become a challenge with the enormous amount of data that are continuously being generated in the network. Thus, we also provide an overview of the different security solutions proposed for CPS big data storage, access, and analytics. We also discuss big data meeting green challenges in the contexts of CPS.

From Healthcare to Warfare and Reverse: How Should We Regulate Dual-Use Neurotechnology?

Recent advances in military-funded neurotechnology and novel opportunities for misusing neurodevices show that the problem of dual use is inherent to neuroscience. This paper discusses how the neuroscience community should respond to these dilemmas and delineates a neuroscience-specific biosecurity framework. This neurosecurity framework involves calibrated regulation, (neuro)ethical guidelines, and awareness-raising activities within the scientific community.

A secure and efficiently searchable health information architecture

Patient-centric repositories of health records are an important component of health information infrastructure. However, patient information in a single repository is potentially vulnerable to loss of the entire dataset from a single unauthorized intrusion. A new health record storage architecture, the personal grid, eliminates this risk by separately storing and encrypting each person’s record. The tradeoff for this improved security is that a personal grid repository must be sequentially searched since each record must be individually accessed and decrypted. To allow reasonable search times for large numbers of records, parallel processing with hundreds (or even thousands) of on-demand virtual servers (now available in cloud computing environments) is used. Estimated search times for a 10 million record personal grid using 500 servers vary from 7 to 33min depending on the complexity of the query. Since extremely rapid searching is not a critical requirement of health information infrastructure, the personal grid may provide a practical and useful alternative architecture that eliminates the large-scale security vulnerabilities of traditional databases by sacrificing unnecessary searching speed.

Perspectives on Cybersecurity: A Collaborative Study

Almost everyone recognizes the emergence of a new challenge in the cyber domain, namely increased threats to the security of the Internet and its various uses. Seldom does a day go by without dire reports and hair raising narratives about unauthorized intrusions, access to content, or damage to systems, or operations. And, of course, a close correlate is the loss of value. entire industry is around threats to cyber security, prompting technological innovations and operational strategies that promise to prevent damage and destruction. This paper is a collection chapters entitled 1) Cybersecurity – Problems, Premises, Perspectives, 2) An Abbreviated Technical Perspective on Cybersecurity, 3) The Conceptual Underpinning of Cyber Security Studies 4) Cyberspace as the Domain of Content, 5) The Conceptual Underpinning of Cyber Security Studies, 6) China’s Perspective on Cyber Security, 7) Pursuing Deterrence Internationally in Cyberspace, 8) Is Deterrence Possible in Cyber Warfare? and 9) A Theoretical Framework for Analyzing Interactions between Contemporary Transnational Activism and Digital Communication.

Analysis of the Deployment Quality for Intrusion Detection in Wireless Sensor Networks

The intrusion detection application in a homogeneous wireless sensor network is defined as a mechanism to detect unauthorized intrusions or anomalous moving attackers in a field of interest. The quality of deterministic sensor nodes deployment can be determined sufficiently by a rigorous analysis before the deployment. However, when random deployment is required, determining the deployment quality becomes challenging. An area may require that multiple nodes monitor each point from the sensing area; this constraint is known ask-coverage wherekis the number of nodes. The deployment quality of sensor nodes depends directly on node density and sensing range; mainly a random sensor nodes deployment is required. The major question is centred around the problem of network coverage, how can we guarantee that each point of the sensing area is covered by the required number of sensor nodes and what a sufficient condition to guarantee the network coverage? To deal with this, probabilistic intrusion detection models are adopted, called single/multi-sensing detection, and the deployment quality issue is surveyed and analysed in terms of coverage. We evaluate the capability of our probabilistic model in homogeneous wireless sensor network, in terms of sensing range, node density, and intrusion distance.

Application of foreground object patterns analysis for event detection in an innovative video surveillance system

SmartMonitor is an innovative surveillance system based on video content analysis. It is a modular solution that can work in several predefined scenarios mainly concerned with home/surrounding protection against unauthorized intrusion, supervision over ill person and crime detection. Each scenario is associated with several actions and conditions, which imply the utilization of algorithms with various input parameters. In this paper, focus is put on the analysis of foreground object patterns for the purposes of event recognition, as well as the experimental investigation of selected methods and algorithms which were developed and employed for the SmartMonitor system prototype. The prototype performs three main tasks: detection and localization of foreground regions using adaptive background modelling based on Gaussian Mixture Models, candidate objects extraction and classification using Haar and HOG descriptors, and tracking using Mean-Shift algorithm. The main goal of the work described here is to match system parameters with each scenario to provide the highest effectiveness and to decrease the number of false alarms.

