Elankayer Sithirasenan

Flow-Based Anomaly Detection Using Neural Network Optimized with GSA Algorithm

Reliable high-speed networks are essential to provide quality services to ever growing Internet applications. A Network Intrusion Detection System (NIDS) is an important tool to protect computer networks from attacks. Traditional packet-based NIDSs are time-intensive as they analyze all network packets. A state-of-the-art NIDS should be able to handle a high volume of traffic in real time. Flow-based intrusion detection is an effective method for high speed networks since it inspects only packet headers. The existence of new attacks in the future is another challenge for intrusion detection. Anomaly-based intrusion detection is a well-known method capable of detecting unknown attacks. In this paper, we propose a flow-based anomaly detection system. Artificial Neural Network (ANN) is an important approach for anomaly detection. We used a Multi-Layer Perceptron (MLP) neural network with one hidden layer. We investigate the use of a Gravitational Search Algorithm (GSA) in optimizing interconnection weights of a MLP network. Our proposed GSA-based flow anomaly detection system (GFADS) is trained with a flow-based data set. The trained system can classify benign and malicious flows with 99.43% accuracy. We compare the performance of GSA with traditional gradient descent training algorithms and a particle swarm optimization (PSO) algorithm. The results show that GFADS is effective in flow-based anomaly detection. Finally, we propose a four-feature subset as the optimal set of features.

Trust-Based Cluster Head Selection Algorithm for Mobile Ad Hoc Networks

Mobile Ad hoc Networks (MANETs) consist of a large number of relatively low-powered mobile nodes communicating in a network using radio signals. Clustering is one of the techniques used to manage data exchange amongst interacting nodes. Each group of nodes has one or more elected Cluster head(s), where all Cluster heads are interconnected for forming a communication backbone to transmit data. Moreover, Cluster heads should be capable of sustaining communication with limited energy sources for longer period of time. Misbehaving nodes and cluster heads can drain energy rapidly and reduce the total life span of the network. In this context, selection of best cluster heads with trusted information becomes critical for the overall performance. In this paper, we propose Cluster head(s) selection algorithm based on an efficient trust model. This algorithm aims to elect trustworthy stable cluster head(s) that can provide secure communication via cooperative nodes. Simulations were conducted to evaluate trusted Cluster head(s) in terms of clusters stability, longevity and throughput.

Formal verification of the IEEE 802.11i WLAN security protocol

With the increased usage of wireless LANs (WLANs), businesses and educational institutions are becoming more concerned about wireless network security. The latest WLAN security protocol, the IEEE 802.11i assures rigid security for wireless networks with the support of IEEE 802.1X protocol for authentication, authorization and key distribution. In this study we investigate the integrity of the security model developed by us based on 802.11i robust security mechanism (RSN), strengthening our desire towards establishing a secure wireless network environment. We have used the symbolic analysis laboratory (SAL) tools to formally verify the behavior tree models. This paper presents the several linear temporal logic (LTL) formulas established to prove the credibility of our model. We also discuss probable software issues that could arise during implementation. By examining all possible execution traces of the security protocol we have proved our implementation model to be complete and consistent.

A survey on data leakage prevention systems

Protection of confidential data from being leaked to the public is a growing concern among organisations and individuals. Traditionally, confidentiality of data has been preserved using security procedures such as information security policies along with conventional security mechanisms such as firewalls, virtual private networks and intrusion detection systems. Unfortunately, these mechanisms lack pro-activeness and dedication towards protecting confidential data, and in most cases, they require predefined rules by which protection actions are taken. This can result in serious consequences, as confidential data can appear in different forms in different leaking channels. Therefore, there has been an urge to mitigate these drawbacks using more efficient mechanisms. Recently, data leakage prevention systems (DLPSs) have been introduced as dedicated mechanisms to detect and prevent the leakage of confidential data in use, in transit and at rest. DLPSs use different techniques to analyse the content and the context of confidential data to detect or prevent the leakage. Although DLPSs are increasingly being designed and developed as standalone products by IT security vendors and researchers, the term still ambiguous. In this study, we have carried out a comprehensive survey on the current DLPS mechanisms. We explicitly define DLPS and categorise active research directions in this field. In addition, we suggest future directions towards developing more consistent DLPSs that can overcome some of the weaknesses of the current ones. This survey is an updated reference on DLPSs, that can benefit both academics and professionals.

Word N-Gram Based Classification for Data Leakage Prevention

Revealing sensitive data to unauthorised personal is a serious problem to many organizations that can lead to devastating consequences. Traditionally, prevention of data leak was achieved through firewalls, VPNs and IDS, but without much consideration to sensitivity of the data. In recent years, new technologies such as data leakage prevention systems (DLPs) are developed, especially to either identify and protect sensitive data or monitor and detect sensitive data leakage. One of the most popular approaches used in DLPs is content analysis, where the content of exchanged documents, stored data or even network traffic is monitored for sensitive data. Contents of documents are examined using mainly text analysis and text clustering methods. Moreover, text analysis can be performed using methods such as pattern recognition, style variation and N-gram frequency. In this paper, we investigate the use of N-grams for data classification purposes. Our method is based on using the N-grams frequency to classify documents in order to detect and prevent leakage of sensitive data. We have studied the effectiveness of N-grams to measure the similarity between regular documents and existing classified documents.

