Apple’s iMac computers are promoted by the Apple Inc. to be secure, safe, virus free and fast computers. In this experimental paper, we evaluate the security offered by the iMac computers with its usual Leopard Operating System, against ARP-based flooding attacks in a Gigabit LAN environment. We compared the effect of ARP attacks on Leopard OS against those on the Windows XP-SP2 when installed on the same iMac platform under the same network attack environment. ARP-based flooding attacks can originate in a LAN environment, which can impact a victim computer with a barrage of ARP requests, and there by exhausting resource of the victim computers in processing these requests. To study the impact on iMac computers, we created the ARP traffic in a controlled lab environment to test against iMac computer that first deployed Leopard OS and then later the same iMac platform was made to rather use Windows XP OS. It was found that the Apple’s iMac computer using its usual Leopard operating system crashed even under low bandwidth of ARP-based attack traffic, requiring forced reboot of the iMac computer. Interestingly, when compared with Microsoft’s Windows XP-SP2 operating system, deployed on the same iMac platform, the computer was able to sustain the attack and didn’t crash. Our discovery of this vulnerability shows that Apple’s popular operating systems namely Leopards commonly deployed on iMacs are prone to crash under ARP-based security attacks.
{"title":"Is Apple's iMac Leopard Operating System Secure under ARP-Based Flooding Attacks?","authors":"Sirisha Surisetty, Sanjeev Kumar","doi":"10.1109/ICIMP.2010.30","DOIUrl":"https://doi.org/10.1109/ICIMP.2010.30","url":null,"abstract":"Apple’s iMac computers are promoted by the Apple Inc. to be secure, safe, virus free and fast computers. In this experimental paper, we evaluate the security offered by the iMac computers with its usual Leopard Operating System, against ARP-based flooding attacks in a Gigabit LAN environment. We compared the effect of ARP attacks on Leopard OS against those on the Windows XP-SP2 when installed on the same iMac platform under the same network attack environment. ARP-based flooding attacks can originate in a LAN environment, which can impact a victim computer with a barrage of ARP requests, and there by exhausting resource of the victim computers in processing these requests. To study the impact on iMac computers, we created the ARP traffic in a controlled lab environment to test against iMac computer that first deployed Leopard OS and then later the same iMac platform was made to rather use Windows XP OS. It was found that the Apple’s iMac computer using its usual Leopard operating system crashed even under low bandwidth of ARP-based attack traffic, requiring forced reboot of the iMac computer. Interestingly, when compared with Microsoft’s Windows XP-SP2 operating system, deployed on the same iMac platform, the computer was able to sustain the attack and didn’t crash. Our discovery of this vulnerability shows that Apple’s popular operating systems namely Leopards commonly deployed on iMacs are prone to crash under ARP-based security attacks.","PeriodicalId":314947,"journal":{"name":"2010 Fifth International Conference on Internet Monitoring and Protection","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126318267","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Olli Knuuti, Timo Seppälä, Teemu Alapaholuoma, J. Ylinen, P. Loula, P. Kumpulainen, Kimmo Hätönen
Large-scale IP networks cause special challenges to the security. The network consists of a large number of devices with a vast variety of traffic behavior. Implementation of the intrusion detection and monitoring mechanisms are often ineffective or require a lot of hardware and human resources. In this paper we present a methodology to construct communication profiles by making a time series and clusters from selected network attributes. Using the method we can divide the network devices into different groups by their traffic behavior even if we don’t know the role of each device or the network topology. Most appropriate intrusion detection or monitoring mechanisms can be assigned to each device according to its profile. It is also possible to monitor the changes in the devices’ behavior by inspecting their changes from constructed profile cluster to another. The changes between different profiles can be considered abnormal or common variation in the usage.
{"title":"Constructing Communication Profiles by Clustering Selected Network Traffic Attributes","authors":"Olli Knuuti, Timo Seppälä, Teemu Alapaholuoma, J. Ylinen, P. Loula, P. Kumpulainen, Kimmo Hätönen","doi":"10.1109/ICIMP.2010.21","DOIUrl":"https://doi.org/10.1109/ICIMP.2010.21","url":null,"abstract":"Large-scale IP networks cause special challenges to the security. The network consists of a large number of devices with a vast variety of traffic behavior. Implementation of the intrusion detection and monitoring mechanisms are often ineffective or require a lot of hardware and human resources. In this paper we present a methodology to construct communication profiles by making a time series and clusters from selected network attributes. Using the method we can divide the network devices into different groups by their traffic behavior even if we don’t know the role of each device or the network topology. Most appropriate intrusion detection or monitoring mechanisms can be assigned to each device according to its profile. It is also possible to monitor the changes in the devices’ behavior by inspecting their changes from constructed profile cluster to another. The changes between different profiles can be considered abnormal or common variation in the usage.","PeriodicalId":314947,"journal":{"name":"2010 Fifth International Conference on Internet Monitoring and Protection","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124436776","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Quantitative models for security risk management in organizations are recently receiving an increased attention in the research community. This paper investigates the possibility of cooperation among autonomous divisions of an organization with dependent security assets and/or vulnerabilities for reducing overall security risks. A coalitional game is formulated for modeling cooperation possibilities among these divisions based on their both positive (synergies) and negative (vulnerabilities) interdependencies. The proposed game constitutes a framework that allows to investigate how an organization can maximize its total utility through cooperation among its different divisions. The introduced utility accounts for the gains from cooperation, in terms of an improved synergy among the divisions, and the costs for cooperation that account for the friction among the divisions (e.g. due to social and human factors) as well as the difficulty of managing large-sized divisions. Using the proposed game model, the illustrative cases of two-coalition cooperation, two-division cooperation as well as a practical scenario when using an ideal cooperation protocol are analyzed
{"title":"Coalitional Game Theory for Security Risk Management","authors":"W. Saad, T. Alpcan, T. Başar, A. Hjørungnes","doi":"10.1109/ICIMP.2010.14","DOIUrl":"https://doi.org/10.1109/ICIMP.2010.14","url":null,"abstract":"Quantitative models for security risk management in organizations are recently receiving an increased attention in the research community. This paper investigates the possibility of cooperation among autonomous divisions of an organization with dependent security assets and/or vulnerabilities for reducing overall security risks. A coalitional game is formulated for modeling cooperation possibilities among these divisions based on their both positive (synergies) and negative (vulnerabilities) interdependencies. The proposed game constitutes a framework that allows to investigate how an organization can maximize its total utility through cooperation among its different divisions. The introduced utility accounts for the gains from cooperation, in terms of an improved synergy among the divisions, and the costs for cooperation that account for the friction among the divisions (e.g. due to social and human factors) as well as the difficulty of managing large-sized divisions. Using the proposed game model, the illustrative cases of two-coalition cooperation, two-division cooperation as well as a practical scenario when using an ideal cooperation protocol are analyzed","PeriodicalId":314947,"journal":{"name":"2010 Fifth International Conference on Internet Monitoring and Protection","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117248282","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: