Visible to the public Biblio

Filters: Keyword is pubcrawl and Keyword is Network Reconnaissance and Year is 2020  [Clear All Filters]
2021-02-23
Mendiboure, L., Chalouf, M. A., Krief, F..  2020.  A Scalable Blockchain-based Approach for Authentication and Access Control in Software Defined Vehicular Networks. 2020 29th International Conference on Computer Communications and Networks (ICCCN). :1—11.
Software Defined Vehicular Networking (SDVN) could be the future of the vehicular networks, enabling interoperability between heterogeneous networks and mobility management. Thus, the deployment of large SDVN is considered. However, SDVN is facing major security issues, in particular, authentication and access control issues. Indeed, an unauthorized SDN controller could modify the behavior of switches (packet redirection, packet drops) and an unauthorized switch could disrupt the operation of the network (reconnaissance attack, malicious feedback). Due to the SDVN features (decentralization, mobility) and the SDVN requirements (flexibility, scalability), the Blockchain technology appears to be an efficient way to solve these authentication and access control issues. Therefore, many Blockchain-based approaches have already been proposed. However, two key challenges have not been addressed: authentication and access control for SDN controllers and high scalability for the underlying Blockchain network. That is why in this paper we propose an innovative and scalable architecture, based on a set of interconnected Blockchain sub-networks. Moreover, an efficient access control mechanism and a cross-sub-networks authentication/revocation mechanism are proposed for all SDVN devices (vehicles, roadside equipment, SDN controllers). To demonstrate the benefits of our approach, its performances are compared with existing solutions in terms of throughput, latency, CPU usage and read/write access to the Blockchain ledger. In addition, we determine an optimal number of Blockchain sub-networks according to different parameters such as the number of certificates to store and the number of requests to process.
Khan, M., Rehman, O., Rahman, I. M. H., Ali, S..  2020.  Lightweight Testbed for Cybersecurity Experiments in SCADA-based Systems. 2020 International Conference on Computing and Information Technology (ICCIT-1441). :1—5.

A rapid rise in cyber-attacks on Cyber Physical Systems (CPS) has been observed in the last decade. It becomes even more concerning that several of these attacks were on critical infrastructures that indeed succeeded and resulted into significant physical and financial damages. Experimental testbeds capable of providing flexible, scalable and interoperable platform for executing various cybersecurity experiments is highly in need by all stakeholders. A container-based SCADA testbed is presented in this work as a potential platform for executing cybersecurity experiments. Through this testbed, a network traffic containing ARP spoofing is generated that represents a Man in the middle (MITM) attack. While doing so, scanning of different systems within the network is performed which represents a reconnaissance attack. The network traffic generated by both ARP spoofing and network scanning are captured and further used for preparing a dataset. The dataset is utilized for training a network classification model through a machine learning algorithm. Performance of the trained model is evaluated through a series of tests where promising results are obtained.

Ratti, R., Singh, S. R., Nandi, S..  2020.  Towards implementing fast and scalable Network Intrusion Detection System using Entropy based Discretization Technique. 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT). :1—7.

With the advent of networking technologies and increasing network attacks, Intrusion Detection systems are apparently needed to stop attacks and malicious activities. Various frameworks and techniques have been developed to solve the problem of intrusion detection, still there is need for new frameworks as per the challenging scenario of enormous scale in data size and nature of attacks. Current IDS systems pose challenges on the throughput to work with high speed networks. In this paper we address the issue of high computational overhead of anomaly based IDS and propose the solution using discretization as a data preprocessing step which can drastically reduce the computation overhead. We propose method to provide near real time detection of attacks using only basic flow level features that can easily be extracted from network packets.

Hartpence, B., Kwasinski, A..  2020.  Combating TCP Port Scan Attacks Using Sequential Neural Networks. 2020 International Conference on Computing, Networking and Communications (ICNC). :256—260.

Port scans are a persistent problem on contemporary communication networks. Typically used as an attack reconnaissance tool, they can also create problems with application performance and throughput. This paper describes an architecture that deploys sequential neural networks (NNs) to classify packets, separate TCP datagrams, determine the type of TCP packet and detect port scans. Sequential networks allow this lengthy task to learn from the current environment and to be broken up into component parts. Following classification, analysis is performed in order to discover scan attempts. We show that neural networks can be used to successfully classify general packetized traffic at recognition rates above 99% and more complex TCP classes at rates that are also above 99%. We demonstrate that this specific communications task can successfully be broken up into smaller work loads. When tested against actual NMAP scan pcap files, this model successfully discovers open ports and the scan attempts with the same high percentage and low false positives.

Krohmer, D., Schotten, H. D..  2020.  Decentralized Identifier Distribution for Moving Target Defense and Beyond. 2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). :1—8.

In this work, we propose a novel approach for decentralized identifier distribution and synchronization in networks. The protocol generates network entity identifiers composed of timestamps and cryptographically secure random values with a significant reduction of collision probability. The distribution is inspired by Unique Universal Identifiers and Timestamp-based Concurrency Control algorithms originating from database applications. We defined fundamental requirements for the distribution, including: uniqueness, accuracy of distribution, optimal timing behavior, scalability, small impact on network load for different operation modes and overall compliance to common network security objectives. An implementation of the proposed approach is evaluated and the results are presented. Originally designed for a domain of proactive defense strategies known as Moving Target Defense, the general architecture of the protocol enables arbitrary applications where identifier distributions in networks have to be decentralized, rapid and secure.

Millar, K., Cheng, A., Chew, H. G., Lim, C..  2020.  Characterising Network-Connected Devices Using Affiliation Graphs. NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium. :1—6.

Device management in large networks is of growing importance to network administrators and security analysts alike. The composition of devices on a network can help forecast future traffic demand as well as identify devices that may pose a security risk. However, the sheer number and diversity of devices that comprise most modern networks have vastly increased the management complexity. Motivated by a need for an encryption-invariant device management strategy, we use affiliation graphs to develop a methodology that reveals key insights into the devices acting on a network using only the source and destination IP addresses. Through an empirical analysis of the devices on a university campus network, we provide an example methodology to infer a device's characteristics (e.g., operating system) through the services it communicates with via the Internet.

Aydeger, A., Saputro, N., Akkaya, K..  2020.  Cloud-based Deception against Network Reconnaissance Attacks using SDN and NFV. 2020 IEEE 45th Conference on Local Computer Networks (LCN). :279—285.

An attacker's success crucially depends on the reconnaissance phase of Distributed Denial of Service (DDoS) attacks, which is the first step to gather intelligence. Although several solutions have been proposed against network reconnaissance attacks, they fail to address the needs of legitimate users' requests. Thus, we propose a cloud-based deception framework which aims to confuse the attacker with reconnaissance replies while allowing legitimate uses. The deception is based on for-warding the reconnaissance packets to a cloud infrastructure through tunneling and SDN so that the returned IP addresses to the attacker will not be genuine. For handling legitimate requests, we create a reflected virtual topology in the cloud to match any changes in the original physical network to the cloud topology using SDN. Through experimentations on GENI platform, we show that our framework can provide reconnaissance responses with negligible delays to the network clients while also reducing the management costs significantly.

Yu, M., He, T., McDaniel, P., Burke, Q. K..  2020.  Flow Table Security in SDN: Adversarial Reconnaissance and Intelligent Attacks. IEEE INFOCOM 2020 - IEEE Conference on Computer Communications. :1519—1528.

The performance-driven design of SDN architectures leaves many security vulnerabilities, a notable one being the communication bottleneck between the controller and the switches. Functioning as a cache between the controller and the switches, the flow table mitigates this bottleneck by caching flow rules received from the controller at each switch, but is very limited in size due to the high cost and power consumption of the underlying storage medium. It thus presents an easy target for attacks. Observing that many existing defenses are based on simplistic attack models, we develop a model of intelligent attacks that exploit specific cache-like behaviors of the flow table to infer its internal configuration and state, and then design attack parameters accordingly. Our evaluations show that such attacks can accurately expose the internal parameters of the target flow table and cause measurable damage with the minimum effort.

Alshamrani, A..  2020.  Reconnaissance Attack in SDN based Environments. 2020 27th International Conference on Telecommunications (ICT). :1—5.
Software Defined Networking (SDN) is a promising network architecture that aims at providing high flexibility through the separation between network logic (control plane) and forwarding functions (data plane). This separation provides logical centralization of controllers, global network overview, ease of programmability, and a range of new SDN-compliant services. In recent years, the adoption of SDN in enterprise networks has been constantly increasing. In the meantime, new challenges arise in different levels such as scalability, management, and security. In this paper, we elaborate on complex security issues in the current SDN architecture. Especially, reconnaissance attack where attackers generate traffic for the goal of exploring existing services, assets, and overall network topology. To eliminate reconnaissance attack in SDN environment, we propose SDN-based solution by utilizing distributed firewall application, security policy, and OpenFlow counters. Distributed firewall application is capable of tracking the flow based on pre-defined states that would monitor the connection to sensitive nodes toward malicious activity. We utilize Mininet to simulate the testing environment. We are able to detect and mitigate this type of attack at early stage and in average around 7 second.
2021-01-28
Pham, L. H., Albanese, M., Chadha, R., Chiang, C.-Y. J., Venkatesan, S., Kamhoua, C., Leslie, N..  2020.  A Quantitative Framework to Model Reconnaissance by Stealthy Attackers and Support Deception-Based Defenses. :1—9.

In recent years, persistent cyber adversaries have developed increasingly sophisticated techniques to evade detection. Once adversaries have established a foothold within the target network, using seemingly-limited passive reconnaissance techniques, they can develop significant network reconnaissance capabilities. Cyber deception has been recognized as a critical capability to defend against such adversaries, but, without an accurate model of the adversary's reconnaissance behavior, current approaches are ineffective against advanced adversaries. To address this gap, we propose a novel model to capture how advanced, stealthy adversaries acquire knowledge about the target network and establish and expand their foothold within the system. This model quantifies the cost and reward, from the adversary's perspective, of compromising and maintaining control over target nodes. We evaluate our model through simulations in the CyberVAN testbed, and indicate how it can guide the development and deployment of future defensive capabilities, including high-interaction honeypots, so as to influence the behavior of adversaries and steer them away from critical resources.