首页 > 最新文献

2010 Second International Conference on Communication Software and Networks最新文献

英文 中文
Network Traffic Analysis and Intrusion Detection Using Packet Sniffer 基于数据包嗅探器的网络流量分析与入侵检测
Pub Date : 2010-02-26 DOI: 10.1109/ICCSN.2010.104
M. Qadeer, A. Iqbal, Mohammad Zahid, M. Siddiqui
Computer software that can intercept and log traffic passing over a digital network or part of a network is better known as packet sniffer. The sniffer captures these packets by setting the NIC card in the promiscuous mode and eventually decodes them. The decoded information can be used in any way depending upon the intention of the person concerned who decodes the data (i.e. malicious or beneficial purpose). Depending on the network structure one can sniff all or just parts of the traffic from a single machine within the network. However, there are some methods to avoid traffic narrowing by switches to gain access to traffic from other systems on the network. This paper focuses on the basics of packet sniffer and its working, development of the tool on Linux platform and its use for Intrusion Detection. It also discusses ways to detect the presence of such software on the network and to handle them in an efficient way. Focus has also been laid to analyze the bottleneck scenario arising in the network, using this self developed packet sniffer. Before the development of this indigenous software, minute observation has been made on the working behavior of already existing sniffer software such as wireshark (formerly known as ethereal), tcpdump, and snort, which serve as the base for the development of our sniffer software. For the capture of the packets, a library known as libpcap has been used. The development of such software gives a chance to the developer to incorporate the additional features that are not in the existing one.
能够拦截和记录通过数字网络或网络的一部分的通信的计算机软件被称为数据包嗅探器。嗅探器通过将网卡设置为混杂模式来捕获这些数据包,并最终对其进行解码。解码后的信息可以以任何方式使用,这取决于解码数据的有关人员的意图(即恶意或有益的目的)。根据网络结构的不同,可以嗅探来自网络中单个机器的全部或部分流量。但是,有一些方法可以避免交换机缩小流量,以便访问网络上其他系统的流量。本文主要介绍了数据包嗅探器的基本原理、工作原理、在Linux平台上的开发以及在入侵检测中的应用。本文还讨论了如何检测网络上存在的此类软件,并以有效的方式处理它们。重点分析了在网络中出现的瓶颈场景,并使用了自主开发的数据包嗅探器。在开发这个本地软件之前,已经对现有嗅探器软件(如wireshark(以前称为ethereal)、tcpdump和snort)的工作行为进行了详细的观察,这些嗅探器软件是开发我们的嗅探器软件的基础。为了捕获数据包,使用了libpcap库。这种软件的开发为开发人员提供了一个机会,可以将现有软件中没有的附加功能合并在一起。
{"title":"Network Traffic Analysis and Intrusion Detection Using Packet Sniffer","authors":"M. Qadeer, A. Iqbal, Mohammad Zahid, M. Siddiqui","doi":"10.1109/ICCSN.2010.104","DOIUrl":"https://doi.org/10.1109/ICCSN.2010.104","url":null,"abstract":"Computer software that can intercept and log traffic passing over a digital network or part of a network is better known as packet sniffer. The sniffer captures these packets by setting the NIC card in the promiscuous mode and eventually decodes them. The decoded information can be used in any way depending upon the intention of the person concerned who decodes the data (i.e. malicious or beneficial purpose). Depending on the network structure one can sniff all or just parts of the traffic from a single machine within the network. However, there are some methods to avoid traffic narrowing by switches to gain access to traffic from other systems on the network. This paper focuses on the basics of packet sniffer and its working, development of the tool on Linux platform and its use for Intrusion Detection. It also discusses ways to detect the presence of such software on the network and to handle them in an efficient way. Focus has also been laid to analyze the bottleneck scenario arising in the network, using this self developed packet sniffer. Before the development of this indigenous software, minute observation has been made on the working behavior of already existing sniffer software such as wireshark (formerly known as ethereal), tcpdump, and snort, which serve as the base for the development of our sniffer software. For the capture of the packets, a library known as libpcap has been used. The development of such software gives a chance to the developer to incorporate the additional features that are not in the existing one.","PeriodicalId":255246,"journal":{"name":"2010 Second International Conference on Communication Software and Networks","volume":"92 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121472353","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 127
