Статьи журнала - International Journal of Computer Network and Information Security
Все статьи: 1110
An experimental evaluation of tools for estimating bandwidth-related metrics
Статья научная
For many different applications, current information about the bandwidth-related metrics of the utilized connection is very useful as they directly impact the performance of throughput sensitive applications such as streaming servers, IPTV and VoIP applications. In literature, several tools have been proposed to estimate major bandwidth-related metrics such as capacity, available bandwidth and achievable throughput. The vast majority of these tools fall into one of Packet Pair (PP), Variable Packet Size (VPS), Self-Loading of Periodic Streams (SLoPS) or Throughput approaches. In this study, seven popular bandwidth estimation tools including nettimer, pathrate, pathchar, pchar, clink, pathload and iperf belonging to these four well-known estimation techniques are presented and experimentally evaluated in a controlled testbed environment. Differently from the rest of studies in literature, all tools have been uniformly classified and evaluated according to an objective and sophisticated classification and evaluation scheme. The performance comparison of the tools incorporates not only the estimation accuracy but also the probing time and overhead caused.
Бесплатно
An extended approach for enhancing packet-loss of inter-SGSN in 3G mobile networks
Статья научная
This paper presents a new SRNC relocation approach based on BOFC functions. The new approach handles all possible combinations of the user equipment movements, particularly, when it moves across overlapped regions with different GGSN branches. Additionally, it integrates both RNC and BS levels in order to reduce the number of packets loss during the hard handover process. The experimental results showed that the new approach reduces the packet-loss ratio in comparison to both SRNC and BOFC approaches. Besides, the experimental results showed that the average execution time of the handover procedure in each network component is closed to the average execution time of the BOFC approach.
Бесплатно
An implementation of software routing for building a private cloud
Статья научная
The demand on cloud computing is increasing, more organizations tend to use it to store and process their data. In this article, we address some challenges starting by building a private cloud from our own company’s old devices, and then implementing some functionalities that a private cloud can offer to its users. Since cloud computing is a paradigm which is based mainly on a virtualized environment, therefore we used Proxmox Virtual Environment which is an open source free server virtualization technology for this purpose. Then we deployed software routers on the virtual routers through Quagga software to perform the routing functionality among the virtual machines. Finally, and in order to show the real use of our private cloud, an open source Nextcloud service is installed which is a free file sharing software that is used to show Software as a Service (SaaS) usage of our private cloud. We tested our implementation of private cloud computing through two case studies that showed a successful access of a user to the Nextcloud service. In the same time, we tested the routing functionality of the private cloud through the use of Quagga software router without using a physical router. As a result, our private cloud is fully oriented open source, cost effective and reliable.
Бесплатно
An improved DNA based security model using reduced cipher text technique
Статья научная
An essential parameter of information security during data transmission is a secure cryptographic system. In this paper a new cryptographic security technique is proposed to secure data from un-authorized access. The proposed system incorporate cryptology technique of encryption inherits the concept of DNA based encryption using a 128-bit key. Besides this key, round key selection technique, random series of DNA based coding and modified DNA based coding are followed by unique method of substitutions. The proposed technique increases size of the cipher text by 33% as compared to conventional DNA and non DNA based algorithms where size of the cipher text becomes almost double of the original file. This reduction in cipher text improves memory utilization along with data security. The paper is organized in six Sections. Section 1, gives the introduction and also briefly describes related work. In Section 2, the proposed model for solving the problem is described. Various steps involved during encryption and decryption are explained in Section 3, and the results obtained by implementing the proposed algorithm are presented and discussed in Section 4. The Section 5 concludes the work and brief outline of the future work is given in Section 6.
Бесплатно
An improved method for packed malware detection using PE header and section table information
Статья научная
Malware poses one of the most serious threats to computer information systems. The current detection technology of malware has several inherent constraints. Because signature-based traditional techniques embedded in commercial antiviruses are not capable of detecting new and obfuscated malware, machine learning algorithms are applied in identifing patterns of malware behavior through features extracted from programs. There, a method is presented for detecting malware based on the features extracted from the PE header and section table PE files. The packed files are detected and then unpacke them. The PE file features are extracted and their static features are selected from PE header and section tables through forward selection method. The files are classified into malware files and clean files throughs different classification methods. The best results are obtained through DT classifier with an accuracy of 98.26%. The results of the experiments consist of 971 executable files containing 761 malware and 210 clean files with an accuracy of 98.26%.
