Blockchain merges technology with the Internet of Things(IoT)for addressing security and privacy-related issues.However,conventional blockchain suffers from scalability issues due to its linear structure,which increas...Blockchain merges technology with the Internet of Things(IoT)for addressing security and privacy-related issues.However,conventional blockchain suffers from scalability issues due to its linear structure,which increases the storage overhead,and Intrusion detection performed was limited with attack severity,leading to performance degradation.To overcome these issues,we proposed MZWB(Multi-Zone-Wise Blockchain)model.Initially,all the authenticated IoT nodes in the network ensure their legitimacy by using the Enhanced Blowfish Algorithm(EBA),considering several metrics.Then,the legitimately considered nodes for network construction for managing the network using Bayesian-Direct Acyclic Graph(B-DAG),which considers several metrics.The intrusion detection is performed based on two tiers.In the first tier,a Deep Convolution Neural Network(DCNN)analyzes the data packets by extracting packet flow features to classify the packets as normal,malicious,and suspicious.In the second tier,the suspicious packets are classified as normal or malicious using the Generative Adversarial Network(GAN).Finally,intrusion scenario performed reconstruction to reduce the severity of attacks in which Improved Monkey Optimization(IMO)is used for attack path discovery by considering several metrics,and the Graph cut utilized algorithm for attack scenario reconstruction(ASR).UNSW-NB15 and BoT-IoT utilized datasets for the MZWB method simulated using a Network simulator(NS-3.26).Compared with previous performance metrics such as energy consumption,storage overhead accuracy,response time,attack detection rate,precision,recall,and F-measure.The simulation result shows that the proposed MZWB method achieves high performance than existing works.展开更多
Security measures are urgently required to mitigate the recent rapid increase in network security attacks.Although methods employing machine learning have been researched and developed to detect various network attack...Security measures are urgently required to mitigate the recent rapid increase in network security attacks.Although methods employing machine learning have been researched and developed to detect various network attacks effectively,these are passive approaches that cannot protect the network from attacks,but detect them after the end of the session.Since such passive approaches cannot provide fundamental security solutions,we propose an active approach that can prevent further damage by detecting and blocking attacks in real time before the session ends.The proposed technology uses a two-level classifier structure:the first-stage classifier supports real-time classification,and the second-stage classifier supports accurate classification.Thus,the proposed approach can be used to determine whether an attack has occurred with high accuracy,even under heavy traffic.Through extensive evaluation,we confirm that our approach can provide a high detection rate in real time.Furthermore,because the proposed approach is fast,light,and easy to implement,it can be adopted in most existing network security equipment.Finally,we hope to mitigate the limitations of existing security systems,and expect to keep networks faster and safer from the increasing number of cyber-attacks.展开更多
In the 21st century with the exponential growth of the Internet, the vulnerability of the network which connects us is on the rise at a very fast pace. Today organizations are spending millions of dollars to protect t...In the 21st century with the exponential growth of the Internet, the vulnerability of the network which connects us is on the rise at a very fast pace. Today organizations are spending millions of dollars to protect their sensitive data from different vulnerabilities that they face every day. In this paper, a new methodology towards implementing an Intrusion Detection & Prevention System (IDPS) based on Artificial Neural Network (ANN) onto Field Programmable Gate Array (FPGA) is proposed. This system not only detects different network attacks but also prevents them from being propagated. The parallel structure of an ANN makes it potentially fast for the computation of certain tasks. FPGA platforms are the optimum and best choice for the modern digital systems nowadays. The same feature makes ANN well suited for implementation in FPGA technology. Hardware realization of ANN to a large extent depends on the efficient implementation of a single neuron. However FPGA realization of ANNs with a large number of neurons is still a challenging task. The proposed multilayer ANN based IDPS uses multiple neurons for higher performance and greater accuracy. Simulation of the design in MATLAB SIMULINK 2010b by using Knowledge Discovery and Data Mining (KDD) CUP dataset shows a very good performance. Subsequently MATLAB HDL coder was used to generate VHDL code for the proposed design that produced Intellectual Property (IP) cores for Xilinx Targeted Design Platforms. For evaluation purposes the proposed design was synthesized, implemented and tested onto Xilinx Virtex-7 2000T FPGA device.展开更多