An Enhanced Media-Independent Pre-authentication Framework for Preventing Packet Loss 一种增强的防止丢包的独立于媒体的预认证框架
Pub Date : 2010-02-26 DOI: 10.1109/ICCSN.2010.52
Lun-Huo Yeh, Shun-Neng Yang, Wei-Kuo Chiang
Media-Independent Pre-Authentication (MPA) is used as a secure handover optimization scheme working over any link layer. With MPA, a mobile node (the MN) can establish a security association with a candidate target network (CTN), obtain an IP address and other parameters from the CTN, and complete the binding update of any mobility management protocol with the new care-of address (nCoA) before performing a handover at the link layer. This can significantly reduce handover delay. However, the packets transmitted to the MN may be lost if a link layer handover occurs due to the link going down before the MN completes the binding update. The possible simultaneous mobility problem also gives rise to undesirable handover delay. In this paper, we design a framework called enhanced MPA (eMPA) by improving handover execution procedures of MPA. When a MN decides to perform handover at the link layer, it will request to create an IPSec tunnel between its nCoA and old access router (oAR) before deleting the proactive handover tunnel (PHT) that created between the MN and new access router (nAR). Then data packets sent to the oAR will be forwarded to the MN with the nCoA via nAR. Then the nAR will start to buffer those packets until the MN sends an explicit signal to stop buffering and flushes the packets after completing handover at the link layer. In addition, we present a binding update retransmission mechanism in the eMPA to resolve control plane packet timeout problem. With this mechanism, we can prevent packet loss during the handover.
MPA (Media-Independent Pre-Authentication)是一种适用于任何链路层的安全切换优化方案。通过MPA,移动节点(MN)可以与候选目标网络(CTN)建立安全关联,从候选目标网络(CTN)获取IP地址等参数,并在执行链路层切换之前,将任何移动管理协议与新的看护地址(nCoA)完成绑定更新。这可以显著减少切换延迟。但是,如果在MN完成绑定更新之前,由于链路断开而发生链路层切换,则发送到MN的数据包可能会丢失。同时可能出现的机动性问题也会导致不希望出现的交接延迟。本文通过改进MPA的移交执行流程,设计了一个增强MPA (enhanced MPA)框架。当MN决定在链路层进行切换时,它会请求在其nCoA和旧接入路由器(oAR)之间创建IPSec隧道,然后删除在MN和新接入路由器(nAR)之间创建的主动切换隧道(PHT)。然后发送到oAR的数据包将通过nAR与nCoA一起转发到MN。然后,nAR将开始缓冲这些数据包,直到MN发送明确的信号停止缓冲,并在链路层完成切换后刷新数据包。此外,我们提出了一种绑定更新重传机制来解决控制平面数据包超时问题。通过这种机制,我们可以防止在切换过程中丢包。
{"title":"An Enhanced Media-Independent Pre-authentication Framework for Preventing Packet Loss","authors":"Lun-Huo Yeh, Shun-Neng Yang, Wei-Kuo Chiang","doi":"10.1109/ICCSN.2010.52","DOIUrl":"https://doi.org/10.1109/ICCSN.2010.52","url":null,"abstract":"Media-Independent Pre-Authentication (MPA) is used as a secure handover optimization scheme working over any link layer. With MPA, a mobile node (the MN) can establish a security association with a candidate target network (CTN), obtain an IP address and other parameters from the CTN, and complete the binding update of any mobility management protocol with the new care-of address (nCoA) before performing a handover at the link layer. This can significantly reduce handover delay. However, the packets transmitted to the MN may be lost if a link layer handover occurs due to the link going down before the MN completes the binding update. The possible simultaneous mobility problem also gives rise to undesirable handover delay. In this paper, we design a framework called enhanced MPA (eMPA) by improving handover execution procedures of MPA. When a MN decides to perform handover at the link layer, it will request to create an IPSec tunnel between its nCoA and old access router (oAR) before deleting the proactive handover tunnel (PHT) that created between the MN and new access router (nAR). Then data packets sent to the oAR will be forwarded to the MN with the nCoA via nAR. Then the nAR will start to buffer those packets until the MN sends an explicit signal to stop buffering and flushes the packets after completing handover at the link layer. In addition, we present a binding update retransmission mechanism in the eMPA to resolve control plane packet timeout problem. With this mechanism, we can prevent packet loss during the handover.","PeriodicalId":255246,"journal":{"name":"2010 Second International Conference on Communication Software and Networks","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122208896","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
