E-Book, Englisch, 296 Seiten
Blyth EC2ND 2005
1. Auflage 2007
ISBN: 978-1-84628-352-9
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
Proceedings of the First European Conference on Computer Network Defence
E-Book, Englisch, 296 Seiten
ISBN: 978-1-84628-352-9
Verlag: Springer
Format: PDF
Kopierschutz: 1 - PDF Watermark
This is the proceedings of the First European Conference on Computer Network Defence which took place in December 2005 at the University of Glamorgan in the UK. Contributions are drawn from participants in a number of national and international organisations. A few of the topics covered are Computer Network Operations; Computer Network Attacks; Network Application Security; Web Security; Vulnerability Management and Tracking; Wireless and Mobile Security and more.
Autoren/Hrsg.
Weitere Infos & Material
1;Table of Contents;7
2;SECTION I: Network Defence;10
2.1;Network Penetration Testing;11
2.1.1;1 Introduction;11
2.1.2;2 Overview of Network Penetration Testing;12
2.1.3;3 Summary of Vulnerabilities;12
2.1.4;4 Commonly Used Tools;14
2.1.5;5 Recent Developments and Future Trends;17
2.1.6;6 Conclusions and Further Research;19
2.2;A Taxonomy of Criteria for Evaluating Defence Mechanisms against Flooding DoS Attacks;21
2.2.1;1 Introduction;21
2.2.2;2 Taxonomy of Evaluation Criteria;22
2.2.3;3 Related Work;28
2.2.4;4 Conclusion;28
2.3;Spam Honey Pot Research;31
2.3.1;1 Introduction;31
2.3.2;2 Spam Definition;32
2.3.3;3 Technical Background;32
2.3.4;4 Analysis;34
2.3.5;5 Conclusions and Further Research;40
2.4;Privacy Protection Mechanism in Grid Computing Environment*;41
2.4.1;1 Introduction;41
2.4.2;2 Certificate format and mutual authentication;42
2.4.3;3 New solutions for privacy protection in grid;44
2.4.4;4 Conclusions;46
2.5;Flow Label Filtering Feasibility;48
2.5.1;1 Introduction;48
2.5.2;2 Examining the Flow Label for consistency;49
2.5.3;3 Fixing FreeBSD's SYN Cookie and SYN Cache Implementation;51
2.5.4;4 Using the Flow Label for Stateful Filtering;53
2.5.5;5 Conclusion;55
2.6;The Representation and use of Relation Information for the Detection of Threats by Security Information Management Systems;57
2.6.1;1 Introduction;57
2.6.2;2 Motivation and Related Work;58
2.6.3;3 Background;59
2.6.4;4 Experiment and Result Analysis;64
2.6.5;5 Summary;65
2.7;Intelligent real-time reactive Network Management;67
2.7.1;1 Introduction;67
2.7.2;2 The Proposed Construction;68
2.7.3;3 Prototype Implementation;72
2.7.4;4 Discussions and Analysis;76
2.7.5;6 Conclusions;78
2.8;Security in Passive Optical Network via Wavelength Hopping and Codes cycling techniques;79
2.8.1;1. Introduction;79
2.8.2;2. PON and Enabling Technologies;80
2.8.3;3. PON Security Enhancement;82
2.8.4;4. Assessment of Security Enhancement in PON;85
2.8.5;5. Conclusion Remarks and recommendations;87
2.9;A Model of Deploying Deception in a Computer Network Operations (CNO) Environment;89
2.9.1;1 Introduction;89
2.9.2;2 A Review of Concepts and Terminology;90
2.9.3;3 The Role of Deception in Computer Networks;93
2.9.4;4 Existing Research & Future Work;94
2.9.5;5 Conclusions;98
3;SECTION II" Wireless & Ad Hoc Network Security;100
3.1;Taxonomy of Attacks on Wireless Sensor Networks;101
3.1.1;1 Introduction;101
3.1.2;2 Background;102
3.1.3;3 Taxonomy of Attacks on Sensor Networks;103
3.1.4;4 Criteria of the Proposed Taxonomy;108
3.1.5;5 Conclusions;108
3.2;A Lightweight Identity Authentication Mechanism for Self-Organizing Wireless Sensor Networks;110
3.2.1;1 Introduction;110
3.2.2;2 Security-Related Properties in WSNs;111
3.2.3;3 Proposed Mechanism;112
3.2.4;4 Statistical method and Simulation;114
3.2.5;5 Conclusion;117
3.3;Modelling the Spread of Computer Worms in Vehicular Ad Hoc Networks;118
3.3.1;1 Introduction;118
3.3.2;2 System Models;119
3.3.3;3 Simulation studies;122
3.3.4;4 Conclusions;125
3.4;WILY ATTACKERS SEEK WIRELESS NETWORKS IN PERTH, WESTERN AUSTRALIA FOR EASY TARGETS;128
3.4.1;I. Introduction;128
3.4.2;2. Method;129
3.4.3;3. Results of Broadcasting Beyond the Corporate Environment;130
3.4.4;4. Results of Hiding the Network Presence in the Airwaves;134
3.4.5;5. Conclusion;137
4;SECTION III: Network Protocol Analysis & Cryptographic Applications;140
