Talha Naqash

Statistical fingerprint-based intrusion detection system (SF-IDS)

Summary Intrusion detection systems (IDS) are systems aimed at analyzing and detecting security problems. The IDS may be structured into misuse and anomaly detection. The former are often signature/rule IDS that detect malicious software by inspecting the content of packets or files looking for a “signature” labeling malware. They are often very efficient, but their drawback stands in the weakness of the information to check (eg, the signature), which may be quickly dated, and in the computation time because each packet or file needs to be inspected. The IDS based on anomaly detection and, in particular, on statistical analysis have been originated to bypass the mentioned problems. Instead of inspecting packets, each traffic flow is observed so getting a statistical characterization, which represents the fingerprint of the flow. This paper introduces a statistical analysis based intrusion detection system, which, after extracting the statistical fingerprint, uses machine learning classifiers to decide whether a flow is affected by malware or not. A large set of tests is presented. The obtained results allow selecting the best classifiers and show the performance of a decision maker that exploits the decisions of a bank of classifiers acting in parallel.

Secure DNS from amplification attack by using modified bloom filters

Domain Name System (DNS) is the vital part of the internet world. One of the attacks on DNS is an amplification attack, in which IP is spoofed by the eavesdropper in order to launch a bandwidth consumption attack. In this attack Bulk of responses are received by the victim server in a response to a single query. In this paper the structure of the Bloom Filter is modified and its defense against the amplification attack is proposed. In this proposed solution, we used a modified bloom filter in which we have added one more property that is, we can edit its membership, such as newcomer, old one and black listed old member. Through this when old members come after a specific interval of time, they are going to register themselves as newcomers in bloom filter and this bloom filter will be placed near the victim ISP or it organization router. So when the attacker initiates a query, after a certain check it can be put on the black list.

Protecting DNS from cache poisoning attack by using secure proxy

The DNS is one of the most important part of the Internet communication. DNS server runs a robust mechanism which provides the IP address of the internet host name. Even if the any component of this internet communication is unavailable for short interval then the whole internet communication will be disturbed or some time stop responding. When a DNS server sends a query to the specific server then an eves dropper can launch cache poisoning attack easily. Many solutions have been proposed which have their own pros and cones. In this paper a proposed solution is described by using security proxy with a hash function. Cache Poisoning attack can be avoided by using this technique. It creates a secure environment for the DNS to communicate with other DNS. When the source DNS receives any response from any DNS it will check the authenticity of receiving packets and send the data to the client. This technique provides secure environment for DNS communication. This new technique is easy to implement on the current DNS architecture without any modification.

A novel mutual authentication protocol for H(e)NB and mobile devices using S8 S-box

In wireless communication, femtocell is a feasible option to enhance the signal strength. Authentication of the legal user and legitimate femtocell is a serious issue. Many protocols have been proposed for mutual authentication but each has its own pros and cones. In this paper we first investigate the weakness of a previously presented mutual authentication protocol, Rapid Development and Authentication Protocol (RDAP) under Man In The Middle (MITM), Denial of Service (DoS), sybil and masquerade attacks. Then, a novel authentication protocol is presented to remove the weakness against these attacks. The proposed algorithm is interoperable and use S8 S-box for AES to reduce the authentication time.

Mutual authentication protocol for LTE based mobile networks

Femtocells are used to enhance the service coverage inside the office or home, particularly where access is narrow or engaged. Femtocells enhance the service quality that is attractive for the client and the mobile operator. Currently, security of core network from the unauthorized user in public environment is a big issue and there is no integrated solution to verify a rouge femtocell or unauthorized user equipment (UE). Forged equipment can launch any attack or hack the core network to act actively or passively. Hence, there is a need for a mutual authentication protocol, so communication equipments can verify each other during connection establishment and make a secure tunnel for communication. In this paper we have critically analyzed the Rapid Development Authentication Protocol (RDAP) and its structural design. Then a novel protocol has been proposed which provide mutual authentication between User Equipment (UE) and femtocell that will make the system more secure than conventional RDAP. Moreover, novel scheme is also compatible with the current network architecture and resist various network attacks e.g., Sybil attack, MITM, DOS, Eavesdropping & Injecting attack and Packet Sniffing.