Fakariah Hani Mohd Ali

Evaluation effectiveness of hybrid IDS using Snort with Naïve Bayes to detect attacks

The enormous number of attacks over the Internet nowadays makes the information under potential violation. Intrusion Detection System (IDS) is used as second line of defense to observe suspicious actions going on in computers or network devices. IDS have two approaches by using only one of the approaches only one of the misuse or anomaly attacks can be detected. This research proposed hybrid IDS by integrated signature based (Snort) with anomaly based (Naive Bayes) to enhance system security to detect attacks. This research used Knowledge Discovery Data Mining (KDD) CUP 99 dataset and Waikato Environment for Knowledge Analysis (WEKA) program for testing the proposed hybrid IDS. Accuracy, detection rate, time to build model and false alarm rate were used as parameters to evaluate performance between hybrid Snort with Naïve Bayes, Snort with J48graft and Snort with Bayes Net. The result shows good performance of using hybrid Snort with Naive Bayes algorithm.

A novel hybrid fuzzy-SVM image steganographic model

This paper reviews the current soft computing (SC) techniques employed in image steganography as well as proposes a new hybrid approach of these SC techniques to exploit their complementary strengths. Four main SC techniques in image steganography — neural network (NN), genetic algorithm (GA), support vector machines (SVM) and fuzzy logic (FL) are assessed based on the three main measurements of steganography — imperceptibility, payload capacity and robustness. Most NN usage focuses on robustness, as well as the imperceptibility of the coverimage by exploiting its learning capability to produce a higher quality stego-image. GA is mostly employed to increase the payload capacity to be embedded as well as to find the best bit positions for embedding position in image steganography. SVM is normally used to increase the imperceptibility of the stego image via its strength to classify the image blocks by learning the relationship between the secret-message and cover-image to be used in the embedding and extracting procedures. A few works have been done in FL especially in preserving the imperceptibility and the number is increasing. Based on this review and leveraging the complementary strengths of FCM in clustering and SVM in classification, we propose a novel hybrid fuzzy c-means (FCM) and SVM (F-SVM) model in image steganography. The model uses the F-SVM as its main engine that is capable of embedding the secret-message imperceptible to human eyes while increasing the payload capacity. Currently, work is being done to develop and test this model.

Nonintrusive SSL/TLS proxy with JSON-based policy

The placement of an interception proxy in between a client and web server has its own implications. Therefore, it is more practical to take a “middle” approach that can moderate the ongoing and future SSL/TLS sessions while not compromising the user privacy. A policy rule in JSON schema and data is proposed in handling SSL/TLS connection delegated by a non-intrusive, pass-through proxy.

IDS Using Mitigation Rules Approach to Mitigate ICMP Attacks

The Internet Control Message Protocol (ICMP) attack is an example of a DDoS attack and regarded as an Internet menace that aims to deny service to legitimate users by violating the availability of resource in a system. A number of researches have been conducted to propose different methods of mitigating the attack but yet, the problem still arises. Thus, to improve the current mitigation solution, this study intents to proposethe Intrusion Detection System (IDS) with the mitigation rules approach to mitigate the ICMP attack. The mitigation rules are developed specifically to mitigate the ICMP attack and to suppress the number of false alarms. Project implementation is done using Snort, which is installed in the Linux platform. For evaluation purpose, testing is carried out with live private data in identical environment, with the default rules and the proposed mitigation rules enabled in the same LAN. Experimental result shows that deployment of mitigation rules is 63.95% efficient to mitigate the ICMP attack compared to the original Snort rules.

Simple port knocking method: Against TCP replay attack and port scanning

Port knocking is a first technique introduces to prevent attackers from discovering and exploiting potentially vulnerable service on a network host, while allowing authenticated users to access these services. Despite being potentially useful tool, it suffers various vulnerabilities such as TCP replay, port scanning and etc. This project proposes a new approach over the existing Port Knocking by employing the Source Port sequences that will simplify a technique for port knocking system. Source port is automatically generated by operating system and is pre-assigned to generate a sequence. A technique to control when certain service start and stop was introduced to mitigate problem with TCP replay attack and port scanning. The performance of the proposed method was evaluated by measuring the authentication time to knock the server. As a result, the proposed method worked faster than other methods like basic port knocking and Fwknop + SPA. This has shown that the proposed method was simple and at the same time against the TCP replay attack and port scanning.

Performance enhancement of wireless sensor network (WSN) with the implementation of Hybrid ARQ (HARQ) and Transmission Power Control (TPC)

The challenges of wireless sensor network (WSN) have commonly referred to error-prone and degraded in performances when it gets congested. One possible solution to mitigate the problem is by combining the technique of Hybrid ARQ (HARQ) with Transmission Power Control (TPC). This research experiments the combination techniques of HARQ error control with TPC in order to improve the performances of WSN with respect to latency, throughputs, packet loss, and energy consumption. The existing HARQ scheme and HARQ with TPC scheme will be simulated using Ns2 simulator and the result will be recorded. The output from simulations is collected and comparison between the two schemes is made. The results show that the scheme of HARQ with TPC have improved the performances of latency, packet loss, throughputs and energy consumption in several test cases such as changing number of nodes, packet sizes, localization and routing protocols.

Wireless Intruder Detection System (WIDS) in Detecting De-Authentication and Disassociation Attacks in IEEE 802.11

Wireless network seen to be targeted from various kind of attacks. Various type of security mechanism was applied, such as WEP, WPA and WPA2. These security mechanisms were only protected the network from intruder in accessing internal network. However, those security mechanisms did not protect communication for wireless clients. This phenomenon leads to vulnerability that contributed to the frames using 802.11a/b/g/n standard. The management frames on 802.11a/b/g/n were sent unencrypted plain text, thus it can be spoofed and forged by intruder. The 802.11w was introduced to protect frames but still have legacy in wireless devices been used that is not supported with 802.11w. This research proposed a tool that can be used as a personal WIDS (Wireless Intruder Detection System). Furthermore, this research also introduced the mechanism to detect de-authentication and disassociation attacks on 802.11a/b/g/n enviroment.

Analysis performance on contention-based MAC protocols in MANETs

ALOHA protocol and its variations are commonly deployed Medium Access Control (MAC) protocols in environments where multiple transmitting devices compete for a medium. Idealized Slotted ALOHA protocol is the most deploy variation in Mobile Ad Hoc Networks (MANETs) environment for example in digital cellular systems such as GSM, RFID and underwater wireless sensor network. In this research paper, the analysis and studies were made with simulation tools to get an illustration of how the Idealized Slotted ALOHA protocol works and to get mathematical results in graphical form in term of throughput and average time delay. These results are then used to compare with the performances of non-persistent CSMA protocol, another MAC protocol that happened to fell under the same category as ALOHA protocols to prove that Idealized Slotted ALOHA protocol outperforms non-persistent CSMA protocol. However, the throughput of Idealized Slotted ALOHA protocol is improvable with the right approaches. In this research paper, the approaches that are used to improve the performance made primarily are by amending the Idealized Slotted ALOHA protocol with capture effect and by increasing the CNR possibility values.

Secured web application using combination of Query Tokenization and Adaptive Method in preventing SQL Injection Attacks

SQL Injection Attacks (SQLIAs) become a major issue nowadays which open opportunities for unrestricted access to the database that underlie web applications. The purpose of this research is to develop a multi-level prevention techniques in order to cater the SQLIAs. The proposed prevention technique combines Query Tokenization and Adaptive Method that will be implemented on multiple platforms that using asp.net programming language. This technique was tested using 5 test cases to ensure it effectiveness. The outcome of this project is frameworks of prevention technique that can be used for other developer to make sure their web application being secured and avoid the hackers exploit the databases by using SQL injection.

Secret Sharing Deniable Encryption Technique

Deniable Encryption was introduced to ensure that the sender and/or receiver in the communication able to create and encrypt fake messages into different ciphertexts to protect the real messages from a coercing adversary. Numerous past works have been proposed to cater the issues of coercible communication. To date, only Bi-Deniable Encryption has catered the issue of sender and receiver coercion. However there can be more than one receiver in a communication at a time. Multi-Party Computation addresses the problem of dishonest users that can be corrupted by the adversary. In some cases, Deniable Encryption may fails due to the coercer already know that it is applied in the communication protocol. A new deniability technique is needed to solve these problems. This research proposed Secret Sharing Deniable Encryption Technique. Secret Sharing technique is used to hide the secret key by creating shares and distributed among users.