Бесплатно
An improved model for securing ambient home network against spoofing attack
Статья научная
Mobile Ad hoc Networks (MANET) are prone to malicious attacks and intermediate nodes on the home network may spoof the packets being transmitted before reaching the destination. This study implements an enhanced Steganography Adaptive Neuro-Fuzzy Algorithm (SANFA) technique for securing the ambient home network against spoofing attacks. Hybrid techniques that comprises image steganography, adaptive neuro-fuzzy and transposition cipher were used for the model development. Two variant of the model: SANFA and transpose SANFA were compared using precision and convergence time as performance metrics. The simulation results showed that the transpose SANFA has lower percentage of precision transmitting in a smaller network and a higher percentage of precision transmitting in a larger network. The convergence time result showed that packet transmitted in a smaller network size took longer time to converge while packet transmitted in a larger network size took shorter period to converge.
Бесплатно
An integrated perceptron kernel classifier for intrusion detection system
Статья научная
Because of the tremendous growth in the network based services as well as the sharing of sensitive data, the network security becomes a challenging task. The major risk in the network is the intrusion. Among various hardening system, intrusion detection system (IDS) plays a significant role in providing network security. Several traditional techniques are utilized for network security but still they lack in providing security. The major drawbacks of these network security algorithms are inaccurate classification results, increased false alarm rate, etc. to avoid these issues, an Integrated Perceptron Kernel Classifier is proposed in this work. The input raw data are preprocessed initially for the purpose of removing the noisy data as well as irrelevant data. Then the features form the preprocessed data are extracted by clustering it depending up on the Fuzzy C-Mean Clustering. Then the clustered features are extracted by employing the Density based Distance Maximization approach. After this the best features are selected using Modified Ant Colony Optimization by improving the convergence time. Finally the extracted best features are classified for identifying the network traffic as normal and abnormal by introducing an Integrated Perceptron Kernel Classifier. The performance of this framework is evaluated and compared with the existing classifiers such as SVM and PNN. The results prove the superiority of this framework with better classification accuracy.
Бесплатно
Analysis and Comparison of Access Control Policies Validation Mechanisms
Статья научная
Validation and verification of security policies is a critical and important task to ensure that access control policies are error free. The two most common problems present in access control policies are: inconsistencies and incompleteness. In order to detect such problems, various access control policy validation mechanisms are proposed by the researchers. However, comprehensive analysis and evaluation of the existing access control policy validation techniques is missing in the literature. In this paper, we have provided a first detailed survey of this domain and presented the taxonomy of the access control policy validation mechanisms. Furthermore, we have provided a qualitative comparison and trend analysis of the existing schemes. From this survey, we found that only few validation mechanisms exist that can handle both inconsistency and incompleteness problem. Also, most of the policy validation techniques are inefficient in handling continuous values and Boolean expressions.
Бесплатно
Статья научная
Evaluating the security of software systems is a complex problem for the research communities due to the multifaceted and complex operational environment of the system involved. Many efforts towards the secure system development methodologies like secSDLC by Microsoft have been made but the measurement scale on which the security can be measured got least success. As with a shift in the nature of software development from standalone applications to distributed environment where there are a number of potential adversaries and threats present, security has been outlined and incorporated at the architectural level of the system and so is the need to evaluate and measure the level of security achieved . In this paper we present a framework for security evaluation at the design and architectural phase of the system development. We have outlined the security objectives based on the security requirements of the system and analyzed the behavior of various software architectures styles. As the component-based development (CBD) is an important and widely used model to develop new large scale software due to various benefits like increased reuse, reduce time to market and cost. Our emphasis is on CBD and we have proposed a framework for the security evaluation of Component based software design and derived the security metrics for the main three pillars of security, confidentiality, integrity and availability based on the component composition, dependency and inter component data/information flow. The proposed framework and derived metrics are flexible enough, in way that the system developer can modify the metrics according to the situation and are applicable both at the development phases and as well as after development.
Бесплатно
Analysis of Base Station Assisted Novel Network Design Space for Edge-based WSNs
Статья научная
Limited and constrained energy resources of wireless sensor network should be used wisely to prolong sensor nodes lifetime. To achieve high energy efficiency and to increase wireless sensor network lifetime, sensor nodes are grouped together to form clusters. Organizing wireless sensor networks into clusters enables the efficient utilization of limited energy resources of the deployed sensor nodes. However, the problems of unbalanced energy consumption exist in intra and inter cluster communication, and it is tightly bound to the role and the location of a sensor nodes and cluster heads in the network. Also, clustering mechanism results in an unequal load distribution in the network. This paper presents an analytical and conceptual model of Energy-efficient edge-based network partitioning scheme proposed for wireless sensor networks. Also, it analyzes different network design space proposed for wireless sensor networks and evaluates their performance. From the experimental results it is observed that, with proper network organization mechanism, sensor network resources are utilized effectively to elevate network lifetime.