QoS-Satisfied Dynamic Routing Based on Overlay Service Network 基于覆盖业务网络的qos满足动态路由
Pub Date : 2010-02-26 DOI: 10.1109/ICCSN.2010.99
Amir Karamoozian, Mostafa Erfani, A. Abdullah
In recent years, overlay networks have emerged as an approach to provide a general framework for new applications and services to be implemented without significant changes in the IP-layer network infrastructure. Overlay Service Network (OSN) is a unified framework which acts as a top layer over the IP-layer network and makes overlay routing feasible. This paper mainly focuses on designing a QoS-satisfied dynamic overlay routing protocol based on OSN framework. While satisfying the QoS requirements, being a dynamic routing protocol enhances the reliability and performance of the routing. So the proposed algorithm not only satisfies the application QoS requirements, but also improves the routing performance. The goals are: (1) to discover an overlay path which fulfills the QoS requirements, as well as (2) balancing the computational capacity of the resources and at the same time, (3) enhance the performance of the overlay network. To achieve these goals, we propose a path selection algorithm called Modified Least-Cost Path (MLCP) algorithm. Our simulation experiments have shown that the proposed algorithm performs well in achieving QoS-satisfied overlay routing while maintaining the performance.
近年来,覆盖网络作为一种方法出现,它为新应用和服务的实现提供了一个通用框架,而无需对ip层网络基础设施进行重大更改。OSN (Overlay Service Network)是一个统一的框架,它作为ip层网络的顶层,使覆盖路由成为可能。本文主要研究了一种基于OSN框架的满足qos的动态覆盖路由协议的设计。动态路由协议在满足QoS要求的同时,提高了路由的可靠性和性能。因此,该算法既满足了应用对QoS的要求,又提高了路由性能。目标是:(1)发现一条满足QoS要求的覆盖路径;(2)平衡资源的计算能力;同时(3)提高覆盖网络的性能。为了实现这些目标,我们提出了一种路径选择算法,称为修正最小代价路径(MLCP)算法。仿真实验表明,该算法在保持性能的同时,能够很好地实现满足qos的覆盖路由。
{"title":"QoS-Satisfied Dynamic Routing Based on Overlay Service Network","authors":"Amir Karamoozian, Mostafa Erfani, A. Abdullah","doi":"10.1109/ICCSN.2010.99","DOIUrl":"https://doi.org/10.1109/ICCSN.2010.99","url":null,"abstract":"In recent years, overlay networks have emerged as an approach to provide a general framework for new applications and services to be implemented without significant changes in the IP-layer network infrastructure. Overlay Service Network (OSN) is a unified framework which acts as a top layer over the IP-layer network and makes overlay routing feasible. This paper mainly focuses on designing a QoS-satisfied dynamic overlay routing protocol based on OSN framework. While satisfying the QoS requirements, being a dynamic routing protocol enhances the reliability and performance of the routing. So the proposed algorithm not only satisfies the application QoS requirements, but also improves the routing performance. The goals are: (1) to discover an overlay path which fulfills the QoS requirements, as well as (2) balancing the computational capacity of the resources and at the same time, (3) enhance the performance of the overlay network. To achieve these goals, we propose a path selection algorithm called Modified Least-Cost Path (MLCP) algorithm. Our simulation experiments have shown that the proposed algorithm performs well in achieving QoS-satisfied overlay routing while maintaining the performance.","PeriodicalId":255246,"journal":{"name":"2010 Second International Conference on Communication Software and Networks","volume":"272 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122769517","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Testability Models for Structured Programs 结构化程序的可测试性模型
Pub Date : 2010-02-26 DOI: 10.1109/ICCSN.2010.112
Chhattar Singh Lamba
In this paper I investigate factors of the testability of structured programs. The starting point is given by a study of the literature to obtain both an initial model of testability and existing models related to testability. The main objective of this paper is to propose models for the estimation of testability (Tb), on the basis of various affecting attributes. The values of the attributes were estimated for programs under consideration with the help of software developed for this purpose. The models proposed conform to our intuitive reasoning