A Simple Lightweight Encryption Scheme for Wireless Sensor Networks

Security is a critical issue in many sensor network applications. A number of security mechanisms are developed for wireless sensor networks based on classical cryptography. AES, RC5, SkipJack and XXTEA are some symmetric-key encryption algorithms that are deployed in sensor network environments. However, these algorithms have their own weakness, such as vulnerable to chosen-plaintext attack, brute force attack and computational complexity. We propose an energy efficient lightweight encryption scheme based on pseudorandom bit sequence generated by elliptic curve operations. We present experimental results of our proposed algorithm employed on real sensor nodes operating in TinyOS. We also discuss the security strength of our algorithm by presenting the security analysis of various tests and cryptanalytic attacks.

A Semantics-Aware Classification Approach for Data Leakage Prevention

Data leakage prevention (DLP) is an emerging subject in the field of information security. It deals with tools working under a central policy, which analyze networked environments to detect sensitive data, prevent unauthorized access to it and block channels associated with data leak. This requires special data classification capabilities to distinguish between sensitive and normal data. Not only this task needs prior knowledge of the sensitive data, but also requires knowledge of potentially evolved and unknown data. Most current DLPs use content-based analysis in order to detect sensitive data. This mainly involves the use of regular expressions and data fingerprinting. Although these content analysis techniques are robust in detecting known unmodified data, they usually become ineffective if the sensitive data is not known before or largely modified. In this paper we study the effectiveness of using N-gram based statistical analysis, fostered by the use of stem words, in classifying documents according to their topics. The results are promising with an overall classification accuracy of 92%. Also we discuss classification deterioration when the text is exposed to multiple spins that simulate data modification.

Metaheuristic algorithms based Flow Anomaly Detector

Increasing throughput of modern high-speed networks needs accurate real-time Intrusion Detection System (IDS). A traditional packet-based Network IDS (NIDS) is time-intensive as it inspects all packets. A flow-based anomaly detector addresses scalability issues by monitoring only packet headers. This method is capable of detecting unknown attacks in high speed networks. An Artificial Neural Network (ANN) is employed in this research to detect anomalies in flow-based traffic. Metaheuristic optimization algorithms have the potential to achieve global optimal solution. In this paper, two metaheuristic algorithms, Cuckoo and PSOGSA, are examined to optimize the interconnection weights of a Multi-Layer Perceptron (MLP) neural network. This optimized MLP is evaluated with two different flow-based data sets. We then compare the performance of these algorithms. The results show that Cuckoo and PSOGSA algorithms enable high accuracy in classifying benign and malicious flows. However, the Cuckoo has lower training time.

An EAP Framework for Unified Authentication in Wireless Networks

Rapid convergence of heterogeneous wireless communication technologies such as Wireless Local Area Networks (WLAN), Worldwide Interoperability for Microwave Access (WiMAX), Long Term Evolution (LTE) etc., attract new opportunities for collaborative usage. More and more applications are emerging to benefit from their advantages. However, with the range of approaches that are used to authenticate the wireless devices in such heterogeneous environments, users are skeptical and looking for more user friendly, flexible and reliable ways to interconnect and utilize these different classes of wireless networks. Wireless network users access the different types of wireless networks either independently or cooperatively. In either case, adequate security provision is critical for the successful operation of the networks. Moreover, emerging technologies should provide seamless transition / migration between these networks. Hence the ability to use a single but unique set of credentials to authenticate the wireless devices in heterogeneous wireless network environments would be an anticipated desire of most users. In this paper a number of authentication mechanisms are examined and evaluated for their advantages and limitations. We then propose a unified authentication protocol that can be encapsulated within the RADIUS protocol utilizing the advantages of public key infrastructure. The preliminary experimental results demonstrate that the proposed protocol is feasible and relatively fast.

Performance of Flow-based Anomaly Detection in Sampled Traffic

In recent years, flow-based anomaly detection has attracted considerable attention from many researchers and some methods have been proposed to improve its accuracy. However, only a few studies have considered anomaly detection with sampled flow traffic, which is widely used for the management of high-speed networks. This gap is addressed in this study. First, we optimize an artificial neural network (ANN)-based classifier to detect anomalies in flow traffic. The results show that although it has a high degree of accuracy, the classifier loses significant information in the process of sampling. In this regard, we propose a sampling method to improve the performance of flow-based anomaly detection in sampled traffic. While existing sampling methods for anomaly detection preserve only small malicious flows, the proposed algorithm samples both small and large malicious flows. Therefore, the detection rate of the flow-based anomaly detector is improved by about 5% using our algorithm. To evaluate the proposed sampling method, three flow-based datasets are generated in this study