The rapid growth of computer networks has changed the prospect of network security. An easy accessibility condition causes computer networks to be vulnerable against numerous and potentially devastating threats from h...The rapid growth of computer networks has changed the prospect of network security. An easy accessibility condition causes computer networks to be vulnerable against numerous and potentially devastating threats from hackers. Up to the moment, researchers have developed Intrusion Detection Systems (IDS) capable of detecting attacks in several available environments. A boundlessness of methods for misuse detection as well as anomaly detection has been applied. Intrusion Prevention Systems (IPS) evolved after that to resolve am-biguities in passive network monitoring by placing detection systems on the line of attack. IPS in other words is IDS that are able to give prevention commands to firewalls and access control changes to routers. IPS can be seen as an improvement upon firewall technologies. It can make access control decisions based on application content, rather than IP address or ports as traditional firewalls do. The next innovation is the combination of IDS and IPS known as Intrusion Detection and Prevention Systems (IDPS) capable of de-tecting and preventing attacks from happening. This paper presents an overview of IDPS followed by their classifications and applications. A new signature based IDPS architecture named HawkEye Solutions has been proposed by the authors. Authors have presented the basic building blocks of the IDS, which include mechanisms for carrying out TCP port scans, Traceroute scan, ping scan and packet sniffing to monitor net-work health detect various types of attacks. Real time implementation results of the system have been pre-sented. Finally a comparative analysis of various existing IDS/IPS solutions with HawkEye Solutions em-phasizes its significance.展开更多
Pattern matching is one of the most performance-critical components for the content inspection based applications of network security, such as network intrusion detection and prevention.To keep up with the increasing ...Pattern matching is one of the most performance-critical components for the content inspection based applications of network security, such as network intrusion detection and prevention.To keep up with the increasing speed network, this component needs to be accelerated by well designed custom coprocessor.This paper presents a parameterized multilevel pattern matching architecture (MPM) which is used on FPGAs.To achieve less chip area, the architecture is designed based on the idea of selected character decoding (SCD) and multilevel method which are analyzed in detail.This paper also proposes an MPM generator that can generate RTL-level codes of MPM by giving a pattern set and predefined parameters.With the generator, the efficient MPM architecture can be generated and embedded to a total hardware solution.The third contribution is a mathematical model and formula to estimate the chip area for each MPM before it is generated, which is useful for choosing the proper type of FPGAs.One example MPM architecture is implemented by giving 1785 patterns of Snort on Xilinx Virtex 2 Pro FPGA.The results show that this MPM can achieve 4.3 Gbps throughput with 5 stages of pipelines and 0.22 slices per character, about one half chip area of the most area-efficient architecture in literature.Other results are given to show that MPM is also efficient for general random pattern sets.The performance of MPM can be scalable near linearly, potential for more than 100 Gbps throughput.展开更多
The importance of network security has grown tremendously and intrusion prevention/detection systems (IPS/IDS) have been widely developed to insure the security of network against suspicious threat. Computer network i...The importance of network security has grown tremendously and intrusion prevention/detection systems (IPS/IDS) have been widely developed to insure the security of network against suspicious threat. Computer network intrusion detection and prevention system consist of collecting traffic data, analyzing them based on detection rules and generate alerts or dropping them if necessary. However IPS has problems such as accuracy signature, the traffic volume, topology design, monitoring sensors. In this paper, we practically examine the traffic effect on performance of IPS. We first examine the detection of DOS attack on a web server by IPS and then we generate network traffic to see how the behavior of IPS has influenced on detection of DOS attack.展开更多
Along with the deepening of the reform and opening-up policy and the entering of the WTO,international exchange of economy and culture has become more and more frequent,Internet has become an indispensable part of our...Along with the deepening of the reform and opening-up policy and the entering of the WTO,international exchange of economy and culture has become more and more frequent,Internet has become an indispensable part of our life,its rapid development brings great convenience to us,and all of the computers will be connected by Internet in the 21 century,thus the meaning of information security has changed substantially.It not only changes from a general guarding to a common defence,but from a specific field to a public subject as well.However,the opening and sharing of the Internet resource,unefficient supervision as well as various virus make people's information and belongings being in an extremely dangerous environment.The fight between hackers and anti-hackers,destruction and anti-destruction has already affected the stable running of the network and users' legal right,caused great economy damages and it could also threat our country's security.So a right understanding and in-time measures should be paid special attention to.The thesis firstly expatiates the current state of the network security and its importance,and discusses some major factors and threats that affect the network security.And the thesis also introduce some catalogues of the security techniques,some relevant information and their major characters,besides that,I enumerate some popular and effective methods of protecting our network,including the widely used firewall,and the meticulous techniques such as security scan techniques and techniques of intrusion detection.Lastly,some protective measures are stated.展开更多
文摘Blockchain merges technology with the Internet of Things(IoT)for addressing security and privacy-related issues.However,conventional blockchain suffers from scalability issues due to its linear structure,which increases the storage overhead,and Intrusion detection performed was limited with attack severity,leading to performance degradation.To overcome these issues,we proposed MZWB(Multi-Zone-Wise Blockchain)model.Initially,all the authenticated IoT nodes in the network ensure their legitimacy by using the Enhanced Blowfish Algorithm(EBA),considering several metrics.Then,the legitimately considered nodes for network construction for managing the network using Bayesian-Direct Acyclic Graph(B-DAG),which considers several metrics.The intrusion detection is performed based on two tiers.In the first tier,a Deep Convolution Neural Network(DCNN)analyzes the data packets by extracting packet flow features to classify the packets as normal,malicious,and suspicious.In the second tier,the suspicious packets are classified as normal or malicious using the Generative Adversarial Network(GAN).Finally,intrusion scenario performed reconstruction to reduce the severity of attacks in which Improved Monkey Optimization(IMO)is used for attack path discovery by considering several metrics,and the Graph cut utilized algorithm for attack scenario reconstruction(ASR).UNSW-NB15 and BoT-IoT utilized datasets for the MZWB method simulated using a Network simulator(NS-3.26).Compared with previous performance metrics such as energy consumption,storage overhead accuracy,response time,attack detection rate,precision,recall,and F-measure.The simulation result shows that the proposed MZWB method achieves high performance than existing works.
基金This work was supported in part by the Information Technology Research Center(ITRC)Support Program supervised by the Institute for Information and Communications Technology Planning and Evaluation(IITP)(IITP-2020-2016-0-00313),and in part by and the 2021 Yeungnam University Research Grant.
文摘Security measures are urgently required to mitigate the recent rapid increase in network security attacks.Although methods employing machine learning have been researched and developed to detect various network attacks effectively,these are passive approaches that cannot protect the network from attacks,but detect them after the end of the session.Since such passive approaches cannot provide fundamental security solutions,we propose an active approach that can prevent further damage by detecting and blocking attacks in real time before the session ends.The proposed technology uses a two-level classifier structure:the first-stage classifier supports real-time classification,and the second-stage classifier supports accurate classification.Thus,the proposed approach can be used to determine whether an attack has occurred with high accuracy,even under heavy traffic.Through extensive evaluation,we confirm that our approach can provide a high detection rate in real time.Furthermore,because the proposed approach is fast,light,and easy to implement,it can be adopted in most existing network security equipment.Finally,we hope to mitigate the limitations of existing security systems,and expect to keep networks faster and safer from the increasing number of cyber-attacks.
文摘In the 21st century with the exponential growth of the Internet, the vulnerability of the network which connects us is on the rise at a very fast pace. Today organizations are spending millions of dollars to protect their sensitive data from different vulnerabilities that they face every day. In this paper, a new methodology towards implementing an Intrusion Detection & Prevention System (IDPS) based on Artificial Neural Network (ANN) onto Field Programmable Gate Array (FPGA) is proposed. This system not only detects different network attacks but also prevents them from being propagated. The parallel structure of an ANN makes it potentially fast for the computation of certain tasks. FPGA platforms are the optimum and best choice for the modern digital systems nowadays. The same feature makes ANN well suited for implementation in FPGA technology. Hardware realization of ANN to a large extent depends on the efficient implementation of a single neuron. However FPGA realization of ANNs with a large number of neurons is still a challenging task. The proposed multilayer ANN based IDPS uses multiple neurons for higher performance and greater accuracy. Simulation of the design in MATLAB SIMULINK 2010b by using Knowledge Discovery and Data Mining (KDD) CUP dataset shows a very good performance. Subsequently MATLAB HDL coder was used to generate VHDL code for the proposed design that produced Intellectual Property (IP) cores for Xilinx Targeted Design Platforms. For evaluation purposes the proposed design was synthesized, implemented and tested onto Xilinx Virtex-7 2000T FPGA device.
