Analysis and Application of Covert Channels of Internet Control Message Protocol

Based on the analysis of the covert channel＇s working mechanism of the internet control message protocol （ICMP） in internet protocol version 4 （IPv4） and Internet Protocol version 6 （IPv6）, the ICMP covert channd＇s algorithms of the IPv4 and IPv6 are presented, which enable automatic channeling upon IPv4/v6 nodes with non-IPv4-compatible address, and the key transmission is achieved by using this channel in the embedded Internet terminal. The result shows that the covert channel＇s algorithm, which we implemented if, set correct, the messages of this covert channel might go through the gateway and enter the local area network.

ICMPTend: Internet Control Message Protocol Covert Tunnel Attack Intent Detector

The Internet Control Message Protocol(ICMP)covert tunnel refers to a network attack that encapsulates malicious data in the data part of the ICMP protocol for transmission.Its concealment is stronger and it is not easy to be discovered.Most detection methods are detecting the existence of channels instead of clarifying specific attack intentions.In this paper,we propose an ICMP covert tunnel attack intent detection framework ICMPTend,which includes five steps:data collection,feature dictionary construction,data preprocessing,model construction,and attack intent prediction.ICMPTend can detect a variety of attack intentions,such as shell attacks,sensitive directory access,communication protocol traffic theft,filling tunnel reserved words,and other common network attacks.We extract features from five types of attack intent found in ICMP channels.We build a multi-dimensional dictionary of malicious features,including shell attacks,sensitive directory access,communication protocol traffic theft,filling tunnel reserved words,and other common network attack keywords.For the high-dimensional and independent characteristics of ICMP traffic,we use a support vector machine(SVM)as a multi-class classifier.The experimental results show that the average accuracy of ICMPTend is 92%,training ICMPTend only takes 55 s,and the prediction time is only 2 s,which can effectively identify the attack intention of ICMP.

BDSec:Security Authentication Protocol for BeiDou-Ⅱ Civil Navigation Message

Due to the lack of authentication mechanism in BeiDou navigation satellite system(BDS),BD-Ⅱ civil navigation message(BDⅡ-CNAV) are vulnerable to spoofing attack and replay attack.To solve this problem,we present a security authentication protocol,called as BDSec,which is designed by using China’s cryptography Shangyong Mima(SM) series algorithms,such as SM2/4/9 and Zu Chongzhi(ZUC)algorithm.In BDSec protocol,both of BDⅡ-CNAV and signature information are encrypted using the SM4 algorithm(Symmetric encryption mechanism).The encrypted result is used as the subject authentication information.BDSec protocol applies SM9 algorithm(Identity-based cryptography mechanism) to protect the integrity of the BDⅡ-CNAV,adopts the SM2 algorithm(Public key cryptosystem) to guarantee the confidentiality of the important session information,and uses the ZUC algorithm(Encryption and integrity algorithm) to verify the integrity of the message authentication serial number and initial information and the information in authentication initialization sub-protocol respectively.The results of the SVO logic reasoning and performance analysis show that BDSec protocol meets security requirements for the dual user identity authentication in BDS and can realize the security authentication of BDⅡ-CNAV.

Integration of naval distributed tactical training simulation system based on advanced message queuing protocol

Aiming at the problems of unreliable data transmission,poor steadiness,nonsupport of complex data types,direct couple between data transmission and exchange,a high-level method based on advanced message queuing protocol( AMQP) is proposed to integrate naval distributed tactical training simulation system after serious consideration with current information exchange features of military combat system. Transferring layer in traditional user datagram protocol is implemented by publishing and subscribing scheme of message middleware. By creating message model to standardize message structure,integration architecture is formulated to resolve potential information security risks from inconsistent data type and express data transmission. Meanwhile,a communication model is put forward based on AMQP,which is in the center position of the whole transmission framework and responsible for reliably transferring battlefield data among subsystems. Experiments show that the method can accurately post amounts of data to the subscriber without error and loss,and can get excellent real-time performance of data exchange.

Unsupervised Binary Protocol Clustering Based on Maximum Sequential Patterns

With the rapid development of the Internet,a large number of private protocols emerge on the network.However,some of them are constructed by attackers to avoid being analyzed,posing a threat to computer network security.The blockchain uses the P2P protocol to implement various functions across the network.Furthermore,the P2P protocol format of blockchain may differ from the standard format specification,which leads to sniffing tools such as Wireshark and Fiddler not being able to recognize them.Therefore,the ability to distinguish different types of unknown network protocols is vital for network security.In this paper,we propose an unsupervised clustering algorithm based on maximum frequent sequences for binary protocols,which can distinguish various unknown protocols to provide support for analyzing unknown protocol formats.We mine the maximum frequent sequences of protocolmessage sets in bytes.Andwe calculate the fuzzymembership of the protocolmessage to each maximum frequent sequence,which is based on fuzzy set theory.Then we construct the fuzzy membership vector for each protocol message.Finally,we adopt K-means++to split different types of protocol messages into several clusters and evaluate the performance by calculating homogeneity,integrity,and Fowlkes and Mallows Index(FMI).Besides,the clustering algorithms based onNeedleman–Wunsch and the fixed-length prefix are compared with the algorithm presented in this paper.Compared with these traditional clustering methods,we demonstrate a certain improvement in the clustering performance of our work.

The History, Trend, Types, and Mitigation of Distributed Denial of Service Attacks

Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.

Development and Verification of Simulation Model Based on Real MANET Experiments for Transport Layer Protocols (UDP and TCP)

There is a lack of appropriate guidelines for realistic user traces, mobility models, routing protocols, considerations of real-life challenges, etc. for general-purpose mobile ad hoc networks （MANET）. In this paper, four laptops are used in an open field environment in four scenarios to evaluate the performances of Internet control message protocol （ICMP） based ping and transmission control protocol （TCP） based streaming video applications using optimised link state routing （OLSR） implementation in an IEEE 802.11g wireless network. Corresponding simulations are developed in Network Simulator ns-2 by setting simulation parameters according to the real experiments. Difficulties faced to regenerate real-life scenarios have been discussed and the gaps between reality and simulation are identified. A setup guideline to produce realistic simulation results has been established.

Visualization of Large Amount of Spectra in Virtual Observatory Environment

This paper presents overview of new features so far prepared for new version of spectral analysis tool SPLAT-VO that allows to retrieve a large amount of spectra(and other data) based on its characteristics by detailed querying a virtual observatory s resources. The overview is focused on enhancements of user experience, work with simple application messaging protocol(SAMP) and other interoperability that improves work with global list of spectra, plot window and analysis menu.

Fast Confidentiality-Preserving Authentication for Vehicular Ad Hoc Networks

This paper studies the existing problems of message authentication protocols in vehicular ad hoc networks(VANETs) due to their significance in the future of commuting and transportation. Our contribution has been devoted to implementing a new protocol for VANETs so that inherent security problems in past works are resolved. Exclusive security measures have been considered for the system which protects the users against threat of any attack. The new protocol shows a great hardness guaranteed by certificate based 80 bit security which assures messages to remain confidential in any time. Also, new unprecedented features like V2 X which improves system performance effectively have been instantiated. The simulation results indicate that message signature generation and verification both take place in much less time than present comparable rival protocols.