Shahid Anwar

Intrusion response systems

In the last few decades, various network attacks have emerged. This phenomenon requires serious consideration to address its extensive consequences. To overcome the effects of network attacks, an appropriate intrusion detection system and a real-time intrusion response system are required. In this paper, we present an IRS taxonomy based on design parameters to classify existing schemes. Furthermore, we investigate the essential response design parameters for IRS to mitigate attacks in real time and obtain a robust output. The majority of existing schemes disregard the importance of semantic coherence and dynamic response parameters in the response selection process. Therefore, most existing schemes produce inaccurate results by generating false alarms. These design parameters are comprehensively discussed in this paper. We have qualitatively analyzed existing IRS schemes on the basis of the response design parameters. Open research challenges are identified to highlight key research areas in this research domain.

From Intrusion Detection to an Intrusion Response System: Fundamentals, Requirements, and Future Directions

In the past few decades, the rise in attacks on communication devices in networks has resulted in a reduction of network functionality, throughput, and performance. To detect and mitigate these network attacks, researchers, academicians, and practitioners developed Intrusion Detection Systems (IDSs) with automatic response systems. The response system is considered an important component of IDS, since without a timely response IDSs may not function properly in countering various attacks, especially on a real-time basis. To respond appropriately, IDSs should select the optimal response option according to the type of network attack. This research study provides a complete survey of IDSs and Intrusion Response Systems (IRSs) on the basis of our in-depth understanding of the response option for different types of network attacks. Knowledge of the path from IDS to IRS can assist network administrators and network staffs in understanding how to tackle different attacks with state-of-the-art technologies.

Response option for attacks detected by intrusion detection system

In past decades, we have seen that the increasing speed of the network attacks compromising computer system functionality and degrading network performance. The security of these systems has attracted a lot of research in the field of intrusion detection and response system to reduce the effect of these attacks. Response is a major part of intrusion detection system. Intrusion detection system without a timely response is not considered good even they detect threat and generate alarms. Optimum response is based on the selection of proper response option. In this paper, we categorize the attacks and propose some response option to thwart these attacks.

A comparative study of African Buffalo Optimization and Randomized Insertion Algorithm for asymmetric Travelling Salesman's Problem

In this study, a comparative study of the African Buffalo Optimization algorithm and the Randomized Insertion Algorithm to solving the asymmetric Travelling Salesmans Problem is made with the aim of ascertaining a better method to solving the asymmetric Travelling Salesmans Problem instances. The choice of the Random Insertion Algorithm as a comparative algorithm was informed by the fact that it has the best results in literature. The Randomized Insertion and African Buffalo Optimization algorithms employ two different methods in attempting solutions to ATSP: the African Buffalo Optimization employs the modified Karp-Steele approach while the Randomized Insertion uses random insertion approach. After attempting 15 benchmark ATSP cases out of the 19 datasets available in TSPLIB, it was discovered that the African Buffalo Optimization achieves slightly better result to the problems and at a much faster speed.

Cross-VM cache-based side channel attacks and proposed prevention mechanisms: A survey

The state-of-the-art Cloud Computing (CC) has been commercially popular for shared resources of third party applications. A cloud platform enables to share resources among mutually distrusting CC clients and offers cost-effective, on-demand scaling. With the exponential growth of CC environment, vulnerabilities and their corresponding exploitation of the prevailing cloud resources may potentially increase. Although CC provides numerous benefits to the cloud computing tenant. However, features namely resource sharing and Virtual Machine (VM) physical co-residency raising the potential for sensitive information leakages such as Side Channel (SC) attacks. In particular, the physical co-residency feature allows attackers to communicate with another VM on the same physical machine and leak the confidential information due to inadequate logical isolation. Unlike encryption, which protects information from being decoded by unauthorized persons, SC attacks aim to exploit the encryption systems and to hide the occurrence of communication. SC attacks were initially identified as the main threat on multi-level secure systems i.e. OS, database, and networks. More recently, the focus of the researchers has shifted toward SC attacks in CC. Since the last level cache (L2 or L3) is always shared between VM, is the most targeting device for these attacks. Therefore, the aim of this article is to explore cross-VM SC attacks involving the CPU cache and their countermeasures in CC and to compare with the traditional SC attacks and countermeasures. We categorized the SC attacks according to the hardware medium they target and exploit, the ways they access the module and the method they use to extract confidential information. We identified that traditional prevention mechanisms for SC attacks are not appropriate for prevention of cross-VM cache-based SC attacks. We also proposed countermeasures for the prevention of these attacks in order to improve security in CC.

A static approach towards mobile botnet detection

The use of mobile devices, including smartphones, tablets, smart watches and notebooks are increasing day by day in our societies. They are usually connected to the Internet and offer nearly the same functionality, same memory and same speed like a PC. To get more benefits from these mobile devices, applications should be installed in advance. These applications are available from third party websites, such as google play store etc. In existing mobile devices operating systems, Android is very easy to attack because of its open source environment. Android OS use of open source facilty attracts malware developers to target mobile devices with their new malicious applications having botnet capabilities. Mobile botnet is one of the crucial threat to mobile devices. In this study we propose a static approach towards mobile botnet detection. This technique combines MD5, permissions, broadcast receivers as well as background services and uses machine learning algorithm to detect those applications that have capabilities for mobile botnets. In this technique, the given features are extracted from android applications in order to build a machine learning classifier for detection of mobile botnet attacks. Initial experiments conducted on a known and recently updated dataset: UNB ISCX Android botnet dataset, having the combination of 14 different malware families, shows the efficiency of our approach. The given research is in progress.

Present Status and Challenges in Cloud Monitoring Framework: A Survey

Its an Extend Abstract.

Mobile Cloud Computing with SOAP and REST Web Services

Mobile computing in conjunction with Mobile web services drives a strong approach where the limitations of mobile devices may possibly be tackled. Mobile Web Services are based on two types of technologies; SOAP and REST, which works with the existing protocols to develop Web services. Both the approaches carry their own distinct features, yet to keep the constraint features of mobile devices in mind, the better in two is considered to be the one which minimize the computation and transmission overhead while offloading. The load transferring of mobile device to remote servers for execution called computational offloading. There are numerous approaches to implement computational offloading a viable solution for eradicating the resources constraints of mobile device, yet a dynamic method of computational offloading is always required for a smooth and simple migration of complex tasks. The intention of this work is to present a distinctive approach which may not engage the mobile resources for longer time. The concept of web services utilized in our work to delegate the computational intensive tasks for remote execution. We tested both SOAP Web services approach and REST Web Services for mobile computing. Two parameters considered in our lab experiments to test; Execution Time and Energy Consumption. The results show that RESTful Web services execution is far better than executing the same application by SOAP Web services approach, in terms of execution time and energy consumption. Conducting experiments with the developed prototype matrix multiplication app, REST execution time is about 200% better than SOAP execution approach. In case of energy consumption REST execution is about 250% better than SOAP execution approach.

Trusting cloud computing for personal files

In a recent research study concerning current and future (state-of-the-art) cloud security issues, we recognised a substantive number of security loopholes in information technology systems and devised relevant solutions for such problems. As an outcome, exchanging the main point that contains all the information originating from heterogeneous sources that oversee the physiological methodologies of a city could have devastating effects because cloud security would be influenced at diverse levels and clients would be influenced at distinctive administrations. In addition, if these innovations are utilised more extensively, cyber terrorism could, with a solitary machine ambush, hinder significant numbers urban areas worldwide. This paper summarises some major issues in cloud computing, which caused us to reconsider the type of information that can be stored safely in cloud computing.