Asrul Hadi Yaacob

ARIMA Based Network Anomaly Detection

An early warning system on potential attacks from networks will enable network administrators or even automated network management software to take preventive measures. This is needed as we move towards maximizing the utilization of the network with new paradigms such as Web Services and Software As A Service. This paper introduces a novel approach through using Auto-Regressive Integrated Moving Average (ARIMA) technique to detect potential attacks that may occur in the network. The solution is able to provide feedback through its predictive capabilities and hence provide an early warning system. With the affirmative results, this technique can serve beyond the detection of Denial of Service (DoS) and with sufficient development; an automated defensive solution can be achieved.

End to End Ipsec Support across Ipv4/Ipv6 Translation Gateway

The presence of IPv4/IPv6 translation gateway provides transparent routing mechanism to IPv4-only nodes and IPv6-only nodes which trying to establish communication from disparate address realms. However, the mechanism breaks TCP/IP intrinsic functionalities that results in IPSec cannot be applied in this environment. The existing solutions to address the compatibility issues between translation gateway and IPSec are either to enhance the translation gateway operation or to modify IPSec architecture especially on IKE negotiation process. By realizing the fact that most of the intermediate networking devices such as translation gateway are beyond the end nodes administration, this paper discusses the existing solutions to improve IKE negotiation in order to ensure end to end IPSec interoperability across translation gateway. Inspired by this solution, this paper proposes new IKE authentication by using Address Based Keys with certificateless signature to alleviate the limitation of traditional pre-shared keys and Public Key Infrastructure (PKI).

Performance analysis of MapReduce on OpenStack-based hadoop virtual cluster

With the emergence of big data phenomenon, MapReduce and Hadoop distributed processing infrastructure have been commonly applied for large-scale data analytics. Hadoop distributed filesystem (HDFS) usually being deployed on physical clusters. With the advent of cloud computing platform such as OpenStack, a number of works have been carried out in implementing Hadoop virtual cluster on cloud computing infrastructure. This paper presents a performance analysis of MapReduce implementations on OpenStack-based Hadoop virtual cluster. The results of the analysis show that the MapReduce implementations are performing in a scalable manner towards an increase in the size of the Hadoop virtual cluster being deployed.

Host Based Detection Approach Using Time Based Module for Fast Attack Detection Behavior

Intrusion Detection System (IDS) is an important component in a network security infrastructure. IDS need to be accurate and reliable in order to detect the intrusive behaviour of a packet that travelling through the network. With the current technological advancement attack on network infrastructure has evolve to a new level and to make IDS sensitive enough to detect the new attack, the detection framework need to be frequently updated. Both the fast attack and slow attack mechanism has become the subset of phases inside the anatomy of attack. Each of the attack mechanism has their own criteria and fast attack is the important type of attack that need to be considered as any late detection of the fast attack can cause a major bad impact to the organization. Therefore, there is a need to identify a suitable technique to detect the fast attack and based on this, this paper introduce a static threshold using statistical and observation technique for detecting the fast attack intrusion that is within one second time interval. The Threshold selected was based on the real network traffic dataset and verified using classification table on real network traffic.

IKE authentication using certificateless signature

Aiming at the problems of implementing the conventional IKE authentications such as pre-shared key and certificate-based Public Key Infrastructure (PKI), this paper proposes a new certificateless IKE authentication scheme. This scheme uses bilinear pairing to structure the framework of certificateless IKE authentication, solves the end to end IPSec security by removing the requirement of both nodes either to be manually configured with the common shared key or to exchange the certificates and the necessity to be enrolled to certain Certificate Authority (CA). Furthermore, this paper provides a set of specifications for implementing IKE authentication using certificateless signature that can be used to verify the validity of the scheme in a single trust domain infrastructure.

Virtual Machine Based Autonomous Web Server

Enterprises are turning to Internet technology to circulate information, interact with potential customers and establish an e-commerce business presence. These activities are depending highly on Web server and maintaining good server security has been a requirement for avoiding any malicious attacks especially web defacements and malware. Web server administrators should be alert and attentive to the status of the server at all time. They need to be persistent in monitoring the server in order to detect any attempted attacks. This is an advantage for a web server that is maintained by a big company that has a big budget to hire a knowledgeable web server administrator, for a new established small company it will only burden their expenses. To overcome this problem, this paper proposes a low cost system called Autonomous Web Server Administrator (AWSA) that is fully developed using open source software. AWSA combines several computing concepts such as Virtual Machine, Intrusion Detection System and Checksum. AWSA offers a Virtual Machine based Web server that has the ability to automatically detect intrusions and reconstruct corrupted data or the file system without any human intervention.

Comparative Analysis and Implementation of Certificateless Based Authentication Scheme

Certificateless Public Key Infrastructure (CL-PKI) combines the merits of the trust management in Public Key Infrastructure (PKI) and the absence of certificate management in identity-based cryptosystem. Inspired by the advantages of CL-PKI, this paper presents the implementation of certificateless based authentication scheme called CLS. To prove the functionality and practicality of CLS authentication scheme, this paper presents a comprehensive performance analysis of various security levels of CLS in terms of public key size, signature block size and the execution time spent on signing and verification operations. The results show that various security levels of the CLS have direct influence on the length of public key and more importantly, the efficiency of the scheme in terms of bandwidth usage and run time.

IPSec authentication using certificateless signature in heterogeneous IPv4/IPv6 network

This paper studies the incompatibilities issues on deploying IPSec Encapsulating Security Payload (ESP) in providing end to end security between heterogeneous IPv4 and IPv6 networks. The presence of IPv4/IPv6 translation gateway violates the TCP/UDP intrinsic functionalities due to the translation of the IP addresses in IP packets. We address these interoperability issues by modifying IKE negotiation with NAT-Traversal capability and some improvements on IPSec software. However, the implementation of the conventional IKE authentication mechanisms such as pre-shared key and Public Key Infrastructure (PKI) certificate-based requires both nodes either to be manually configured, or to exchange the certificates and the necessity to enrol to certain Certificate Authority (CA). This paper proposes a new Internet Key Exchange (IKE) authentication based on certificateless public key infrastructure in order to alleviate the limitation of the conventional IKE authentication. We also propose an efficient public and shared parameters distribution mechanism whereby the translation gateway acts as Key Generator Centre (KGC).

Network performance testing on VM based autonomous web server

As online services increasingly play vital roles in modern society, the possibilities and opportunities offered are limitless, unfortunately, so too are the risks and chances of malicious intrusions. Intrusion detection systems (IDSs) has been widely used as an important component in protecting online service towards Web attacks and evasions. Yet, todays architectures for intrusion detection force the IDS designer to make a difficult choice to place IDS, so that it can protect itself from a direct attack. To address these challenges, this paper introduces a novel framework to safeguard IDS from a direct attack. Simply called zero administrative server (ZAS), the system incorporates IDS in a virtual machine (VM) environment. VM offers strong isolation for IDS from the monitored services and provides significant resistance to malicious attacks. Moreover, this VM based WWW server has the ability to monitor the network traffic to the running services; analyse the information obtained and detect the intrusion; alienate the intruder from the services; and reconstruct the corrupted data or damaged files caused by the evasion. In this paper, we demonstrate ZAS by exposing it to several attacking tools as well as to show the effects it takes on the network performance in terms of TCP throughput and application-to-application round trip time.