EC2ND 2005 (eBook)

Table of Contents 7
SECTION I: Network Defence 10
Network Penetration Testing 11
1 Introduction 11
2 Overview of Network Penetration Testing 12
3 Summary of Vulnerabilities 12
4 Commonly Used Tools 14
5 Recent Developments and Future Trends 17
6 Conclusions and Further Research 19
A Taxonomy of Criteria for Evaluating Defence Mechanisms against Flooding DoS Attacks 21
1 Introduction 21
2 Taxonomy of Evaluation Criteria 22
3 Related Work 28
4 Conclusion 28
Spam Honey Pot Research 31
1 Introduction 31
2 Spam Definition 32
3 Technical Background 32
4 Analysis 34
5 Conclusions and Further Research 40
Privacy Protection Mechanism in Grid Computing Environment* 41
1 Introduction 41
2 Certificate format and mutual authentication 42
3 New solutions for privacy protection in grid 44
4 Conclusions 46
Flow Label Filtering Feasibility 48
1 Introduction 48
2 Examining the Flow Label for consistency 49
3 Fixing FreeBSD's SYN Cookie and SYN Cache Implementation 51
4 Using the Flow Label for Stateful Filtering 53
5 Conclusion 55
The Representation and use of Relation Information for the Detection of Threats by Security Information Management Systems 57
1 Introduction 57
2 Motivation and Related Work 58
3 Background 59
4 Experiment and Result Analysis 64
5 Summary 65
Intelligent real-time reactive Network Management 67
1 Introduction 67
2 The Proposed Construction 68
3 Prototype Implementation 72
4 Discussions and Analysis 76
6 Conclusions 78
Security in Passive Optical Network via Wavelength Hopping and Codes cycling techniques 79
1. Introduction 79
2. PON and Enabling Technologies 80
3. PON Security Enhancement 82
4. Assessment of Security Enhancement in PON 85
5. Conclusion Remarks and recommendations 87
A Model of Deploying Deception in a Computer Network Operations (CNO) Environment 89
1 Introduction 89
2 A Review of Concepts and Terminology 90
3 The Role of Deception in Computer Networks 93
4 Existing Research & Future Work
5 Conclusions 98
SECTION II" Wireless & Ad Hoc Network Security
Taxonomy of Attacks on Wireless Sensor Networks 101
1 Introduction 101
2 Background 102
3 Taxonomy of Attacks on Sensor Networks 103
4 Criteria of the Proposed Taxonomy 108
5 Conclusions 108
A Lightweight Identity Authentication Mechanism for Self-Organizing Wireless Sensor Networks 110
1 Introduction 110
2 Security-Related Properties in WSNs 111
3 Proposed Mechanism 112
4 Statistical method and Simulation 114
5 Conclusion 117
Modelling the Spread of Computer Worms in Vehicular Ad Hoc Networks 118
1 Introduction 118
2 System Models 119
3 Simulation studies 122
4 Conclusions 125
WILY ATTACKERS SEEK WIRELESS NETWORKS IN PERTH, WESTERN AUSTRALIA FOR EASY TARGETS 128
I. Introduction 128
2. Method 129
3. Results of Broadcasting Beyond the Corporate Environment 130
4. Results of Hiding the Network Presence in the Airwaves 134
5. Conclusion 137
SECTION III: Network Protocol Analysis & Cryptographic Applications
Attack on Undeniable Partially Blind Signatures 141
1 Introduction 141
2 Review on Undeniable partially blind signatures 143
3 Attack on Undeniable Partially Blind Signatures 145
4 Conclusion 146
EVOLUTIONARY APPROACH IN THE SECURITY PROTOCOLS DESIGN 149
I Introduction 149
2 Security protocol 150
3 Protocol example 152
4 Evolutionary approach 154
5 Automatic protocol design 155
6 Automated tool 156
7 Conclusions and future work 157
Improvement of Adaptive Threshold RSA 159
1 Introduction 159
2 System Model and Security Requirements 161
3 Adaptive Threshold RSA Signature 162
4 Efficiency Analysis 164
5 Security Proofs 164
6 Conclusion 165
SECTION IV: Intrusion Detection & Prevention
A LOG-BASED MINING SYSTEM FOR NETWORK NODE CORRELATION 168
1. Introduction 168
2. Definition and Classification of NNC 170
3. Mining System 171
4. An Example 175
5. Conclusions 176
6. Acknowledgement 177
EXPLORING VULNERABILITIES OF AGENT-BASED IDS: THE NEED FOR AGENT SELF-DEFENCE 178
1. Introduction 178
2. Security Issues of Agent-based IDS 180
3. Mobile Agent Control and Defence 182
4. Conclusions 185
5. References 185
Detecting and Classifying Attacks in Computer Networks Using Feed-Forward and Elman Neural Networks 187
1 Introduction 187
2 Intrusion Detection Techniques 188
3 Description of HTTP protocol 189
4 Feed-forward and Elman neural networks 189
5 Detection of Attacks based on Neural Networks 192
6 Performance Evaluation 194
6 Performance Evaluation 194
7 Conclusions 195
DATA AUTHENTICATION AND TRUST WITHIN DISTRIBUTED INTRUSION DETECTION SYSTEM INTER-COMPONENT COMMUNICATIONS 197
1. Introduction 197
2. Related Work 199
3. Authentication and Trust in DIDS 200
4. Case Study and Results 202
5. Conclusions and Further Work 205
Design and Implementation of a Fast String Matcher Utilizing Content Addressable Memory 207
I. Introduction 207
2. Intrusion Detection Systems (IDS) 208
3. String matcher using CAM 208
4. Results and comparisons 213
5. Conclusion 216
6. References 216
Zero hour outbreak prevention using distributed traffic anomaly detection 218
1 Introduction 218
2 How Worms Reveal Themselves 219
3 Detecting the Traffic Anomaly 220
4 Other uses 223
5 Simulations 225
6 Summary 227
Mediating Hosts' Malicious Character 228
1 Introduction 228
2 Mobile oo-action based Systems 229
3 Enriched Mobile object-based systems 230
4 Parallel execution Protocol 233
5 Conclusion 237
Masquerade Detection by Using Activity Patterns 239
1 Introduction 239
2 Proposed work 241
3 Simulation model 245
4 Results 246
5 Conclusion 248
SECTION V: Software for Security in Networked Environments 249
A Flexible, Open Source Software Architecture for Network-Based Forensic Computing & Intelligence Gathering
1. Introduction 250
2. Current Technology 251
3. The Analysis Performed by the Tool 252
4. Evaluation & Results
5. Summary and Conclusions 258
6. Future Work 259
Protecting Distributed Object Applications from Corruption of Class Bytecodes on Client Side* 260
1 Introduction 260
2 Threats to the RMI Server in a Distributed Object Application 262
3 Related Work 266
4 Conclusion 267
Modeling and Construction of Web Services Security 270
1 Introduction 270
2 Web Service, Security and Modeling 271
3 Modeling Secure Messages 272
4 Secure Communication 273
5. Security Policy 276
6. Modeling Secure Service Federation 277
7. Conclusion and Further Work 279
8. References 279
Normalising Events into Incidents Using Unified Intrusion Detection- Related Data 280
1. Introduction 280
2. Unifying Intrusion Detection Events 282
3. Normalising Events into Incidents 284
4. Specifying the Incident Database schema 289
5. Conclusions 291