本文研究了影响结构化程序可测试性的因素。本文的出发点是通过对文献的研究,得到可测性的初始模型和现有的可测性相关模型。本文的主要目的是在各种影响属性的基础上,提出可测性(Tb)的估计模型。在为此目的开发的软件的帮助下,对所考虑的程序的属性值进行了估计。提出的模型符合我们的直觉推理
{"title":"Testability Models for Structured Programs","authors":"Chhattar Singh Lamba","doi":"10.1109/ICCSN.2010.112","DOIUrl":"https://doi.org/10.1109/ICCSN.2010.112","url":null,"abstract":"In this paper I investigate factors of the testability of structured programs. The starting point is given by a study of the literature to obtain both an initial model of testability and existing models related to testability. The main objective of this paper is to propose models for the estimation of testability (Tb), on the basis of various affecting attributes. The values of the attributes were estimated for programs under consideration with the help of software developed for this purpose. The models proposed conform to our intuitive reasoning","PeriodicalId":255246,"journal":{"name":"2010 Second International Conference on Communication Software and Networks","volume":"1 2","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"113954279","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
User-Categorized Tags to Build a Structured Folksonomy 用户分类标签构建结构化大众分类法
Pub Date : 2010-02-26 DOI: 10.1109/ICCSN.2010.36
Donghee Yoo, Yongmoo Suh
With the coming of Web 2.0, folksonomy has emerged to help users share web-based information created by users. The basic components of folksonomy are user-inputted tags, but a major problem is that the semantics of tags are not obvious because there is no hierarchy and no relationships among the tags. To minimize these problems, this paper suggests a user-categorized tag that freely defines the category of the tag when the user inputs it. Based on the user-categorized tags, a structured folksonomy is automatically created. This paper develops a prototype as web-based document management system to describe how a structured folksonomy can be useful.
随着Web 2.0的到来,大众分类法应运而生,帮助用户共享用户创建的基于Web的信息。大众分类法的基本组成部分是用户输入的标签,但一个主要问题是标签的语义不明显,因为标签之间没有层次结构和关系。为了减少这些问题,本文提出了一种用户分类标签,当用户输入标签时,它可以自由定义标签的类别。基于用户分类的标记,将自动创建结构化的大众分类法。本文开发了一个基于web的文档管理系统原型,以描述结构化的大众分类法如何发挥作用。
{"title":"User-Categorized Tags to Build a Structured Folksonomy","authors":"Donghee Yoo, Yongmoo Suh","doi":"10.1109/ICCSN.2010.36","DOIUrl":"https://doi.org/10.1109/ICCSN.2010.36","url":null,"abstract":"With the coming of Web 2.0, folksonomy has emerged to help users share web-based information created by users. The basic components of folksonomy are user-inputted tags, but a major problem is that the semantics of tags are not obvious because there is no hierarchy and no relationships among the tags. To minimize these problems, this paper suggests a user-categorized tag that freely defines the category of the tag when the user inputs it. Based on the user-categorized tags, a structured folksonomy is automatically created. This paper develops a prototype as web-based document management system to describe how a structured folksonomy can be useful.","PeriodicalId":255246,"journal":{"name":"2010 Second International Conference on Communication Software and Networks","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121086218","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
The Application of Service-Oriented Architecture in E-complaint System 面向服务体系结构在电子投诉系统中的应用
Pub Date : 2010-02-26 DOI: 10.1109/ICCSN.2010.107
A. Najar, Hassan Awad Hassan Al-Sukhni, Navid Aghakhani
in this study researcher tried to improve relation between citizens and government by presenting a new model based on Service Oriented Architecture (SOA). With utilizing the presented model in government body on one hand governments will have the ability to minimize citizens’ dissatisfaction and on the other hand it can encourage citizens to participate in controlling government body such as governments’ staffs and organizations. This study can also be helpful in other fields of e-government in terms of citizen adoption and citizen loyalty. Results of this study can be a good reference to find out users needs from e-complaint and the importance of complaint in the body of government.
