Due to rapid changes and consequent new threats to computer networks there is a need for the design of systems that enhance network security. These systems make network administrators fully aware of the potential vulnerability of their... more
Due to rapid changes and consequent new threats to computer networks there is a need for the design of systems that enhance network security. These systems make network administrators fully aware of the potential vulnerability of their networks. This paperdesigns a Network Monitoring System (NMS) which is an active defense and complex network surveillance platform designed for ISPs to meet their most rigorous security requirements. This system is motivated by the great needof government agencies, ecommerce companies and Web development organizations to secure their computer networks. The proposed system is also used by network administrators to enable them understand the vulnerabilities affecting computer networks.This enables these administrators to improve network security. The proposed system is a lawful network traffic (Internet Service Provider IP trffic) interception system with the main task of obtaining network communications, giving access to intercepted traffic to lawful authorities for the purpose of data analysis and/or evidence. Such data generally consist of signaling, network management information, or the content of network communications. The intercepted IP traffic is gathered and analyzed for network vulnerability in real time. Then, the corresponding TCP/UDP traffic (Web page, email message,VOIP calls, DHCP traffic, files transferred over the LAN such as HTML files, images, and video files, etc.) is rebuilt and displayed. Based on the results of the analysis of the rebuilt TCP/UDP an alarm could be generatedif amalicious behavior is detected. Experimental results show that the proposed system has many features that make it much better than existing similar tools such as wireshark.In addition, experimental results show that the proposed system has high accuracy and efficiency in regards to network packets capturing and corresponding Web pages restructuring. Index Terms—Network security, nework traffic interception, packet filtering, network malicious behavior, network attacks
College understudies are overwhelming clients of the Internet contrasted with the overall public, and they assume a pivotal part in securing the Internet, and assurance of PCs is left to the activity of the clients.The main aim of the... more
College understudies are overwhelming clients of the Internet contrasted with the overall public, and they assume a pivotal part in securing the Internet, and assurance of PCs is left to the activity of the clients.The main aim of the study is to investigate self-efficacy in the safe use of the internet for students. The volunteer participants used in this study consisted of a total of 99. The questionnaire is made up of 4 dimensions SNS, MS, WSS and CS which had 35 items altogether in total.The participants answered to items on 5 Likert Scale. The questionnaire reliability was calculated as 0.72. A questionnaire was used to collect data and was analysed and interpreted using SPSS. Frequency and percentage, Independent sample t-test, ANOVA, methods were used during the analysis process. According to the results of the study, students have good awareness of computer security on a general note, but specifically in terms of social networking sites, web security and malicious software, the majority of the students have little awareness of them. As a result, the study could help universities, government and even parents of students, in Cyprus and in other countries, to be able to access the Internet safely.
The attackers do not want their Malicious software (or malwares) to be reviled by anti-virus analyzer. In order to conceal their malware, malware programmers are getting utilize the anti reverse engineering techniques and code changing... more
The attackers do not want their Malicious software (or malwares) to be reviled by anti-virus analyzer. In order to conceal their malware, malware programmers are getting utilize the anti reverse engineering techniques and code changing techniques such as the packing, encoding and encryption techniques. Malware writers have learned that signature based detectors can be easily evaded by "packing" the malicious payload in layers of compression or encryption. State-of-the-art malware detectors have adopted both static and dynamic techniques to recover the payload of packed malware, but unfortunately such techniques are highly ineffective. If the malware is packed or encrypted, then it is very difficult to analyze. Therefore, to prevent the harmful effects of malware and to generate signatures for malware detection, the packed and encrypted executable codes must initially be unpacked. The first step of unpacking is to detect the packed executable files. The objective is to efficiently and accurately distinguish between packed and non-packed executables, so that only executables detected as packed will be sent to an general unpacker, thus saving a significant amount of processing time. The generic method of this paper show that it achieves very high detection accuracy of packed executables with a low average processing time. In this paper, a packed file detection technique based on complexity measured by several algorithms, and it has tested using a packed and unpacked dataset of file type .exe. The preliminary results are very promising where achieved high accuracy with enough performance. Where it achieved about 96% detection rate on packed files and 93% detection rate on unpacked files. The experiments also demonstrate that this generic technique can effectively prepared to detect unknown, obfuscated malware and cannot be evaded by known evade techniques.
Most of the recent work on Web security focuses on preventing attacks that directly harm the browser’s host machine and user. In this paper we attempt to quantify the threat of browsers being indirectly misused for attacking third... more
Most of the recent work on Web security focuses on preventing attacks that directly harm the browser’s host machine and user. In this paper we attempt to quantify the threat of browsers being indirectly misused for attacking third parties. Specifically, we look at how the existing Web infrastructure (e.g., the languages, protocols, and security policies) can be exploited by malicious or subverted websites to remotely instruct browsers to orchestrate actions including denial of service attacks, worm propagation and reconnaissance scans. We show that attackers are able to create powerful botnet-like infrastructures that can cause significant damage. We explore the effectiveness of countermeasures including anomaly detection and more fine-grained browser security policies.
