Slobodan Bojanić

Improving network security using genetic algorithm approach

With the expansion of Internet and its importance, the types and number of the attacks have also grown making intrusion detection an increasingly important technique. In this work we have realized a misuse detection system based on genetic algorithm (GA) approach. For evolving and testing new rules for intrusion detection the KDD99Cup training and testing dataset were used. To be able to process network data in real time, we have deployed principal component analysis (PCA) to extract the most important features of the data. In that way we were able to keep the high level of detection rates of attacks while speeding up the processing of the data.

Finding an internal state of RC4 stream cipher

The RC4 is a stream cipher widely deployed in software applications due to its simplicity and efficiency. The paper presents a cryptanalytic attack that employs the tree representation of this cipher and introduces an abstraction in the form of general conditions for managing the information about its internal state. In order to find the initial state, the tree of general conditions is searched applying the hill-climbing strategy. The complexity of this attack is lower than that of an exhaustive search. The attack is derived from a general cryptanalytic approach for a class of table-shuffling ciphers, whose next-state function permutes the table entries. Incorporating the general conditions in the existing backtracking algorithm, the estimated complexity of the cryptanalytic attack is decreased below the best published result but the RC4 still remains a quite secure cipher in practice.

FPGA ACCELERATION FOR DNA SEQUENCE ALIGNMENT

In this paper, we present two new hardware architectures that implement the Smith–Waterman algorithm for DNA sequence alignment. Previous low-cost approaches based on Field Programmable Gate Array (FPGA) technology are reviewed in detail and then improved with the goal of increased performance at the same cost (i.e., area). This goal is achieved through low level optimizations aimed to adapt the systolic structure implementing the algorithm to the regular structure of FPGAs, essentially finding the optimum granularity of the systolic cells. The proposed architectures achieve processing rates close to 1 Gbps, clearly outperforming previous approaches. Comparing to the reported FPGA results of the computation of the edit-distance between two DNA sequences, throughput is doubled for the same clock frequency with a minimum area penalty. The design has been implemented on an FPGA-based prototyping board integrated into a bioinformatics system. This has allowed validating the approach in a real system (i.e., including I/O and database access), and comparing the proposed hardware solution to purely software approaches. As shown in the paper, the results are outstanding even for slow-rate buses.

FPGA for pseudorandom generator cryptanalysis

Abstract FPGAs have been successfully applied for cryptanalytic purposes, particularly in exhaustive key search that is a highly parallelizable task. In this work, we consider a pseudorandom generator scheme that consists of a number of subgenerators, the first of which is a linear feedback shift register (LFSR). LFSR is often used in cipher systems because of good cryptographic characteristics of its output sequence. The cryptanalysis has shown that if noisy prefix of the output sequence of this generator is known, it is possible to reconstruct the initial state of the LFSR by means of generalized correlated attack. The attack is based on the resolving of the constrained edit distance between the sequences determined by the initial states of the shift registers and the intercepted noisy output sequence. The systolic array architecture exploits the intrinsic parallelism of the dynamic programming algorithm for edit distance computation and achieve reductions in computation time of several orders of magnitude comparing with sequential calculation that is characteristic for software solutions. With a minimum increase of area, our design doubles the speed of similar approaches that are applied in bioinformatics, since there are no published ones for cryptanalysis. The obtained results on Xilinx Virtex and Virtex2 FPGA families also holds when a bus is connected, since our design takes into account the bus I/O bottleneck (i.e. PCI).

Reducing the State Space of RC4 Stream Cipher

The paper introduces an abstraction in form of general conditions for cryptanalytic managing of the information about the current state of the RC4 stream cipher. The general conditions based strategy is used to favor more promising values that should be assigned to unknown entries in the RC4 table. The estimated complexity of the cryptanalytic attack is lower than the best published result although the RC4 remains a quite secure cipher in practice.

Migrating a HoneyDepot to Hardware

A honeypot apparatus, as a perspective security technology has proven itself worth deploying by various malicious records made. The next step in deploying the technology can be an independent hardware device with the incorporated honeypot behaviour. Such a solution would bring an ease in deployment together with a high throughput it would be able to support to the area of network auditing and monitoring. Initial investigation and implementation steps have been conducted. A flexible base for a honeypot platform intended to be implemented on a modern field programmable gate array device, as a potential destination technology, has been developed. Correspondent results with a relevant set of details are being presented together with future perspectives and further investigation and deployment potential. No similar attempts have been documented.

High-speed systolic array for gene matching

One of the main challenges in bioinformatics nowadays is to create a framework to compare efficiently new DNA sequence information to large existing databases. Optimal methods, such as the Smith-Waterman algorithm, provides more sensitive results than heuristic algorithms such as FASTA and BLAST, with the drawback of increased computational complexity. FPGAs implementations of Smith-Waterman exploit the intrinsic parallelism in the algorithm and achieve computation time reductions of several orders of magnitude. In this paper we present an implementation of a Smith-Waterman linear systolic array that doubles throughput of existing ones with a minimum increase of area. The processing speed improvement is achieved by means of assigning the computation of four edit distances to a single systolic cell. Implementation results on Xilinx devices XC2V6000 and XCV1000E are reported. An array that processes 8000-nucleotid DNA sequences achieves 3200 BCUPS operating at 200 Mhz on a XC2V6000-5 device.

Unsupervised Genetic Algorithm Deployed for Intrusion Detection

This paper represents the first step in an on-going work for designing an unsupervised method based on genetic algorithm for intrusion detection. Its main role in a broader system is to notify of an unusual traffic and in that way provide the possibility of detecting unknown attacks. Most of the machine-learning techniques deployed for intrusion detection are supervised as these techniques are generally more accurate, but this implies the need of labeling the data for training and testing which is time-consuming and error-prone. Hence, our goal is to devise an anomaly detector which would be unsupervised, but at the same time robust and accurate. Genetic algorithms are robust and able to avoid getting stuck in local optima, unlike the rest of clustering techniques. The model is verified on KDD99 benchmark dataset, generating a solution competitive with the solutions of the state-of-the-art which demonstrates high possibilities of the proposed method.

Increasing Detection Rate of User-to-Root Attacks Using Genetic Algorithms

An extensive set of machine learning and pattern classification techniques trained and tested on KDD dataset failed in detecting most of the user-to-root attacks. This paper aims to provide an approach for mitigating negative aspects of the mentioned dataset, which led to low detection rates. Genetic algorithm is employed to implement rules for detecting various types of attacks. Rules are formed of the features of the dataset identified as the most important ones for each attack type. In this way we introduce high level of generality and thus achieve high detection rates, but also gain high reduction of the system training time. Thenceforth we re-check the decision of the user-to- root rules with the rules that detect other types of attacks. In this way we decrease the false-positive rate. The model was verified on KDD 99, demonstrating higher detection rates than those reported by the state- of-the-art while maintaining low false-positive rate.

Characterization of laser beam interaction with carbon materials

This paper presents simulation and experimental results for the exposure of some carbon-based materials to alexandrite and Nd3+:YAG (yttrium aluminum garnet) laser radiation. Simulation of the heating effects was carried out using the COMSOL Multiphysics 3.5 package for samples of carbon-based P7295-2 fiber irradiated using an alexandrite laser and carbon-based P4396-2 fiber irradiated using an Nd3+:YAG laser, as well as by applying finite element modeling for P7295-2 samples irradiated using an Nd3+:YAG laser. In the experimental part, P7295-2 samples were exposed to alexandrite laser radiation while samples of carbon-based composite 3D C/C were exposed to Nd3+:YAG laser radiation. Micrographs of the laser induced craters were obtained by light and scanning electron microscopy, and the images analyzed using the ImageJ software. The results obtained enable identification of the laser–material interaction spots, and characterization of the laser induced changes in the materials investigated.