Pub Date : 2017-12-14DOI: 10.1109/MILCIS.2017.8190423
J. Järvinen, Aleksi Marttinen, M. Luoma, M. Peuhkuri, J. Manner
The Extensible Messaging and Presence Protocol (XMPP) is one of the most popular Instant Messaging (IM) protocols which uses a client-server working mode. This protocol uses different connection primitives for both client-to-server (c2s) and server-to-server (s2s) connections. It is actively used in mission-critical operations where the reliability and security of communication systems is always imperative. One approach to secure services and private networks is to use proxy services as security gateways. Proxies enable interoperability between different security domains acting as Information Exchange Gateways (IEGs). In this paper we present an architecture of the XMPP proxy for s2s connections. The system is based on an Openfire XMPP server with a Hazelcast clustering plugin, and a Hazelcast clustering link is used between the XMPP server and the XMPP Proxy. We have constructed an implementation to verify and validate the presented approach. Our proposal enables an effective seamless connection for XMPP proxies. Furthermore, it increases the system security for example, terminating both TCP and XMPP flows to prevent malicious attacks. Finally, we show that the proposal does not significantly increase the anticipated delay of the communication.
{"title":"Architecture of XMPP proxy for server-to-server connections","authors":"J. Järvinen, Aleksi Marttinen, M. Luoma, M. Peuhkuri, J. Manner","doi":"10.1109/MILCIS.2017.8190423","DOIUrl":"https://doi.org/10.1109/MILCIS.2017.8190423","url":null,"abstract":"The Extensible Messaging and Presence Protocol (XMPP) is one of the most popular Instant Messaging (IM) protocols which uses a client-server working mode. This protocol uses different connection primitives for both client-to-server (c2s) and server-to-server (s2s) connections. It is actively used in mission-critical operations where the reliability and security of communication systems is always imperative. One approach to secure services and private networks is to use proxy services as security gateways. Proxies enable interoperability between different security domains acting as Information Exchange Gateways (IEGs). In this paper we present an architecture of the XMPP proxy for s2s connections. The system is based on an Openfire XMPP server with a Hazelcast clustering plugin, and a Hazelcast clustering link is used between the XMPP server and the XMPP Proxy. We have constructed an implementation to verify and validate the presented approach. Our proposal enables an effective seamless connection for XMPP proxies. Furthermore, it increases the system security for example, terminating both TCP and XMPP flows to prevent malicious attacks. Finally, we show that the proposal does not significantly increase the anticipated delay of the communication.","PeriodicalId":227691,"journal":{"name":"2017 Military Communications and Information Systems Conference (MilCIS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-12-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129943983","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-11-01DOI: 10.1109/MILCIS.2017.8188557
Gideon Creech
Intrusion detection systems are a central component of cyber security architecture, and their accuracy is a critical performance metric for any security deployment. Most of the current performance analysis of intrusion detection systems relies on empirical profiling of a given algorithm or implementation against a benchmark dataset. Whilst effective to a point, this traditional evaluation methodology is unable to assess the completeness of threat coverage provided by an intrusion detection system and is consequently a sub-optimal approach if conducted in isolation of other tests. This paper introduces a framework to evaluate the total potential coverage provided by an intrusion detection system as a function of its data sources, extending and complementing the traditional approach.
{"title":"A framework for the evaluation of the theoretical threat coverage provided by intrusion detection systems","authors":"Gideon Creech","doi":"10.1109/MILCIS.2017.8188557","DOIUrl":"https://doi.org/10.1109/MILCIS.2017.8188557","url":null,"abstract":"Intrusion detection systems are a central component of cyber security architecture, and their accuracy is a critical performance metric for any security deployment. Most of the current performance analysis of intrusion detection systems relies on empirical profiling of a given algorithm or implementation against a benchmark dataset. Whilst effective to a point, this traditional evaluation methodology is unable to assess the completeness of threat coverage provided by an intrusion detection system and is consequently a sub-optimal approach if conducted in isolation of other tests. This paper introduces a framework to evaluate the total potential coverage provided by an intrusion detection system as a function of its data sources, extending and complementing the traditional approach.","PeriodicalId":227691,"journal":{"name":"2017 Military Communications and Information Systems Conference (MilCIS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130326042","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-11-01DOI: 10.1109/MILCIS.2017.8190425
Nazeeruddin Mohammad, Shahabuddin Muhammad, A. Bashar, M. Khan
Wireless Sensor Networks (WSNs) have a wide variety military applications including battlefield surveillance, enemy tracking, and target classification. In this paper, we propose a WSN architecture based on a mobile sink. The proposed architecture differentiates the regular data from the critical data, and leverages this difference to reduce the energy consumption in WSNs. We formally modeled the mobile and static sink based architectures and analyzed the energy consumption and data delays using a probabilistic model checker.