Explaining Users' Security Behaviors with the Security Belief Model

Information security is often viewed as a technological matter. However, security professionals will readily admit that without safe practices by users, no amount or type of technology will be effective at preventing unauthorized intrusions. By paralleling the practices of information security and health prevention, a rationale for employing constructs from existing models of health behavior is established. A comprehensive and parsimonious model (the Security Belief Model) is developed to explain information security behavior intentions. The model is tested empirically based on a sample of 237 Indian professionals. The results of the empirical study indicate general support for the model, particularly including severity, susceptibility, benefits, and a cue to action as antecedents to the intention to perform preventive information security behaviors. The paper also discusses implications of the model and results for practitioners and possibilities for future research are included.

"SmartMonitor"--an intelligent security system for the protection of individuals and small properties with the possibility of home automation.

“SmartMonitor” is an intelligent security system based on image analysis that combines the advantages of alarm, video surveillance and home automation systems. The system is a complete solution that automatically reacts to every learned situation in a pre-specified way and has various applications, e.g., home and surrounding protection against unauthorized intrusion, crime detection or supervision over ill persons. The software is based on well-known and proven methods and algorithms for visual content analysis (VCA) that were appropriately modified and adopted to fit specific needs and create a video processing model which consists of foreground region detection and localization, candidate object extraction, object classification and tracking. In this paper, the “SmartMonitor” system is presented along with its architecture, employed methods and algorithms, and object analysis approach. Some experimental results on system operation are also provided. In the paper, focus is put on one of the aforementioned functionalities of the system, namely supervision over ill persons.

Performance Evaluation of Security-Throughput Tradeoff with Channel Adaptive Encryption

With the ever increasing volume of information over wireless medium, security has assumed an important dimension. The security of transmitted data over a wireless channel aims at protecting the data from unauthorized intrusion. Wireless network security is achieved using cryptographic primitives. Some properties that give encryption mechanism their cryptographic strength also make them very sensitive to channel error as well. Therefore, security for data transmission over wireless channel results in throughput loss. Tradeoff between security and throughput is always a major concern in wireless networks. In this paper, a Link Adaptive Encryption scheme is evaluated that adapts to channel variations and enhances the security level of WLANs without making any compromise with the network performance. Numerical results obtained through simulation for link adaptive encryption scheme are compared with the fixed block length encryption technique operating in Cipher Block Chaining (CBC) mode of operation. Optimal block length is also computed, which is assumed to be the effective strength of the cipher. It has been observed that security attained with link adaptive scheme operating in CBC mode is a better solution for security and throughput tradeoff.

Study and Performance Evaluation of Security-Throughput Tradeoff with Link Adaptive Encryption Scheme

With the ever increasing volume of information over wireless medium, security has assumed an important dimension. The security of transmitted data over a wireless channel aims at protecting the data from unauthorized intrusion. Wireless network security is achieved using cryptographic primitives. Some properties that give encryption mechanism their cryptographic strength also make them very sensitive to channel error as well. Therefore, security for data transmission over wireless channel results in throughput loss. Trade-off between security and throughput is always a major concern in wireless networks. In this paper, a Link Adaptive Encryption scheme is evaluated that adapts to channel variations and enhances the security level of WLANs without making any compromise with the network performance. Numerical results obtained through simulation are compared with the fixed block length encryption technique in two different modes of operation- Electronic Code Book (ECB) & Cipher Block Chaining (CBC). Optimal block length is also computed, which is assumed to be the effective strength of the cipher. It has been observed that security attained with link adaptive scheme operating in ECB mode of cipher is a better solution for security and throughput trade-off. However, it is found that if computational security is a major concern, link adaptive scheme in CBC mode should be preferred.