Бесплатно
Analysis of CRT-based watermarking technique for authentication of multimedia content
Статья научная
Watermarking techniques are widely used for image authentication and copyright protection. Weaknesses of the “A novel CRT-based watermarking technique for authentication of multimedia contents,” [12] are analyzed in this study. 4 attacks are proposed to analysis of this method. These attacks are most significant bits, modulo number, tamper detection probability calculation and algorithm analysis attacks. The proposed attacks clearly show that the crt-based method is a data hiding method but this method is not used as image authentication method. The title of presented method in Ref. [12] include “authentication” but the authors of Ref. [12] evaluated their method in view of copyright protection. The fragile watermarking methods for image authentication should consist of watermark generation, watermark embedding, watermark extraction and tamper detection but Ref. [12] has no watermark generation, tamper detection and tampered area localization algorithms. The proposed attacks are demonstrated that Ref. [12] cannot be utilized as an image authentication method and Ref. [12] is not effectively coded.
Бесплатно
Analysis of Cryptographic Protocols AKI, ARPKI and OPT using ProVerif and AVISPA
Статья научная
In recent years, the area of formal verification of cryptographic protocols became important because of the active intruders. These intruders can find out the flaws in the protocols and can use them to create attacks. To avoid such possible attacks, the protocols must be verified to check if the protocols contain any flaws. The formal verification tools have helped in verifying and correcting the protocols. Various tools are available these days for verifying the protocols. In this paper, the two verification tools namely ProVerif and AVISPA are used for analysis of protocols - AKI (Accountable Key Infrastructure), ARPKI (Attack Resilient Public Key Infrastructure) and OPT (Origin and Path Trace). A comparative evaluation of the selected tools is presented and revealed security properties of the protocols selected.
Бесплатно
Analysis of Host-Based and Network-Based Intrusion Detection System
Статья научная
Intrusion-detection systems (IDS) aim at de-tecting attacks against computer systems and networks or, in general, against information systems. Its basic aim is to protect the system against malwares and unauthorized access of a network or a system. Intrusion Detection is of two types Network-IDS and Host Based- IDS. This paper covers the scope of both the types and their result analysis along with their comparison as stated. OSSEC (HIDS) is a free, open source host-base intrusion detection system. It performs log analysis, integrity checking, Windows registry monitoring, rootkit detection, time-based alerting and active response. While Snort (NIDS) is a lightweight intrusion detection system that can log packets coming across your network and can alert the user regarding any attack. Both are efficient in their own distinct fields.
Бесплатно
Analysis of Node Density and Pause Time Effects in MANET Routing Protocols using NS-3
Статья научная
Networks which function without having any centralized fixed infrastructure or central administration are called MANETs (Mobile Ad hoc Networks). These networks are formed by small or large set of mobile nodes and communicate through the wireless links. Such Networks requires best routing protocols to establish error-free and efficient communication links. MANETs has the property of dynamically changing topology due to their mobile nodes, which move from one place to another. Overall performance of MANET routing protocols depends upon various network and protocol parameters. Mobile ad hoc networks have the characteristics of self-forming and self-healing. The routing algorithms of the routing protocols ensure selection of routes and connectivity between the mobile nodes. This paper presents analysis of three well known routing protocols of MANETs, namely; AODV (Ad hoc On Demand Distance Vector), DSDV (Destination Sequenced Distance Vector) and OLSR (Optimized Link State Routing). Analyses of these routing protocols have been carried out using NS-3 (Network Simulator-3) by varying node density and node pause time. Different performance metrics such as throughput, packet delivery ratio, end to end delay, packet loss and normalized routing load have been considered for this analysis. This analysis concludes better performance of the OLSR routing protocol.a
Бесплатно
Analysis of QoS in Software Defined Wireless Network with Spanning Tree Protocol
Статья научная
Software Defined Network (SDN) is more dynamic, manageable, adaptive and programmable network architecture. This architecture separates the control plane from the forwarding plane that enables the network to become directly programmable. The programmable features of SDN technology has dramatically improved network efficiency and simplify the network configuration and resource management. SDN supports Open-Flow technology as forwarding function and centralized control successfully. Wireless environment has recently added to the SDN infrastructure that has rapidly emerged with Open-Flow protocol. To achieve more deterministic network behaviors, QoS provisioning is a necessary consideration. In this paper, the Spanning Tree Protocol (STP) has applied on a SDWN and then analyzed the Quality of Service (QoS) using Mininet-Wifi. STP protocol is used to suppress the occurrence of broadcast streams and observe the performance of the QoS parameters. Various parameters that determine QoS, such as, bandwidth utilization, packet transmission rate, round trip time, maximum obtained throughput, packet loss ratio, delay time is analyzed for different base stations defined in the SDWN architecture.