{"title":"Design and modeling of energy efficient WSN architecture for tactical applications","authors":"Nazeeruddin Mohammad, Shahabuddin Muhammad, A. Bashar, M. Khan","doi":"10.1109/MILCIS.2017.8190425","DOIUrl":"https://doi.org/10.1109/MILCIS.2017.8190425","url":null,"abstract":"Wireless Sensor Networks (WSNs) have a wide variety military applications including battlefield surveillance, enemy tracking, and target classification. In this paper, we propose a WSN architecture based on a mobile sink. The proposed architecture differentiates the regular data from the critical data, and leverages this difference to reduce the energy consumption in WSNs. We formally modeled the mobile and static sink based architectures and analyzed the energy consumption and data delays using a probabilistic model checker.","PeriodicalId":227691,"journal":{"name":"2017 Military Communications and Information Systems Conference (MilCIS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133454094","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-11-01DOI: 10.1109/MILCIS.2017.8190421
Nour Moustafa, Gideon Creech, E. Sitnikova, Marwa Keshk
With the ubiquitous computing of providing services and applications at anywhere and anytime, cloud computing is the best option as it offers flexible and pay-per-use based services to its customers. Nevertheless, security and privacy are the main challenges to its success due to its dynamic and distributed architecture, resulting in generating big data that should be carefully analysed for detecting network's vulnerabilities. In this paper, we propose a Collaborative Anomaly Detection Framework (CADF) for detecting cyber attacks from cloud computing environments. We provide the technical functions and deployment of the framework to illustrate its methodology of implementation and installation. The framework is evaluated on the UNSW-NB15 dataset to check its credibility while deploying it in cloud computing environments. The experimental results showed that this framework can easily handle large-scale systems as its implementation requires only estimating statistical measures from network observations. Moreover, the evaluation performance of the framework outperforms three state-of-the-art techniques in terms of false positive rate and detection rate.
{"title":"Collaborative anomaly detection framework for handling big data of cloud computing","authors":"Nour Moustafa, Gideon Creech, E. Sitnikova, Marwa Keshk","doi":"10.1109/MILCIS.2017.8190421","DOIUrl":"https://doi.org/10.1109/MILCIS.2017.8190421","url":null,"abstract":"With the ubiquitous computing of providing services and applications at anywhere and anytime, cloud computing is the best option as it offers flexible and pay-per-use based services to its customers. Nevertheless, security and privacy are the main challenges to its success due to its dynamic and distributed architecture, resulting in generating big data that should be carefully analysed for detecting network's vulnerabilities. In this paper, we propose a Collaborative Anomaly Detection Framework (CADF) for detecting cyber attacks from cloud computing environments. We provide the technical functions and deployment of the framework to illustrate its methodology of implementation and installation. The framework is evaluated on the UNSW-NB15 dataset to check its credibility while deploying it in cloud computing environments. The experimental results showed that this framework can easily handle large-scale systems as its implementation requires only estimating statistical measures from network observations. Moreover, the evaluation performance of the framework outperforms three state-of-the-art techniques in terms of false positive rate and detection rate.","PeriodicalId":227691,"journal":{"name":"2017 Military Communications and Information Systems Conference (MilCIS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129977825","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-11-01DOI: 10.1109/MILCIS.2017.8190422
Marwa Keshk, Nour Moustafa, E. Sitnikova, Gideon Creech
Supervisory Control and Data Acquisition (SCADA) systems face the absence of a protection technique that can beat different types of intrusions and protect the data from disclosure while handling this data using other applications, specifically Intrusion Detection System (IDS). The SCADA system can manage the critical infrastructure of industrial control environments. Protecting sensitive information is a difficult task to achieve in reality with the connection of physical and digital systems. Hence, privacy preservation techniques have become effective in order to protect sensitive/private information and to detect malicious activities, but they are not accurate in terms of error detection, sensitivity percentage of data disclosure. In this paper, we propose a new Privacy Preservation Intrusion Detection (PPID) technique based on the correlation coefficient and Expectation Maximisation (EM) clustering mechanisms for selecting important portions of data and recognizing intrusive events. This technique is evaluated on the power system datasets for multiclass attacks to measure its reliability for detecting suspicious activities. The experimental results outperform three techniques in the above terms, showing the efficiency and effectiveness of the proposed technique to be utilized for current SCADA systems.
