Computer networks--Security measures

Wireless sensor networks or WSNs continually become more common in todays world. They
are able to give us a constant view into the world as they gather information and make this information
more readily available. The infonnation these networks gather and contain is valuable and protecting
it is of great importance. Today more and more devices are becoming wireless and mobile. This
is allowing for very diverse networks to be created and they are constantly changing. Nodes in
these networks are either moving to different positions or going offi ine which constantly changes the
overall layout of the network. With this increasing connectivity of today's devices this opens the
door for possibility for these types of networks to become targets by malicious objects designed to
bring harm to the network. Many unre liable networks already face many problems such as having
to optimize battety life and being deployed in areas where they can be damaged. A malicious object
in this type of network has the power to destroy data and deplete the networks limited resources
such as bandwidth and power. Removal of these malicious objects can also have a negative effect
on these limited resources. We must find a way to remove these malicious objects in a way that
minimizes loss to the network. In this paper we will look at the information survival threshold of these types of networks. Certain controllable parameters exist that directly impact the survival rate
of all data in the network. We will combine this with the addition our own self-replicating objects to
the network designed to neutralize their malicious counterparts. We will examine these information
survival threshold parameters along with specific parameters available to the network. We shall see
how these parameters affect overall survival of data in the network and their impact on our own good
data.

Ordinal classification refers to an important category of real world problems,
in which the attributes of the instances to be classified and the classes are
linearly ordered. Many applications of machine learning frequently involve
situations exhibiting an order among the different categories represented by
the class attribute. In ordinal classification the class value is converted into a
numeric quantity and regression algorithms are applied to the transformed
data. The data is later translated back into a discrete class value in a postprocessing
step. This thesis is devoted to an empirical study of ordinal and
non-ordinal classification algorithms for intrusion detection in WLANs. We
used ordinal classification in conjunction with nine classifiers for the
experiments in this thesis. All classifiers are parts of the WEKA machinelearning
workbench. The results indicate that most of the classifiers give
similar or better results with ordinal classification compared to non-ordinal
classification.

Intrusion Detection Systems (IDS) are security tools which monitor systems and networks for malicious activity. In saturated network links the amount of data present for analysis can overwhelm them, resulting in potentially undetected attacks. Many of these network links contain significant amounts of multimedia traffic which may seem to contribute to the problem, however our work suggests otherwise. This thesis proposes a novel method to classify and analyze multimedia traffic in an effort to maximize the efficiency of IDS. By embedding multimedia-specific knowledge into IDS, trusted multimedia contents can be identified and allowed to bypass the detection engine, thereby allowing IDS to focus its limited resources on other traffic. The proposed framework also enables IDS to detect multimedia-specific exploits which would otherwise pass under the radar. Results of our experiments confirm our claims and show substantial CPU savings in both streaming and non-streaming scenarios.

In a mobile ad hoc network, node cooperation in packet forwarding is required for the network to function properly. However, since nodes in this network usually have limited resources, some selfish nodes might intend not to forward packets to save resources for their own use. To discourage such behavior, we propose RMS, a reputation-based system, to detect selfish nodes and respond to them by showing that being cooperative will benefit there more than being selfish. We also detect, to some degree, nodes who forward only the necessary amount of packets to avoid being detected as selfish. We introduce the use of a state model to decide what we should do or respond to nodes in each state. In addition, we introduce the use of a timing period to control when the reputation should be updated and to use as a timeout for each state. The simulation results show that RMS can identify selfish nodes and punish them accordingly, which provide selfish nodes with an incentive to behave more cooperatively.

The fuzzy vault scheme introduced by Juels and Sudan [Jue02] was implemented in a fingerprint cryptography system using COTS software. This system proved to be unsuccessful. Failure analysis led to a series of simulations to investigate the parameters and system thresholds necessary for such a system to perform adequately and as guidance for constructing similar systems in the future. First, a discussion of the role of biometrics in data security and cryptography is presented, followed by a review of the key developments leading to the development of the fuzzy vault scheme. The relevant mathematics and algorithms are briefly explained. This is followed by a detailed description of the implementation and simulation of the fuzzy vault scheme. Finally, conclusions drawn from analysis of the results of this research are presented.

