Ahmed M. Manasrah

False positive reduction in intrusion detection system: A survey

Since the first intrusion detection system and up to this moment all IDSs had generated thousands and thousands of alerts and most of these alerts are false alerts, which lead the researchers to develop an idea to reduce the rate of the alerts or at least the false alerts of them. One of the ideas was to create correlation methods which cover the problem of dealing with the huge amount of both real alerts as well as false alerts. The techniques used in this area plan to help the analyst party to analyze these alerts to distinguish between alerts generated by real attacks and legal traffic. This paper will highlight the false positive reduction techniques surrounding this area.

Delta-Multiplexing: A Novel Technique to Improve VoIP Bandwidth Utilization between VoIP Gateways

Gradually, Voice over Internet Protocol (VoIP) has been dominating the telecommunications world. Unfortunately, its applications are injecting a huge number of small packets in the network, which produces high overhead and therefore wastes network bandwidth. This paper proposed the use of a novel multiplexing technique, Delta-Multiplexing, to save the wasted bandwidth. In the Delta-Multiplexing technique, the VoIP packets destined to the same destination gateway are aggregated in a single UDP/IP header, therefore reducing the header overhead and saving network bandwidth. Moreover, the Delta-Multiplexing technique reduces the size of the packets payload by transmitting the difference between the consecutive packets payloads. Accordingly, the Delta-Multiplexing technique greatly saves bandwidth. We have simulated the Delta-Multiplexing technique using a 14-byte LPC codec. The result showed that Delta-Multiplexing is capable of saving between 68% and 72% as compared to conventional techniques (without multiplexing). Moreover, the Delta-Multiplexing technique reduces the number of VoIP packets running over the network, therefore reducing network traffic, overload, and congestion, thus improving the overall network performance.

A behavior based algorithm to detect Spam bots

One of the main and serious threats on the Internet is Spam. Spam refers to the abuse of electronic messaging system by sending unrequested bulk messages randomly. Botnets are considered one of the main contributors to the sources of spam. Botnet refers to a group of software called bots. The function of these bots is to run on several compromised computers autonomously and automatically. Spamming causes illegal consuming of network resources in general and mail system in particular. The objective of this research is to detect the source of spam on the network by detecting the abnormal behaviors that reflect spamming activities. Behavioral-based Spam Detector (BSD) combines several behaviors of the spam bots at different stages including the behavior of spam preparation before the spam session when the spammers search for an open relay SMTP service to send e-mails through, and the behavior of spammers while connecting to the mail server. The proposed method monitors the network traffic for group malicious activities. The relationship between the host behaviors that trigger suspicion is used to find out if there are any Spam bots or Botnet members within the network. Detecting the abnormal behavior produced by the spam activities gives a high rate of suspicion on the existence of bots.

Forthcoming Aggregating Intrusion Detection System Alerts Framework

We provide a new efficient method to evaluate spectral efficiencies from wireless channel soundings. Measurements are done in a limited cellular network using 3 sites with an ISD of 750 m. Each site has 3 sectors and is equipped with cross-polarized panel antennas. In the preprocessing phase, we take advantage of the high number of elements at the measurement array to compute a virtual cross polarized 2×2 setup with omnidirectional coverage at the receiver. We then apply findings from the mid 1990s to denoise the data by an adaptive thresholding method. This approach gains roughly 10 dB of SNR and enables us to evaluate capacities also for well shaded locations with a high path loss. At a fixed evaluation SNR of 10 dB, our setup achieves 5.7 bps/Hz which compares well to earlier findings from Manhattan. Exploiting both effects, the received power and the structure of the MIMO channel, best server capacities are calculated to 15 bps/Hz while the corresponding SISO setup only achieves 7.6 bps/Hz.Intrusion Detection Systems (IDS) are one of the powerful systems used to secure the computer environments. These systems trigger thousands of alerts per day and become a headache issue to the analyst, because they need to analyze the severity of the alerts and other fields, such as the IP addresses. This paper Investigates the most popular aggregation methods, which deals with IDS alerts. In addition, we propose Threshold Aggregation Framework (TAF) to handle IDS alerts. TAF is based on time as a main component to aggregate the alerts while TAF support aggregating alerts without threshold by setting the threshold value to 0.

An Investigation Towards Worms Detection Approaches over Network

Nowadays, worms and other outside threats in the network recognized to be a serious and unexpected behavior. The main issue was addressed based on the behavioral patterns of worms that reflect application communications typical of worms. This representation of worms behavior differs from those used in contemporary enterprise postures, which reliance on a particular type of signature-based intrusion detection and the behavioral detection approach contrasts from this form of signature-based detection. Thus, this paper introduced the traditional worms detection approaches. Meanwhile, the paper suggested a worm detection approach based on worm behaviors that consist on network scanning detection approach, network worms correlation approach, and signature correlation approach.

Active E-mail system protocols monitoring algorithm

E-mail systems are some of the most admired Internet-based applications today. They enable users to send and receive E-mail messages between each other both from inside and outside the local area network. The Simple Mail Transfer Protocol (SMTP) is a transportation protocol used to transfer Email messages over the Internet. When the E-mail server sends Email messages among each other or from the clients to the E-mail server, they are also used SMTP protocol. Post Office Protocol (POP3) or Internet Message Access Protocol (IMAP4) are E-mail retrieval protocols used to retrieve the E-mail messages from the server to the client. These E-mail messages are sent to it using the SMTP protocol. In this paper, the SMTP, POP3, and IMAP4 Email system protocols are briefly explained. New Active monitoring algorithm architecture is also proposed, to improve the functions of the current E-mail system protocols and to detect E-mail protocol failures during the process of sending and retrieval of E-mail messages.

iNet-Grid: A real-time Grid monitoring and troubleshooting system

The purpose of Grid monitoring and management is to monitor services in Grid environment for fault detection, performance analysis, performance tuning, load balancing and scheduling. This paper emphasis on presenting a new framework namely iNet-Grid deployed for Grid monitoring and troubleshooting purposes. The iNet-Grid is integrated on top of Ganglia. iNet-Grid has been tested and successfully accomplished on USM network with the preliminary results have shown the positive outcomes.