Casimer DeCusatis

Predicting network attack patterns in SDN using machine learning approach

An experimental setup of 32 honeypots reported 17M login attempts originating from 112 different countries and over 6000 distinct source IP addresses. Due to decoupled control and data plane, Software Defined Networks (SDN) can handle these increasing number of attacks by blocking those network connections at the switch level. However, the challenge lies in defining the set of rules on the SDN controller to block malicious network connections. Historical network attack data can be used to automatically identify and block the malicious connections. There are a few existing open-source software tools to monitor and limit the number of login attempts per source IP address one-by-one. However, these solutions cannot efficiently act against a chain of attacks that comprises multiple IP addresses used by each attacker. In this paper, we propose using machine learning algorithms, trained on historical network attack data, to identify the potential malicious connections and potential attack destinations. We use four widely-known machine learning algorithms: C4.5, Bayesian Network (BayesNet), Decision Table (DT), and Naive-Bayes to predict the host that will be attacked based on the historical data. Experimental results show that average prediction accuracy of 91.68% is attained using Bayesian Networks.

Implementing Zero Trust Cloud Networks with Transport Access Control and First Packet Authentication

Cyberinfrastructure is undergoing a radical transformation as traditional enterprise and telecommunication data centers are replaced by cloud computing environments hosting dynamic, mobile workloads. Traditional data center security best practices involving network segmentation are not well suited to these new environments. We discuss a novel network architecture which enables an explicit zero trust approach, based on a steganographic overlay which embeds authentication tokens in the TCP packet request, and first-packet authentication. Experimental demonstration of this approach is provided in both an enterprise-class server and cloud computing data center environment.

Virtual Firewall Performance as a Waypoint on a Software Defined Overlay Network

Cloud computing environments face many unique security challenges. Location-based firewalls with static policies require long provisioning times relative to other cloud data center components, and are not well suited to dynamic, virtualized workloads. In this paper, we discuss the use of virtual firewalls facilitated by software defined network overlays with forwarding graphs. Experimental results and performance measurements will be presented using a variety of workloads running over a virtual firewall deployment with an industry standard virtual overlay network.

Advanced Intrusion Prevention for Geographically Dispersed Higher Education Cloud Networks

We present the design and implementation of a novel cybersecurity architecture for a Linux community public cloud supporting education and research. The approach combines first packet authentication and transport layer access control gateways to block fingerprinting of key network resources. Experimental results are presented for two interconnected data centers in New York. We show that this approach can block denial of service attacks and network scanners, and provide geolocation attribution based on a syslog classifier.

A Service Industry Perspective on Software Defined Radio Access Networks

Despite the rapid growth of service science, relatively little attention has been paid to the service architecture requirements in software defined radio access networks (SDRAN). In this concept paper, we propose to repurpose cloud computing network services to address issues specific to SDRAN. In particular, a multi-level backhaul slicing approach derived from cloud computing networks is discussed as a way to mitigate interference limited networks with a frequency reuse factor of one. Experimental demonstration of the control plane implementation in a virtual cloud network is presented, and implications on service provider development and training are also discussed.

Automated Wireless Network Penetration Testing Using Wifite and Reaver

Wireless access points are susceptible to many types of cybersecurity attacks. In particular, by attacking the Wi-FI Protected Setup (WPS) passcode using a brute force dictionary attack, it is possible to circumvent the use of password-based network encryption and gain access to the wireless network content. In this tutorial paper, we investigate penetration testing of wireless networks using open source tools which have been automated in Kali Linux, including Wifite and Reaver. Traffic on wireless networks which have been compromised in this manner are further analyzed using the Wireshark network protocol analyzer.

A service industry perspective on software defined radio access networks

Despite the rapid growth of service science, relatively little attention has been paid to the service architecture requirements in software defined radio access networks (SDRAN). In this concept pa...

Zero Trust Cloud Networks using Transport Access Control and High Availability Optical Bypass Switching

A R T I C L E I N F O A B S T R A C T Article history: Received: 02 March, 2017 Accepted: 25 March, 2017 Online: 04 April, 2017 Cyberinfrastructure is undergoing a radical transformation as traditional enterprise and cloud computing environments hosting dynamic, mobile workloads replace telecommunication data centers. Traditional data center security best practices involving network segmentation are not well suited to these new environments. We discuss a novel network architecture, which enables an explicit zero trust approach, based on a steganographic overlay, which embeds authentication tokens in the TCP packet request, and first-packet authentication. Experimental demonstration of this approach is provided in both an enterprise-class server and cloud computing data center environment.

Wireless Network Penetration Testing using Kali Linux on BeagleBone Black

The development of powerful, low cost mobile compute platforms has enabled a host of new penetration testing applications. We investigate the Kali Linux operating system and its embedded security tools, hosted on the BeagleBone Black (BBB) hardware platform. This combination creates a powerful, portable ethical hacking tool. Specific tools offered by Kali Linux such as Ettercap-Graphical, Wireshark, Aircrack-ng, and ARP poison are used to perform in-depth, practical penetration testing. Experimental results include a demonstration of how Kali Linux on the BBB can be used to perpetuate a denial of service attack by de-authenticating wireless access from another host. Further, we demonstrate the collection of valuable data including user IDs, usernames, and passwords obtained from a reconnaissance attack. Keywords-Aircrack-ng, Beagle Bone Black (BBB), EttercapGraphical, Kali Linux, Wireshark, Vertical Scanning, Horizontal

Methodology for an Open Digital Forensics Model Based on CAINE

With the widespread adoption of public and private cloud computing environments, in addition to traditional enterprise-class data centers, cybersecurity has become increasingly important. In particular, forensic analysis of digital evidence has received increased attention. We investigate a relatively new suite of cyber-forensic tools in the open source CAINE Linux distribution. We propose how tools such as Guymager, Autopsy, Fred, and Photorec can be applied as part of a four tier forensic architecture. Experimental results are provided which demonstrate the application of these tools in a practical investigation.