Current multicore processors attempt to optimize consumer experience via task partitioning and concurrent execution of these (sub)tasks on the cores. Conversion of sequential code to parallel and concurrent code is neither easy, nor feasible with current methodologies. We have developed a mapping process that synergistically uses top-down and bottom-up methodologies. This process is amenable to automation. We use bottom-up analysis to determine decomposability and estimate computation and communication metrics. The outcome is a set of proposals for software decomposition. We then build abstract concurrent models that map these decomposed (abstract) software modules onto candidate multicore architectures; this resolves concurrency issues. We then perform a system level simulation to estimate concurrency gain and/or cost, and QOS (Qualify-of-Service) metrics. Different architectural combinations yield different QOS metrics; the requisite system architecture may then be chosen. We applied this 'middle-out' methodology to optimally map a digital camera application onto a processor with four cores.

At the turn of the new millennium, the focus of Information Technology Management turned to Information and Systems Security, as opposed to competitive advantage investment. In catering to the security needs of various firms and institutions, it is seen that different entities require varying Information Security configurations. This thesis attempts to utilize Risk Analysis, a commonly used procedure in business realms, to formulate customized Firewalls based on the specific needs of a network, subsequently building an effective system following the "Defense in Depth" strategy. This is done by first choosing an efficient Risk Analysis model which suits the process of creating Firewall policies, and then applying it to a particular case study. A network within Florida Atlantic University is used as an experimental test case, and by analyzing the traffic to which it is subject while behind a single Firewall layer, a specific Security Policy is arrived at and implemented.

The security of wireless networks has gained considerable importance due to the rapid proliferation of wireless communications. While computer network heuristics and rules are being used to control and monitor the security of Wireless Local Area Networks (WLANs), mining and learning behaviors of network users can provide a deeper level of security analysis. The objective and contribution of this thesis is three fold: exploring the security vulnerabilities of the IEEE 802.11 standard for wireless networks; extracting features or metrics, from a security point of view, for modeling network traffic in a WLAN; and proposing a data mining-based approach to intrusion detection in WLANs. A clustering- and expert-based approach to intrusion detection in a wireless network is presented in this thesis. The case study data is obtained from a real-word WLAN and contains over one million records. Given the clusters of network traffic records, a distance-based heuristic measure is proposed for labeling clusters as either normal or intrusive. The empirical results demonstrate the promise of the proposed approach, laying the groundwork for a clustering-based framework for intrusion detection in computer networks.

Increasing aggressions through cyber terrorism pose a constant threat to information security in our day to day life. Implementing effective intrusion detection systems (IDSs) is an essential task due to the great dependence on networked computers for the operational control of various infrastructures. Building effective IDSs, unfortunately, has remained an elusive goal owing to the great technical challenges involved, and applied data mining techniques are increasingly being utilized in attempts to overcome the difficulties. This thesis presents a comparative study of the traditional "direct" approaches with the recently explored "indirect" approaches of classification which use class binarization and combiner techniques for intrusion detection. We evaluate and compare the performance of IDSs based on various data mining algorithms, in the context of a well known network intrusion evaluation data set. It is empirically shown that data mining algorithms when applied using the indirect classification approach yield better intrusion detection models.

We discuss a set of indirect combining techniques for addressing multi-category classification problems that have been used in many domains, but not for intrusion detection systems. In contrast to the indirect combining techniques, direct techniques generally extend associated binary classifiers to handle multi-category classification problems. An indirect combining technique decomposes the original multi-category problem into, based on some criteria, multiple binary-category problems. We investigated two different approaches for building the binary classifiers. The results of the binary classifiers are then merged using a combining technique---three different combining techniques were studied. We implement some of the indirect combining techniques proposed in recent literature, and apply them to a case study of the DARPA KDD-1999 network intrusion detection project. The results demonstrate the usefulness of using indirect combining techniques for the multi-category classification problem of intrusion detection systems.