在本研究中,研究者试图通过提出一个基于面向服务的体系结构(SOA)的新模型来改善公民与政府之间的关系。通过在政府机构中使用所提出的模型,一方面政府将有能力最大限度地减少公民的不满,另一方面它可以鼓励公民参与控制政府机构,如政府工作人员和组织。本研究对电子政务其他领域的公民采纳和公民忠诚也有一定的借鉴意义。本研究结果可为了解用户对电子投诉的需求及投诉在政府机构中的重要性提供良好的参考。
{"title":"The Application of Service-Oriented Architecture in E-complaint System","authors":"A. Najar, Hassan Awad Hassan Al-Sukhni, Navid Aghakhani","doi":"10.1109/ICCSN.2010.107","DOIUrl":"https://doi.org/10.1109/ICCSN.2010.107","url":null,"abstract":"in this study researcher tried to improve relation between citizens and government by presenting a new model based on Service Oriented Architecture (SOA). With utilizing the presented model in government body on one hand governments will have the ability to minimize citizens’ dissatisfaction and on the other hand it can encourage citizens to participate in controlling government body such as governments’ staffs and organizations. This study can also be helpful in other fields of e-government in terms of citizen adoption and citizen loyalty. Results of this study can be a good reference to find out users needs from e-complaint and the importance of complaint in the body of government.","PeriodicalId":255246,"journal":{"name":"2010 Second International Conference on Communication Software and Networks","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117104402","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 13
Performance of UWB MIMO Systems with Rake Receive Processing 采用Rake接收处理的UWB MIMO系统性能研究
Pub Date : 2010-02-26 DOI: 10.1109/ICCSN.2010.11
J. An, Sangchoon Kim
In this paper, a rake diversity combining scheme for detection of a single data stream in ultra-wideband (UWB) multiple input multiple output (MIMO) systems is considered as an extension of single input multiple output (SIMO) systems. The BER performance of a linear receive rake diversity scheme is presented in a log-normal multipath fading channel. It is shown that the increase of an antenna dimension happens to degrade the performance in the range of high SNRs. It is seen that as the number of transmit and receive antennas increases, the rake diversity combining system improves the performance at low SNRs or in the case of large antenna dimension at high SNRs.
