Bharanidharan Shanmugam

Enabling Data Hiding for Resource Sharing in Cloud Computing Environments Based on DNA Sequences

The main target of this paper is to propose an algorithm to implement data hiding in DNA sequences to increase the confidentiality and complexity by using software point of view in cloud computing environments. By utilizing some interesting features of DNA sequences, the implementation of a data hiding is applied in cloud. The algorithm which has been proposed here is based on binary coding and complementary pair rules. Therefore, DNA reference sequence is chosen and a secret data M is hidden into it as well. As result of applying some steps, M´´´ is come out to upload to cloud environments. The process of identifying and extracting the original data M, hidden in DNA reference sequence begins once clients decide to use data. Furthermore, security issues are demonstrated to inspect the complexity of the algorithm.

A parallel technique for improving the performance of signature-based network intrusion detection system

Nowadays, organizations discover that it is essential to protect their valuable information and internal resources from unauthorized access like deploying firewall. Firewall could prevent unauthorized access, but it cannot monitor network attacks. Another network security tool such as intrusion detection system is necessary to perform network activities monitoring. With the recent trend of high-speed networks, a large volume of data should be analyzed and processed with high-speed infrastructure. To promote the performance of network intrusion detection system and reduce the processing time of the traffic, present studies on network intrusion detection system for high-speed network focus on parallel techniques as an alternative. In this paper, a kind of parallelism is proposed to improve the performance of signature based intrusion detection system. The experimental results show that by the use of two signature based network intrusion detection systems running Snort in parallel with a portion of packets and a subset of rules, and distributing the traffic between them, the processing time of the traffic will be reduced. Consequently, the performance of the system will be improved.

Hybrid Intrusion Detection Systems (HIDS) using Fuzzy Logic

The rapid growth of the computers that are interconnected, the crime rate has also increased and the ways to mitigate those crimes has become the important problem now. In the entire globe, organizations, higher learning institutions and governments are completely dependent on the computer networks which plays a major role in their daily operations. Hence the necessity for protecting those networked systems has also increased. Cyber crimes like compromised server, phishing and sabotage of privacy information has increased in the recent past. It need not be a massive intrusion, instead a single intrusion can result in loss of highly privileged and important data. Intusion behaviour can be classified based on different attack types. Smart intruders will not attack using a single attack, instead, they will perform the attack by combining few different attack types to deceive the detection system at the gateway. As a countermeasure, computational intelligence can be applied to the intrusion detection systems to realize the attacks, alert the administrator about the form and severity, and also to take any predetermined or adaptive measures dissuade the intrusion.

Botnet evolution: Network traffic indicators

In recent years, the HTTP has become dominant protocol among other protocols for the Internet services as it provides a set of rules to manage the data exchange between servers and browsers. On the other hand, this standard protocol has been widely used in the latest generation of botnets to establish their command and control channel and hide their malicious activities among normal Web traffic. Therefore, analyzing HTTP traffic has become a common method in current HTTP-based botnet detection studies. Since the HTTP botnets are a new phenomenon,they have not been fully explored yet. Therefore, in this paper we present an overview of the features and parameters that have been used in existing studies to detect HTTP botnets along with their shortcomings. We also propose a number of HTTP protocol characteristics that can be used for further botnet analysis and detection.

A Novel Proof of Work Model Based on Pattern Matching to Prevent DoS Attack

One of the most common types of denial of service attack on 802.11 based networks is resource depletion at AP side. APs meet such a problem through receiving flood probe or authentication requests which are forwarded by attackers whose aim are to make AP unavailable to legitimate users. The other most common type of DoS attack takes advantage of unprotected management frame. Malicious user sends deauthentication or disassociation frame permanently to disrupt the network. However 802.11w has introduced a new solution to protect management frames using WPA and WPA2, they are unprotected where WEP is used. This paper focuses on these two common attacks and proposes a solution based on letter envelop protocol and proof-of-work protocol which forces the users to solve a puzzle before completing the association process with AP. The proposed scheme is also resistant against spoofed puzzle solutions attack.