Kernelized Extreme Learning Machine with Levenberg-Marquardt Learning Approach towards Intrusion Detection

and system security is of vital importance in the present data communication environment. Hackers and intruders can create many successful attempts to cause the crash of the networks and web services by unauthorized intrusion. New threats and associated solutions to prevent these threats are emerging together with the secured system evolution. Intrusion Detection Systems (IDS) are one of these solutions. The main function of Intrusion Detection System is to protect the resources from threats. It analyzes and predicts the behaviours of users, and then these behaviours will be considered an attack or a normal behaviour. There are several techniques which exist at present to provide more security to the network, but most of these techniques are static. On the other hand, intrusion detection is a dynamic one, which can give dynamic protection to the network security by observing the attack. In recent times, Extreme Learning Machine (ELM) has been extensively applied to provide potential solutions for the IDS problem. But, the practicability of ELM is affected because of the complexity in choosing the suitable ELM parameters. Hence, in this paper sigma ( ) of the radial basis kernel function is tuned using Levenberg-Marquardt (LM) learning and proposed kernelized Extreme Learning Machine with LM. In order to obtain a converged solution, LM learning is utilized. The experiment is carried out with the help of WEKA by using KDD Cup 1999 dataset and the results indicate that the proposed technique can achieve higher detection rate, very low false alarm rate and to achieve high accuracy than the regular ELM algorithms. This method is used to decrease the space densisty of the data. KeywordsDetection System (IDS), Extreme Learning Machine (ELM), Radial Basis Function (RBF), Kernel Function, Leave-One-Out (LOO), Kernel Partial Least Squares (K-PLS)

A Proposed Method for Increase Security in SCADA Systems

SCADA (Supervisory Control and Data Acquisition) refers to the combination of telemetry and data acquisition (1). Modern public infrastructure systems use SCADA systems for daily operation. This includes water treatment systems; electric power transmission, distribution, and generation; petroleum storage and refineries; chemical production and processing; railroads and mass transit; and manufacturing. The SCADA system provides monitoring, data analysis, and control of the equipment used to manage most public infrastructure systems. Little attention was given to security considerations in the initial design and deployment of these systems, which has caused an urgent need to upgrade existing systems to withstand unauthorized intrusions potentially leading to terrorist attacks. The security of these systems is critical for the operation of our society. Security of these services should have high priority. This paper identifies threats faced by SCADA and investigates effective methods to enhance its security by analyzing DNP3 protocols, which has become a de facto industry standard protocol for implementing the SCADA communications. Finally we will summarize our results and try to recommend methods to overcome the vulnerabilities on these systems.

PRINCIPLES OF PREDICTION OF INFORMATION PROTECTION IN THE COMMUNICATION NETWORK

An active method for combating unauthorized intrusion into the communication network operation is discussed. Preventive measures are planned based on known data on vulnerability of software products. An open NVD database is used. The most dangerous threats are predicted in the form of a game between two partners: the attacker and the defender. The game results in recommendations on information protection for the studied program system.

Anomaly Base Network Intrusion Detection by Using Random Decision Tree and Random Projection: A Fast Network Intrusion Detection Technique

Network Intrusion Detection Systems (NIDSs) have become an important component in network security infrastructure. Currently, many NIDSs are rule-based systems whose performances highly depend on their rule sets. Unfortunately, due to the huge volume of network traffic, coding the rules by security experts becomes difficult and time-consuming. Since data mining techniques can build network intrusion detection models adaptively, data mining-based NIDSs have significant advantages over rule-based NIDSs. Network and system security is of paramount importance in the present data communication environment. Hackers and intruders can create many successful attempts to cause the crash of the networks and web services by unauthorized intrusion. New threats and associated solutions to prevent these threats are emerging together with the secured system evolution. Network Intrusion Detection Systems are one of these solutions. The main function of NIDSs is to protect the resources from threats. It analyzes and predicts the behaviors of users, and then these behaviors will be considered an attack or a normal behavior. We use Random projection and Random Tree to detect network intrusions.

Exploiting timed automata based fuzzy controllers for designing adaptive intrusion detection systems

Network intrusion detection systems (NIDSs) are pattern recognition problems that classify network traffic patterns as either ‘normal’ or ‘abnormal’. Precisely, the main aim of intrusion detection is to identify unauthorized use, misuse, and abuse of computers by detecting malicious network activities such as port scans, denial of service or other attempts to crack computer network environments. Even though the incorporation of conventional Soft Computing techniques in NIDSs has yielded to good solutions, the strong dynamism characterizing network intrusion patterns tend to invalidate the usability of existing framework. To tackle this issue, our proposal performs an adaptive supervised learning on a collection of time series that characterizes the network behavior to create a so-called timed automata-based fuzzy controller (TAFC), i.e. an evolvable fuzzy controller whose dynamic features allow to design an advanced network intrusion detection system able to directly deal with computer network dynamism and support networks’ administrators to prevent eventual damages coming from unauthorized network intrusion. As will be shown in experiments, where our approach has been compared with a conventional Mamdani fuzzy controller, the proposed system reduces the detection error and, as consequence, improves the computer network robustness.