本文提出了一种用于超宽带(UWB)多输入多输出(MIMO)系统中单个数据流检测的rake分集组合方案,作为单输入多输出(SIMO)系统的扩展。研究了对数正态多径衰落信道下线性接收rake分集方案的误码率性能。结果表明,在高信噪比范围内,天线尺寸的增大会导致性能下降。可以看出,随着发射和接收天线数量的增加,rake分集组合系统在低信噪比或高信噪比下天线尺寸较大的情况下,性能得到了提高。
{"title":"Performance of UWB MIMO Systems with Rake Receive Processing","authors":"J. An, Sangchoon Kim","doi":"10.1109/ICCSN.2010.11","DOIUrl":"https://doi.org/10.1109/ICCSN.2010.11","url":null,"abstract":"In this paper, a rake diversity combining scheme for detection of a single data stream in ultra-wideband (UWB) multiple input multiple output (MIMO) systems is considered as an extension of single input multiple output (SIMO) systems. The BER performance of a linear receive rake diversity scheme is presented in a log-normal multipath fading channel. It is shown that the increase of an antenna dimension happens to degrade the performance in the range of high SNRs. It is seen that as the number of transmit and receive antennas increases, the rake diversity combining system improves the performance at low SNRs or in the case of large antenna dimension at high SNRs.","PeriodicalId":255246,"journal":{"name":"2010 Second International Conference on Communication Software and Networks","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116428810","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Hybrid Framework for Behavioral Prediction of Network Attack Using Honeypot and Dynamic Rule Creation with Different Context for Dynamic Blacklisting 基于蜜罐和动态规则创建的网络攻击行为预测混合框架
Pub Date : 2010-02-26 DOI: 10.1109/ICCSN.2010.82
Renuka Prasad B, A. Abraham
Honeypots are decoys designed to trap, delay, and gather information about attackers. All the previous work in the field was related mainly to intrusion detection system, but in this research work, the highlight is more focused on the novel approach of creation of a Honeypot schema which is powered by intelligence along with the design of classifier. The output generated by the classifier generates a dynamic list of attacks, which are then queued in the proposed Honeypot architecture built with neural network to understand various approach of behavior and patterns of the attacker. The network administrator collects all such relevant information over the network itself allowing the inbound network connection from the attacker to do so and the system creates a hybrid framework to prevent the probability of vulnerable and hostile situation over the network even before the attack event is performed by the attacker.
蜜罐是设计用来诱捕、延迟和收集攻击者信息的诱饵。该领域以往的研究主要集中在入侵检测系统方面,而本研究的重点是基于智能的蜜罐模式的创建方法以及分类器的设计。分类器生成的输出生成一个动态攻击列表,然后将这些攻击列表在基于神经网络构建的蜜罐架构中排队,以了解攻击者的各种行为方法和模式。网络管理员通过网络本身收集所有这些相关信息,允许来自攻击者的入站网络连接这样做,系统创建一个混合框架,以防止在攻击者执行攻击事件之前网络上出现脆弱和敌对情况的可能性。
{"title":"Hybrid Framework for Behavioral Prediction of Network Attack Using Honeypot and Dynamic Rule Creation with Different Context for Dynamic Blacklisting","authors":"Renuka Prasad B, A. Abraham","doi":"10.1109/ICCSN.2010.82","DOIUrl":"https://doi.org/10.1109/ICCSN.2010.82","url":null,"abstract":"Honeypots are decoys designed to trap, delay, and gather information about attackers. All the previous work in the field was related mainly to intrusion detection system, but in this research work, the highlight is more focused on the novel approach of creation of a Honeypot schema which is powered by intelligence along with the design of classifier. The output generated by the classifier generates a dynamic list of attacks, which are then queued in the proposed Honeypot architecture built with neural network to understand various approach of behavior and patterns of the attacker. The network administrator collects all such relevant information over the network itself allowing the inbound network connection from the attacker to do so and the system creates a hybrid framework to prevent the probability of vulnerable and hostile situation over the network even before the attack event is performed by the attacker.","PeriodicalId":255246,"journal":{"name":"2010 Second International Conference on Communication Software and Networks","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127778297","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
MMS Routing for Wireless Sensor Networks 无线传感器网络的MMS路由
Pub Date : 2010-02-26 DOI: 10.1109/ICCSN.2010.67
M. Premi, K. S. Shaji
In recent days the advancement in the wireless communication is with that of wireless sensor networks. In Wireless Sensor Networks (WSNs) the data are collected from many sensor nodes by the base station which is the goal of the network. In this type of WSNs, the major constraints are low energy, limited bandwidth and less memory. With these constraints in mind we propose a method to reduce the energy consumption with maximum data collection. In this new method we use multiple mobile sinks (MMS) instead of a single mobile sink. Here we have considered three scenarios. In the first scenario, all nodes are interested to send data to only one sink. In the second and third scenario all nodes are interested to send the data to any other mobile sink among the selected group of mobile sinks. We have simulated using MATLAB and the simulated results show that the update energy cost is reduced when two or more number of sinks are used.