4.1;Attack on Undeniable Partially Blind Signatures;141
4.1.1;1 Introduction;141
4.1.2;2 Review on Undeniable partially blind signatures;143
4.1.3;3 Attack on Undeniable Partially Blind Signatures;145
4.1.4;4 Conclusion;146
4.2;EVOLUTIONARY APPROACH IN THE SECURITY PROTOCOLS DESIGN;149
4.2.1;I Introduction;149
4.2.2;2 Security protocol;150
4.2.3;3 Protocol example;152
4.2.4;4 Evolutionary approach;154
4.2.5;5 Automatic protocol design;155
4.2.6;6 Automated tool;156
4.2.7;7 Conclusions and future work;157
4.3;Improvement of Adaptive Threshold RSA;159
4.3.1;1 Introduction;159
4.3.2;2 System Model and Security Requirements;161
4.3.3;3 Adaptive Threshold RSA Signature;162
4.3.4;4 Efficiency Analysis;164
4.3.5;5 Security Proofs;164
4.3.6;6 Conclusion;165
5;SECTION IV: Intrusion Detection & Prevention;167
5.1;A LOG-BASED MINING SYSTEM FOR NETWORK NODE CORRELATION;168
5.1.1;1. Introduction;168
5.1.2;2. Definition and Classification of NNC;170
5.1.3;3. Mining System;171
5.1.4;4. An Example;175
5.1.5;5. Conclusions;176
5.1.6;6. Acknowledgement;177
5.2;EXPLORING VULNERABILITIES OF AGENT-BASED IDS: THE NEED FOR AGENT SELF-DEFENCE;178
5.2.1;1. Introduction;178
5.2.2;2. Security Issues of Agent-based IDS;180
5.2.3;3. Mobile Agent Control and Defence;182
5.2.4;4. Conclusions;185
5.2.5;5. References;185
5.3;Detecting and Classifying Attacks in Computer Networks Using Feed-Forward and Elman Neural Networks;187
5.3.1;1 Introduction;187
5.3.2;2 Intrusion Detection Techniques;188
5.3.3;3 Description of HTTP protocol;189
5.3.4;4 Feed-forward and Elman neural networks;189
5.3.5;5 Detection of Attacks based on Neural Networks;192
5.3.6;6 Performance Evaluation;194
5.3.7;6 Performance Evaluation;194
5.3.8;7 Conclusions;195
5.4;DATA AUTHENTICATION AND TRUST WITHIN DISTRIBUTED INTRUSION DETECTION SYSTEM INTER-COMPONENT COMMUNICATIONS;197
5.4.1;1. Introduction;197
5.4.2;2. Related Work;199
5.4.3;3. Authentication and Trust in DIDS;200
5.4.4;4. Case Study and Results;202
5.4.5;5. Conclusions and Further Work;205
5.5;Design and Implementation of a Fast String Matcher Utilizing Content Addressable Memory;207
5.5.1;I. Introduction;207
5.5.2;2. Intrusion Detection Systems (IDS);208
5.5.3;3. String matcher using CAM;208
5.5.4;4. Results and comparisons;213
5.5.5;5. Conclusion;216
5.5.6;6. References;216
5.6;Zero hour outbreak prevention using distributed traffic anomaly detection;218
5.6.1;1 Introduction;218
5.6.2;2 How Worms Reveal Themselves;219
5.6.3;3 Detecting the Traffic Anomaly;220
5.6.4;4 Other uses;223
5.6.5;5 Simulations;225
5.6.6;6 Summary;227
5.7;Mediating Hosts' Malicious Character;228
5.7.1;1 Introduction;228
5.7.2;2 Mobile oo-action based Systems;229
5.7.3;3 Enriched Mobile object-based systems;230
5.7.4;4 Parallel execution Protocol;233
5.7.5;5 Conclusion;237
5.8;Masquerade Detection by Using Activity Patterns;239
5.8.1;1 Introduction;239
5.8.2;2 Proposed work;241
5.8.3;3 Simulation model;245
5.8.4;4 Results;246
5.8.5;5 Conclusion;248
6;SECTION V: Software for Security in Networked Environments;249
6.1;A Flexible, Open Source Software Architecture for Network-Based Forensic Computing & Intelligence Gathering;250
6.1.1;1. Introduction;250
6.1.2;2. Current Technology;251
6.1.3;3. The Analysis Performed by the Tool;252
6.1.4;4. Evaluation & Results;256
6.1.5;5. Summary and Conclusions;258
6.1.6;6. Future Work;259
6.2;Protecting Distributed Object Applications from Corruption of Class Bytecodes on Client Side*;260
6.2.1;1 Introduction;260
6.2.2;2 Threats to the RMI Server in a Distributed Object Application;262
6.2.3;3 Related Work;266
6.2.4;4 Conclusion;267
6.3;Modeling and Construction of Web Services Security;270
6.3.1;1 Introduction;270
6.3.2;2 Web Service, Security and Modeling;271
6.3.3;3 Modeling Secure Messages;272
6.3.4;4 Secure Communication;273
6.3.5;5. Security Policy;276
6.3.6;6. Modeling Secure Service Federation;277
6.3.7;7. Conclusion and Further Work;279
6.3.8;8. References;279
6.4;Normalising Events into Incidents Using Unified Intrusion Detection- Related Data;280
6.4.1;1. Introduction;280
6.4.2;2. Unifying Intrusion Detection Events;282
6.4.3;3. Normalising Events into Incidents;284
6.4.4;4. Specifying the Incident Database schema;289
6.4.5;5. Conclusions;291