文摘The rapid growth of computer networks has changed the prospect of network security. An easy accessibility condition causes computer networks to be vulnerable against numerous and potentially devastating threats from hackers. Up to the moment, researchers have developed Intrusion Detection Systems (IDS) capable of detecting attacks in several available environments. A boundlessness of methods for misuse detection as well as anomaly detection has been applied. Intrusion Prevention Systems (IPS) evolved after that to resolve am-biguities in passive network monitoring by placing detection systems on the line of attack. IPS in other words is IDS that are able to give prevention commands to firewalls and access control changes to routers. IPS can be seen as an improvement upon firewall technologies. It can make access control decisions based on application content, rather than IP address or ports as traditional firewalls do. The next innovation is the combination of IDS and IPS known as Intrusion Detection and Prevention Systems (IDPS) capable of de-tecting and preventing attacks from happening. This paper presents an overview of IDPS followed by their classifications and applications. A new signature based IDPS architecture named HawkEye Solutions has been proposed by the authors. Authors have presented the basic building blocks of the IDS, which include mechanisms for carrying out TCP port scans, Traceroute scan, ping scan and packet sniffing to monitor net-work health detect various types of attacks. Real time implementation results of the system have been pre-sented. Finally a comparative analysis of various existing IDS/IPS solutions with HawkEye Solutions em-phasizes its significance.
基金Supported by the National Natural Science Foundation of China (Grant No 60803002)the Excellent Young Scholars Research Fund of Beijing Institute of Technology
文摘Pattern matching is one of the most performance-critical components for the content inspection based applications of network security, such as network intrusion detection and prevention.To keep up with the increasing speed network, this component needs to be accelerated by well designed custom coprocessor.This paper presents a parameterized multilevel pattern matching architecture (MPM) which is used on FPGAs.To achieve less chip area, the architecture is designed based on the idea of selected character decoding (SCD) and multilevel method which are analyzed in detail.This paper also proposes an MPM generator that can generate RTL-level codes of MPM by giving a pattern set and predefined parameters.With the generator, the efficient MPM architecture can be generated and embedded to a total hardware solution.The third contribution is a mathematical model and formula to estimate the chip area for each MPM before it is generated, which is useful for choosing the proper type of FPGAs.One example MPM architecture is implemented by giving 1785 patterns of Snort on Xilinx Virtex 2 Pro FPGA.The results show that this MPM can achieve 4.3 Gbps throughput with 5 stages of pipelines and 0.22 slices per character, about one half chip area of the most area-efficient architecture in literature.Other results are given to show that MPM is also efficient for general random pattern sets.The performance of MPM can be scalable near linearly, potential for more than 100 Gbps throughput.
文摘The importance of network security has grown tremendously and intrusion prevention/detection systems (IPS/IDS) have been widely developed to insure the security of network against suspicious threat. Computer network intrusion detection and prevention system consist of collecting traffic data, analyzing them based on detection rules and generate alerts or dropping them if necessary. However IPS has problems such as accuracy signature, the traffic volume, topology design, monitoring sensors. In this paper, we practically examine the traffic effect on performance of IPS. We first examine the detection of DOS attack on a web server by IPS and then we generate network traffic to see how the behavior of IPS has influenced on detection of DOS attack.
文摘Along with the deepening of the reform and opening-up policy and the entering of the WTO,international exchange of economy and culture has become more and more frequent,Internet has become an indispensable part of our life,its rapid development brings great convenience to us,and all of the computers will be connected by Internet in the 21 century,thus the meaning of information security has changed substantially.It not only changes from a general guarding to a common defence,but from a specific field to a public subject as well.However,the opening and sharing of the Internet resource,unefficient supervision as well as various virus make people's information and belongings being in an extremely dangerous environment.The fight between hackers and anti-hackers,destruction and anti-destruction has already affected the stable running of the network and users' legal right,caused great economy damages and it could also threat our country's security.So a right understanding and in-time measures should be paid special attention to.The thesis firstly expatiates the current state of the network security and its importance,and discusses some major factors and threats that affect the network security.And the thesis also introduce some catalogues of the security techniques,some relevant information and their major characters,besides that,I enumerate some popular and effective methods of protecting our network,including the widely used firewall,and the meticulous techniques such as security scan techniques and techniques of intrusion detection.Lastly,some protective measures are stated.