近年来,无线通信的发展伴随着无线传感器网络的发展。在无线传感器网络(WSNs)中,基站从多个传感器节点收集数据,这是网络的目标。在这种类型的无线传感器网络中,主要的限制是低能量、有限的带宽和较少的内存。考虑到这些限制,我们提出了一种通过最大限度地收集数据来减少能耗的方法。在这种新方法中,我们使用多个移动接收器(MMS)而不是单个移动接收器。这里我们考虑了三种场景。在第一个场景中,所有节点只对将数据发送到一个接收器感兴趣。在第二个和第三个场景中,所有节点都有兴趣将数据发送到选定的移动接收器组中的任何其他移动接收器。利用MATLAB进行了仿真,仿真结果表明,使用两个或两个以上的集散点可以降低更新能耗。
{"title":"MMS Routing for Wireless Sensor Networks","authors":"M. Premi, K. S. Shaji","doi":"10.1109/ICCSN.2010.67","DOIUrl":"https://doi.org/10.1109/ICCSN.2010.67","url":null,"abstract":"In recent days the advancement in the wireless communication is with that of wireless sensor networks. In Wireless Sensor Networks (WSNs) the data are collected from many sensor nodes by the base station which is the goal of the network. In this type of WSNs, the major constraints are low energy, limited bandwidth and less memory. With these constraints in mind we propose a method to reduce the energy consumption with maximum data collection. In this new method we use multiple mobile sinks (MMS) instead of a single mobile sink. Here we have considered three scenarios. In the first scenario, all nodes are interested to send data to only one sink. In the second and third scenario all nodes are interested to send the data to any other mobile sink among the selected group of mobile sinks. We have simulated using MATLAB and the simulated results show that the update energy cost is reduced when two or more number of sinks are used.","PeriodicalId":255246,"journal":{"name":"2010 Second International Conference on Communication Software and Networks","volume":"99 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126914721","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Fusion Based Approach for Distributed Alarm Correlation in Computer Networks 基于融合的计算机网络分布式报警关联方法
Pub Date : 2010-02-26 DOI: 10.1109/ICCSN.2010.65
A. Mohamed, O. Basir
We propose a new distributed alarm correlation and fault identification in computer networks. The managed network is divided into a disjoint management domains and each management domain is assigned a dedicated intelligent agent. The intelligent agent is responsible for collecting, analyzing, and correlating alarms emitted form emitted from its constituent entities in its domain. In the framework of Dempster-Shafer evidence theory, each agent perceives each alarm as a piece of evidence in the occurrence of a certain fault hypothesis and correlates the received alarms into a single alarm called local composite alarm, which encapsulates the agent’s partial view of the current status of the managed system. While the alarm correlation process is performed locally, each intelligent agent is able to correlate its alarms globally. These local composite alarms are, in turn, sent to a higher agent whose task is to fuse these alarms and form a global view of operation status of the running network. Extensive experimentations have demonstrated that the proposed approach is more alarm loss tolerant than the codebook based approaches and hence shown its effectiveness in a usually noisy network environment.