{"title":"Privacy preservation intrusion detection technique for SCADA systems","authors":"Marwa Keshk, Nour Moustafa, E. Sitnikova, Gideon Creech","doi":"10.1109/MILCIS.2017.8190422","DOIUrl":"https://doi.org/10.1109/MILCIS.2017.8190422","url":null,"abstract":"Supervisory Control and Data Acquisition (SCADA) systems face the absence of a protection technique that can beat different types of intrusions and protect the data from disclosure while handling this data using other applications, specifically Intrusion Detection System (IDS). The SCADA system can manage the critical infrastructure of industrial control environments. Protecting sensitive information is a difficult task to achieve in reality with the connection of physical and digital systems. Hence, privacy preservation techniques have become effective in order to protect sensitive/private information and to detect malicious activities, but they are not accurate in terms of error detection, sensitivity percentage of data disclosure. In this paper, we propose a new Privacy Preservation Intrusion Detection (PPID) technique based on the correlation coefficient and Expectation Maximisation (EM) clustering mechanisms for selecting important portions of data and recognizing intrusive events. This technique is evaluated on the power system datasets for multiclass attacks to measure its reliability for detecting suspicious activities. The experimental results outperform three techniques in the above terms, showing the efficiency and effectiveness of the proposed technique to be utilized for current SCADA systems.","PeriodicalId":227691,"journal":{"name":"2017 Military Communications and Information Systems Conference (MilCIS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131447165","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2017-09-24DOI: 10.1109/MILCIS.2017.8190424
Nicholas Micallef, N. Arachchilage
Fallback authentication is used to retrieve forgotten passwords. Security questions are one of the main techniques used to conduct fallback authentication. In this paper, we propose a serious game design that uses system-generated security questions with the aim of improving the usability of fallback authentication. For this purpose, we adopted the popular picture-based ‘4 Pics 1 word’ mobile game. This game was selected because of its use of pictures and cues, which previous psychology research found to be crucial to aid memorability. This game asks users to pick the word that relates to the given pictures. We then customized this game by adding features which help maximize the following memory retrieval skills: (a) verbal cues — by providing hints with verbal descriptions; (b) spatial cues — by maintaining the same order of pictures; (c) graphical cues — by showing 4 images for each challenge; (d) interactivity/engaging nature of the game.
{"title":"Changing users' security behaviour towards security questions: A game based learning approach","authors":"Nicholas Micallef, N. Arachchilage","doi":"10.1109/MILCIS.2017.8190424","DOIUrl":"https://doi.org/10.1109/MILCIS.2017.8190424","url":null,"abstract":"Fallback authentication is used to retrieve forgotten passwords. Security questions are one of the main techniques used to conduct fallback authentication. In this paper, we propose a serious game design that uses system-generated security questions with the aim of improving the usability of fallback authentication. For this purpose, we adopted the popular picture-based ‘4 Pics 1 word’ mobile game. This game was selected because of its use of pictures and cues, which previous psychology research found to be crucial to aid memorability. This game asks users to pick the word that relates to the given pictures. We then customized this game by adding features which help maximize the following memory retrieval skills: (a) verbal cues — by providing hints with verbal descriptions; (b) spatial cues — by maintaining the same order of pictures; (c) graphical cues — by showing 4 images for each challenge; (d) interactivity/engaging nature of the game.","PeriodicalId":227691,"journal":{"name":"2017 Military Communications and Information Systems Conference (MilCIS)","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2017-09-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131590556","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: