Jakub Safarik

Automatic analysis of attack data from distributed honeypot network

There are many ways of getting real data about malicious activity in a network. One of them relies on masquerading monitoring servers as a production one. These servers are called honeypots and data about attacks on them brings us valuable information about actual attacks and techniques used by hackers. The article describes distributed topology of honeypots, which was developed with a strong orientation on monitoring of IP telephony traffic. IP telephony servers can be easily exposed to various types of attacks, and without protection, this situation can lead to loss of money and other unpleasant consequences. Using a distributed topology with honeypots placed in different geological locations and networks provides more valuable and independent results. With automatic system of gathering information from all honeypots, it is possible to work with all information on one centralized point. Communication between honeypots and centralized data store use secure SSH tunnels and server communicates only with authorized honeypots. The centralized server also automatically analyses data from each honeypot. Results of this analysis and also other statistical data about malicious activity are simply accessible through a built-in web server. All statistical and analysis reports serve as information basis for an algorithm which classifies different types of used VoIP attacks. The web interface then brings a tool for quick comparison and evaluation of actual attacks in all monitored networks. The article describes both, the honeypots nodes in distributed architecture, which monitor suspicious activity, and also methods and algorithms used on the server side for analysis of gathered data.

Malicious traffic monitoring and its evaluation in VoIP infrastructure

The paper deals with the need to enhance security of the VoIP infrastructure. There are several ways to achieve an enhancement in security. We opted for the honeypot which can provide us information about attackers behaviour. We will examine in particular a VoIP honeypot referred to as Artemisa. It is one of many existing honeypots tailored for IP telephony. The paper describes its function and application within a real IP telephony infrastructure. The aim of another tested honeypot is to gather data about the attacks while simulating a SSH server. The gathered information could be crucial for further improvements of the existing security mechanism in our VoIP network.

Neural network classifier of attacks in IP telephony

Various types of monitoring mechanism allow us to detect and monitor behavior of attackers in VoIP networks. Analysis of detected malicious traffic is crucial for further investigation and hardening the network. This analysis is typically based on statistical methods and the article brings a solution based on neural network. The proposed algorithm is used as a classifier of attacks in a distributed monitoring network of independent honeypot probes. Information about attacks on these honeypots is collected on a centralized server and then classified. This classification is based on different mechanisms. One of them is based on the multilayer perceptron neural network. The article describes inner structure of used neural network and also information about implementation of this network. The learning set for this neural network is based on real attack data collected from IP telephony honeypot called Dionaea. We prepare the learning set from real attack data after collecting, cleaning and aggregation of this information. After proper learning is the neural network capable to classify 6 types of most commonly used VoIP attacks. Using neural network classifier brings more accurate attack classification in a distributed system of honeypots. With this approach is possible to detect malicious behavior in a different part of networks, which are logically or geographically divided and use the information from one network to harden security in other networks. Centralized server for distributed set of nodes serves not only as a collector and classifier of attack data, but also as a mechanism for generating a precaution steps against attacks.

Using DNS amplification DDoS attack for hiding data

This paper concerns available steganographic techniques that can be used for sending hidden data through public network. Typically, in steganographic communication it is advised to use popular/often used method for sending hidden data and amount of that data need to be high as much as possible. We confirmed this by choosing a Domain Name System (DNS) as a vital protocol of each network and choosing Distributed denial of service (DDoS) attacks that are most popular network attacks currently represented in the world. Apart from characterizing existing steganographic methods we provide new insights by presenting two new techniques. The first one is network steganography solution which exploits free/unused protocols fields and is known for IP, UDP or TCP protocols, but has never been applied to DNS (Domain Name Server) which are the fundamental part of network communications. The second explains the usage of DNS Amplification DDoS Attack to send seamlessly data through public network. The calculation that was performed to estimate the total amount of data that can be covertly transferred by using these technique, regardless of steganalysis, is included in this paper.

Predictive model for determining the quality of a call

In this paper the predictive model for speech quality estimation is described. This model allows its user to gain the information about the speech quality in VoIP networks without the need of performing the actual call and the consecutive time consuming sound file evaluation. This rapidly increases usability of the speech quality measurement especially in high load networks, where the actual processing of all calls is rendered difficult or even impossible. This model can reach its results that are highly conformant with the PESQ algorithm only based on the network state parameters that are easily obtainable by the commonly used software tools. Experiments were carried out to investigate whether different languages (English, Czech) have an effect on perceived voice quality for the same network conditions and the language factor was incorporated directly into the model.

IP TELEPHONY BASED DANGER ALERT COMMUNICATION SYSTEM AND ITS IMPLEMENTATION

This article discusses a danger alert system created as a part of the research project at Department of Telecommunications of Technical University of Ostrava. The aim of the system is to distribute pre-recorded voice messages in order to alert the called party in danger. This article describes individual technologies, which the application uses for its operation as well as issues relating to hardware requirements and transfer line bandwidth load. The article also describes new algorithms, which had to be developed in order to ensure the reliability of the system. Our intent is focused on disaster management, the message, which should be delivered within specified time span, is typed in the application and text-to-speech module ensures its transformation to a speech format, after that a particular scenario or warned area is selected and a target group is automatically unloaded. For this purpose, we have defined XML format for delivery of phone numbers which are located in the target area and these numbers are obtained from mobile BTSs (Base transmission stations). The benefit of such communication compared to others, is the fact, that it uses a phone call and, therefore, it is possible to get feedback who accepted the message and to improve efficiency of alert system. Finally, the list of unanswered calls is exported and these users can be informed via SMS.

Security solution against denial of service attacks in BESIP system

This article deals about embedded SIP communication server with an easy integration into the computer network based on open source solutions and its effective defense against the most frequent attack in the present - Denial of Service. The article contains brief introduction into the Bright Embedded Solution for IP Telephony – BESIP and describes the most common types of DoS attacks, which are applied on SIP elements of the VoIP infrastructure including the results of defensive mechanism that has been designed.

Automatic voice control system for UAV-based accessories

This article deals with the system for voice control of the UAV (Unattended Aerial Vehicle) accessories using the mobile device and an advanced communication platform. The paper provides an overview of projects realized in last period in field of voice-controlled drones and explains the applied approach for automatic speech recognition using hidden markov models. Authors describes also converting speech commands instructions for UAV control and necessary steps in practical testing and optimization of the whole system. The achieved results and conclusions are given in the final chapter of the article in which authors provide their experience gained within the experimental development.

Genetic algorithm for automatic tuning of neural network hyperparameters

Artificial neural networks affect our everyday life. But every neural network depends on the appropriate training set and setting of internal properties with hyperparameters. Even accurate and complete training set doesnt imply high performance of neural network algorithm. Tuning of hyperparameters is crucial for correct functionality, fast learning and high accuracy of neural networks. The hyperparameter selection relies on manual fine-tuning based on multiple full training trials. There are a lot of neural network implementation available for public and commercial use, but the setting of hyperparameters is often a neglected problem. Choosing the best structure and hyperparameters is the primary challenge in designing a neural network. This article describes a genetic algorithm for automatic selection of hyperparameters and their tuning for increasing the performance of neural networks without human interaction. The optimization algorithm accelerates the discovery of configuration, which is otherwise a time-consuming task. We evaluate the results of optimizations in comparison to naïve approach and compare pro and cons of different techniques.

Estimation of Call Quality for Low Performance Servers

The call quality is an important issue of the modern voice over IP (VoIP) networks. This is given by their inherent “best effort” nature and the fact that any packet can be delayed or lost along the transmission path. To ensure sufficient call quality from the customer’s point of view a multitude of approaches can be adopted, i.e. dynamic change of routing, codec swap or packet tagging. For these approaches to be efficient call quality information needs to be accessible on the devices through which the call is routed. Since the local area networks (LANs) do not suffer from underperformance the decision about the transmission strategy should be made on the edge of the local network. For the VoIP traffic the place for this decision is the Session Border Controller (SBC). This paper describes a way of speech quality estimation that is both accurate and performance undemanding making it possible to implement and integrate on low performance SBCs based on open-source software. These SBCs find their application mostly in small remote branches of private or academic institutions that do not require complex features of the proprietary hardware solutions but still need the advanced security and call quality monitoring.