提出了一种新的分布式报警关联与故障识别方法。被管理网络被划分为多个互不关联的管理域,每个管理域分配一个专用的智能代理。智能代理负责收集、分析和关联其域内组成实体发出的警报。在Dempster-Shafer证据理论的框架中,每个agent将每个报警感知为某一故障假设发生的证据,并将接收到的报警关联成单个报警,称为局部复合报警,该报警封装了agent对被管理系统当前状态的局部视图。当警报关联过程在本地执行时,每个智能代理都能够全局关联其警报。这些本地复合告警再被发送给上级代理,上级代理的任务是融合这些告警,形成运行网络运行状态的全局视图。大量的实验表明,该方法比基于码本的方法更能容忍报警损失,因此在通常嘈杂的网络环境中显示出其有效性。
{"title":"Fusion Based Approach for Distributed Alarm Correlation in Computer Networks","authors":"A. Mohamed, O. Basir","doi":"10.1109/ICCSN.2010.65","DOIUrl":"https://doi.org/10.1109/ICCSN.2010.65","url":null,"abstract":"We propose a new distributed alarm correlation and fault identification in computer networks. The managed network is divided into a disjoint management domains and each management domain is assigned a dedicated intelligent agent. The intelligent agent is responsible for collecting, analyzing, and correlating alarms emitted form emitted from its constituent entities in its domain. In the framework of Dempster-Shafer evidence theory, each agent perceives each alarm as a piece of evidence in the occurrence of a certain fault hypothesis and correlates the received alarms into a single alarm called local composite alarm, which encapsulates the agent’s partial view of the current status of the managed system. While the alarm correlation process is performed locally, each intelligent agent is able to correlate its alarms globally. These local composite alarms are, in turn, sent to a higher agent whose task is to fuse these alarms and form a global view of operation status of the running network. Extensive experimentations have demonstrated that the proposed approach is more alarm loss tolerant than the codebook based approaches and hence shown its effectiveness in a usually noisy network environment.","PeriodicalId":255246,"journal":{"name":"2010 Second International Conference on Communication Software and Networks","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-02-26","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127439669","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
期刊
2010 Second International Conference on Communication Software and Networks
全部 Acc. Chem. Res. ACS Applied Bio Materials ACS Appl. Electron. Mater. ACS Appl. Energy Mater. ACS Appl. Mater. Interfaces ACS Appl. Nano Mater. ACS Appl. Polym. Mater. ACS BIOMATER-SCI ENG ACS Catal. ACS Cent. Sci. ACS Chem. Biol. ACS Chemical Health & Safety ACS Chem. Neurosci. ACS Comb. Sci. ACS Earth Space Chem. ACS Energy Lett. ACS Infect. Dis. ACS Macro Lett. ACS Mater. Lett. ACS Med. Chem. Lett. ACS Nano ACS Omega ACS Photonics ACS Sens. ACS Sustainable Chem. Eng. ACS Synth. Biol. Anal. Chem. BIOCHEMISTRY-US Bioconjugate Chem. BIOMACROMOLECULES Chem. Res. Toxicol. Chem. Rev. Chem. Mater. CRYST GROWTH DES ENERG FUEL Environ. Sci. Technol. Environ. Sci. Technol. Lett. Eur. J. Inorg. Chem. IND ENG CHEM RES Inorg. Chem. J. Agric. Food. Chem. J. Chem. Eng. Data J. Chem. Educ. J. Chem. Inf. Model. J. Chem. Theory Comput. J. Med. Chem. J. Nat. Prod. J PROTEOME RES J. Am. Chem. Soc. LANGMUIR MACROMOLECULES Mol. Pharmaceutics Nano Lett. Org. Lett. ORG PROCESS RES DEV ORGANOMETALLICS J. Org. Chem. J. Phys. Chem. J. Phys. Chem. A J. Phys. Chem. B J. Phys. Chem. C J. Phys. Chem. Lett. Analyst Anal. Methods Biomater. Sci. Catal. Sci. Technol. Chem. Commun. Chem. Soc. Rev. CHEM EDUC RES PRACT CRYSTENGCOMM Dalton Trans. Energy Environ. Sci. ENVIRON SCI-NANO ENVIRON SCI-PROC IMP ENVIRON SCI-WAT RES Faraday Discuss. Food Funct. Green Chem. Inorg. Chem. Front. Integr. Biol. J. Anal. At. Spectrom. J. Mater. Chem. A J. Mater. Chem. B J. Mater. Chem. C Lab Chip Mater. Chem. Front. Mater. Horiz. MEDCHEMCOMM Metallomics Mol. Biosyst. Mol. Syst. Des. Eng. Nanoscale Nanoscale Horiz. Nat. Prod. Rep. New J. Chem. Org. Biomol. Chem. Org. Chem. Front. PHOTOCH PHOTOBIO SCI PCCP Polym. Chem.
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1