Classification of Third-Party Applications on Facebook to Mitigate Users’ Information Leakage

Facebook is significant platform for third-party developers to run written applications in order to provide users extra functionality and services. Third-party applications (TPAs) access to user’s profile and exchange their information. In doing so, this may lead to information leakage and privacy risks. Although Facebook has control over third-party applications, it still lacks control in the existing mechanisms. The aim of this paper is to investigate how to hinder TPAs from accessing user’s private information while still sustaining the functionality of the applications. To address privacy and functionality simultaneously, this study suggests a classification framework providing mechanism in controlling TPAs access to the users’ data residing on Facebook. The improved framework allows TPAs to utilize some of users’ data according to their classification authority to mitigate users’ information leakage.

Analysis of Applying Enterprise Service Bus Architecture as a Cloud Interoperability and Resource Sharing Platform

Interoperability is one of the main elements affecting the adoption of a technology by businesses.Interoperability in the Cloud is crucial in the sense that it can guaranty inter-cloud communications between heterogeneous platforms. This paper identifies different aspect of interoperability in the Cloud. Moreover, it discusses Distributed Infrastructure architecture as a base for Enterprise Service Bus (ESB) model. The authors split ESB into different layers to increase the flexibility of the framework. This paper extends the concept of ESB to build a Cloud service model that facilitates secure interactions between different Cloud platforms. The proposed architecture is to use service repository and registry mechanisms to enhance flexibility and portability of the model.

Enhancement of network access control architecture with virtualization

The demand for protecting the enterprise network infrastructure from network security threats has shown an increase in recent years. Therefore, a security enforcement mechanism for the network is required to protect the network against the threats especially from internal. Generally, staffs and visitors that use their computer everywhere could bring a threat as it escape from the protective measures imposed by an organization. Therefore, it is necessary to secure enterprise network from being compromised by using endpoint security solution. Network Access Control (NAC) is capable to provide solution for determining the integrity of endpoints which serve as a basis for trustworthy communication. However, literature review reveals several types of NAC architecture that have been implemented by solution providers such as CISCO NAC and Microsoft NAP employs proprietary standard and the deployment method used is not comprehensive. In addition, previous architecture only complies with one of the NAC characteristic such as in-band or out-band, managed or unmanaged LAN, agent or agentless, pre-admission or postadmission and limited OS support. Hence, this study will focus on reviewing all those NAC architecture as a baseline to produce an enhanced NAC architecture which can cater for all NAC characteristics. The results shows that proposed NAC architecture which is combination of all the NAC characteristics can effectively control the network access by endpoint device. This proposed NAC architecture maybe useful as a basis for reference not only for researchers in this field but also for network administrator. It is necessary to review the NAC architecture from time to time to ensure that the security is remain intact.

Enhancement and Implementation of Network Access Control Architecture for Virtualization Environments

The demand for protecting the enterprise network infrastructure from network security threats has shown an increase in recent years. Therefore, a security enforcement mechanism for the network is required to protect the network against the threats especially from internal. Generally, staffs and visitors that use their computer everywhere could bring a threat as it escape from the protective measures imposed by an organization. Therefore, it is necessary to secure enterprise network from being compromised by using endpoint security solution. Network Access Control (NAC) is capable to provide solution for determining the integrity of endpoints which serve as a basis for trustworthy communication. However, literature review reveals several types of NAC architecture that have been implemented by solution providers such as CISCO NAC and Microsoft NAP employs proprietary standard and the deployment method used is not comprehensive. In addition, previous architecture only complies with one of the NAC characteristic such as in-band or out-band, managed or unmanaged LAN, agent or agentless, pre-admission or postadmission and limited OS support. Hence, this study will focus on reviewing all those NAC architecture as a baseline to produce an enhanced NAC architecture which can cater for all NAC characteristics. The results shows that proposed NAC architecture which is combination of all the NAC characteristics can effectively control the network access by endpoint device. This proposed NAC architecture maybe useful as a basis for reference not only for researchers in this field but also for network administrator. It is necessary to review the NAC architecture from time to time to ensure that the security is remain intact.

Data Anonymization According to the Combination of Attributes on Social Network Sites

The popularity of social network sites has increased extremely during the previous years. Social network sites provide an intimacy interactive platform on the Internet for exchanging information among users. Users may disclose their ideas, comments, pictures or videos, secrets about their business or other private information that may be used by inappropriate user to threaten users’ future decisions or positions. Thus, the goal of this paper is to explain how users’ data can be anonymized to mitigate privacy concerns through information dissemination. The results depicts that although anonymization of data cannot protect the privacy of data completely, it can reduce the possibility of re-identification.