Бесплатно
Analysis of Reconfigurable Processors Using Petri Net
Статья научная
In this paper, we propose Petri net models for processing elements. The processing elements include: a general-purpose processor (GPP), a reconfigurable element (RE), and a hybrid element (combining a GPP with an RE). The models consist of many transitions and places. The model and associated analysis methods provide a promising tool for modeling and performance evaluation of reconfigurable processors. The model is demonstrated by considering a simple example. This paper describes the development of a reconfigurable processor; the developed system is based on the Petri net concept. Petri nets are becoming suitable as a formal model for hardware system design. Designers can use Petri net as a modeling language to perform high level analysis of complex processors designs processing chips. The simulation does with PIPEv4.1 simulator. The simulation results show that Petri net state spaces are bounded and safe and have not deadlock and the average of number tokens in first token is 0.9901 seconds. In these models, there are only 5% errors; also the analysis time in these models is 0.016 seconds.
Бесплатно
Analysis of User Identity Privacy in LTE and Proposed Solution
Статья научная
The mechanisms adopted by cellular technologies for user identification allow an adversary to collect information about individuals and track their movements within the network; and thus exposing privacy of the users to unknown risks. Efforts have been made toward enhancing privacy preserving capabilities in cellular technologies, culminating in Long Term Evolution LTE technology. LTE security architecture is substantially enhanced comparing with its predecessors 2G and 3G; however, LTE does not eliminate the possibility of user privacy attacks. LTE is still vulnerable to user identity privacy attacks. This paper includes an evaluation of LTE security architecture and proposes a security solution for the enhancement of user identity privacy in LTE. The solution is based on introducing of pseudonyms that replace the user permanent identifier (IMSI) used for identification. The scheme provides secure and effective identity management in respect to the protection of user privacy in LTE. The scheme is formally verified using proVerif and proved to provide an adequate assurance of user identity privacy protection.
Бесплатно
Analysis of VoIP over Wired & Wireless Network with Implementation of QoS CBWFQ & 802.11e
Статья научная
In this paper, we analyzed VoIP data rates to minimize the bandwidth efficiently as per user demand and reduced the budget cost before implementing VoIP service at any wired and wireless network. To accomplish these results different clock rates were used to assign bandwidth administratively, CODEC schemes (G.711 and G.729) to minimized data rates and QoS (Quality of Service) such as CBWFQ and 802.11e to sustain the voice quality in congestion over the wired and wireless networks. PRTG Grapher and LAN Traffic Generator software were used to monitor a bandwidth and create congestion artificially between the link of communicating two setup LANs wired and wireless.
Бесплатно
Analysis of the SYN Flood DoS Attack
Статья научная
The paper analyzes systems vulnerability targeted by TCP (Transmission Control Protocol) segments when SYN flag is ON, which gives space for a DoS (Denial of Service) attack called SYN flooding attack or more often referred as a SYN flood attack. The effects of this type of attack are analyzed and presented in OPNET simulation environment. Furthermore, the paper presents two anomaly detection algorithms as an effective mechanism against this type of attack. Finally, practical approaches against SYN flood attack for Linux and Windows environment which are followed by are shown.
Бесплатно
Analyzing Multiple Routing Configuration
Статья научная
Internet plays a vital role in communication. Determination of internet capability is done by Routing protocol. After a network fails, routing protocols have very slow convergence rate, which is a grave problem and needs to be tackled. Multiple Routing Configuration (MRC) is a technique which helps IP networks to recover very quickly from link and node failures. In MRC, packet forwarding persists on an optional link as soon as a failure is detected and additional information is always contained in the routers. This paper discusses the effect of packet size on throughput, packet delivery ratio, packet loss and delay for various routing protocols like OSPF, OSPF with 1 and 2 link breakage and MRC.
Бесплатно