In the computational world all kind of communication is now using USB as it is globally recognized hardware standard of communication. Removable devices are very useful portable storage devices which are generally used for transferring... more
In the computational world all kind of communication is now using USB as it is globally recognized hardware standard of communication. Removable devices are very useful portable storage devices which are generally used for transferring computer data from one computer to another. Commonly removable devices are used to store a variety of information, some of which are greatly important. It has become inevitable to secure our computer system from unauthorized individuals which may steal our personal data. This can happen by connecting any external storage device, thus we need to take proper precautions to protect data. With the requirement to guard important data present on the computer systems Removable Device Locker came into reality. It is inimitable type of system which is developed to secure the significant data in the computers. Using this system, user can restrict unauthorized access of removable devices. If the system administrator disables the device manager's universal serial bus controller's settings manually; even novice computer user can enable the above settings and can start accessing target machine. Instead of assembling USB settings manually Removable Device Locker can be used. The main idea of this application is to enable or disable the access of removable device to computer system.
In this digital world, security is the primary concern for users concerned about unauthorised access to their computer systems. At the same time, ransomware – a tool used by cyber criminals to encrypt the contents of a computer's file... more
In this digital world, security is the primary concern for users concerned about unauthorised access to their computer systems. At the same time, ransomware – a tool used by cyber criminals to encrypt the contents of a computer's file system without the permission or knowledge of the victim – is becoming increasingly common. Once the system is compromised – that is, the files are encrypted – the attacker forces users to pay a ransom, typically through online payment methods, to get a decryption key. Even if victims pay the ransom, there is no guarantee that the decryption key will be supplied, or access to their computer system restored. In this article, we propose a solution that prevents such an attack and secures computers using a new mechanism that identifies an attack and takes the necessary steps to defeat it by creating a large dummy file. When a large dummy file is being encrypted by an attacker – which takes some time because of the file size – the remaining contents of the file system are made non-accessible to the malware. The proposed mechanism has been tested in a real-time environment and proved beneficial.
—RecDroid is a smartphone permission management system which provides users with a fine-grained real-time app permission control and a recommendation system regarding whether to grant the permission or not based on expert users' responses... more
—RecDroid is a smartphone permission management system which provides users with a fine-grained real-time app permission control and a recommendation system regarding whether to grant the permission or not based on expert users' responses in the network. However, in such a system, malware owners may create multiple bot users to misguide the recommendation system by providing untruthful responses on the malicious app. Threshold-based detection method can detect malicious users which are dishonest on many apps, but it cannot detect malicious users that target on some specific apps. In this work, we present a clustering-based method called BotTracer to finding groups of bot users controlled by the same masters, which can be used to detect bot users with high reputation scores. The key part of the proposed method is to map the users into a graph based on their similarity and apply a clustering algorithm to group users together. We evaluate our method using a set of simulated users' profiles, including malicious users and regular ones. Our experimental results demonstrate high accuracy in terms of detecting malicious users. Finally, we discuss several clustering features and their impact on the clustering results.
Malicious software is a kind of software or codes which took some: private data, information from the PC framework, its tasks is to do only malicious objectives to the PC framework, without authorization of the PC clients. The effect of... more
Malicious software is a kind of software or codes which took some: private data, information from the PC framework, its tasks is to do only malicious objectives to the PC framework, without authorization of the PC clients. The effect of malicious software are worsen to the client. Malicious software i.e malwares are programs that are made to mischief, hinder or harm PCs, organizations and different assets related with it. Malwares are moved in PCs without the information on its proprietor. Presently malicious program is a serious threat. It is created to harm the PC framework and some of them are spread over the associated framework in the organization or web association. Analysts are making great efforts in malware framework field with compelling malware detection techniques to safeguard PC framework. Two essential methodologies have been proposed for it for example signature-based and heuristic-based detection. These methodologies distinguish known malware precisely yet can't distinguish the new, obscure malware. Recently various analysts have proposed malware identification framework utilizing data mining and machine learning strategies to distinguish between obscure and non-obscure malwares. In this paper, an detailed examination has been led on the present status of malware infection and work done for finding it.
Many countries around the world are implementing smart grids and smart meters. Malicious users that have moderate level of computer knowledge can manipulate smart meters and launch cyber-attacks. This poses cyber threats to network... more
Many countries around the world are implementing smart grids and smart meters. Malicious users that have moderate level of computer knowledge can manipulate smart meters and launch cyber-attacks. This poses cyber threats to network operators and government security. In order to reduce the number of electricity theft cases, companies need to develop preventive and protective methods to minimize the losses from this issue. In this paper, we propose a model based on software that detects malicious nodes in a smart grid network. The model collects data (electricity consumption/electric bill) from the nodes and compares it with previously obtained data. Support Vector Machine (SVM) model is implemented to classify nodes into good or malicious nodes by (high dimensional) giving the statues of 1 for good nodes and status of -1 for malicious (abnormal) nodes. The detection model also displays the network graphically as well as the data table. Moreover, this model displays the detection error in each cycle. It has a very low false alarm rate (2%) and a high detection rate as high as (98%). Future developments can trace the attack origin to eliminate or block the attack source minimizing losses before human control arrives.
This paper explains security intelligence and how corporations use it to maintain the security of information systems by analysis of malicious content. Most famous threats to corporate information systems and departments that fight... more
This paper explains security intelligence and how corporations use it to maintain the security of information systems by analysis of malicious content. Most famous threats to corporate information systems and departments that fight against these threats are explained, as well the tools for collecting data for analysis. Most common public available services for analysis are explained, and commercial brand-named tools. Dynamic and static analysis are divided and explained also, with awareness of security incident.
