submit Opinions CrossRef Open Access Subscribe New Journal Ideal

Click on image to enlarge

Convergence Security

Kuinam J. Kim, Kyonggi University, South Korea

ISSN: 2445-9992 (Online Version)
Vol: 2017   Issue: 1

Published In:   January 2017

Publication Frequency: Continuous Article Publication

Search Availabe Volume and Issue for Convergence Security

Journal Description        Read Full Articles        Editorial Board        Subscription       Opinions

Composite Metrics for Network Security Analysis

doi: 10.13052/jcs2445-9992.2017.003
Simon Enoch Yusuf, Jin B. Hong, Mengmeng Ge and Dong Seong Kim

Department of Computer Science and Software Engineering, University of Canterbury, Private Bag 4800, Christchurch, New Zealand

Abstract: [+]    |    Download File [ 1201KB ]   |    Read Article Online

Abstract: Security metrics present the security level of a system or a network in both qualitative and quantitative ways. In general, security metrics are used to assess the security level of a system and to achieve security goals. There are a lot of security metrics for security analysis, but there is no systematic classification of security metrics that is based on network reachability information. To address this, we propose a systematic classification of existing security metrics based on network reachability information. Mainly, we classify the security metrics into host-based and network-based metrics. The host-based metrics are classified into metrics “without probability” and “with probability”, while the network based metrics are classified into “pathbased” and “non-path based”. Finally, we present and describe an approach to develop composite security metrics and it’s calculations using a Hierarchical Attack Representation Model (HARM) via an example network. Our novel classification of security metrics provides a new methodology to assess the security of a system.

Keywords: Attack Graphs, Cyber Security, Graphical Security Model, Security Assessment, Attack Trees.

FARIS: Fast and Memory-Efficient URL Filter on CPU and GPGPU

doi: 10.13052/jcs2445-9992.2017.002
Yuuki Takano and Ryosuke Miura

National Institute of Information and Communications Technology, Japan

Abstract: [+]    |    Download File [ 7269KB ]   |    Read Article Online

Abstract: Uniform resource locator (URL) filtering is a fundamental technology for intrusion detection, HTTP proxies, content distribution networks, contentcentric networks, and many other application areas. Some applications adopt URL filtering to protect user privacy from malicious or insecure websites. Some web browser extensions, such asAdBlock Plus, provide a URL-filtering mechanism for sites that intend to steal sensitive information.

Unfortunately, these extensions are implemented inefficiently, resulting in a slow application that consumes much memory. Although it provides a domain-specific language (DSL) to represent URLs, it internally uses regular expressions and does not take advantage ofthe benefits ofthe DSL. In addition, the number of filter rules become large, which makes matters worse.

In this paper,we propose the fast uniform resource identifier-specific filter, which is a domain-specific pseudo-machine for the DSL, to dramatically improve the performance of some browser extensions. Compared with a conventional implementation that internally adopts regular expressions, our proof-of-concept implementation is fast and small memory footprint.

Keywords: URL filter,Web, online advertisement.

Detection of Severe SSH Attacks Using Honeypot Servers and Machine Learning Techniques

doi: 10.13052/jcs2445-9992.2017.001
Gokul Kannan Sadasivam1, Chittaranjan Hota1 and Bhojan Anand2

1Department of Computer Science and Information Systems, BITS, Pilani – Hyderabad Campus, Hyderabad, Telangana, India – 500078
2School of Computing, National University of Singapore, Computing 1, 13 Computing Drive, Singapore – 117417

Abstract: [+]    |    Download File [ 1761KB ]   |    Read Article Online

Abstract: There are attacks on or using an SSH server – SSH port scanning, SSH brute-force attack, and attack using a compromised server. Attacks using a server could be DoS attack, Phishing attack, E-mail spamming and so on. Sometimes an attacker breaks into a public SSH server and uses it for the above activities. Mostly, it is hard to detect the compromised SSH servers that were used by the attackers. However, by analysing the system logs an organisation can know about the compromises. For an organisation holding several SSH servers, it would be tedious to analyse the log files manually.Also, high-speed networks demand better mechanisms to detect the compromises. In this paper,we detect a compromised SSH session that is carrying out malicious activities. We use flow-based approach and machine learning techniques to detect a compromised session. In a flow-based approach, individual packets are not scrutinised. Hence, it works better on a high-speed network. The data is extracted from a distributed honeypot. The paper also describes the machine learning techniques with appropriate parameters and feature selection technique.Areal-time detection model that is tested on a public server is also presented. Several analyses proved that J48 decision tree algorithm and the PART algorithm are best suited for detection of SSH compromises. It was inferred that inter-arrival time between packets and the size of a packet payload play a significant role in detecting compromises.

Keywords: SSH Compromises, SSH Attacks, Machine Learning, Feature Selection, Flow-based Analysis.

River Publishers: Convergence Security