Network Security

The Theory of Transitional Target Defence: A New Approach to Enhancing Cyber Deception

Abstract:

There have been many different approaches to implementing deceptive devices, but it is the contention of this paper that fundamentally every incarnation suffers from the same issue: it remains a deceptive device. As the use of deceptive devices has increased, attackers have become more aware of the threat they pose and have become more adept at detecting deceptive devices. This paper presents a new approach to enhancing cyber deception called Transitional Target Defence (TTD). TTD does not present a deceptive device for an attacker to reconnoitre but rather allows interaction with targets until the exploitation phase. Once the hostile traffic is detected, the attacker is redirected to a deceptive device. The authors discuss the utility of this technique in this paper and the increased complexity of the psychological theatre that comes with it.

Deploying Software-Defined Networking in Operational Technology Environments

Abstract:

Software-Defined Networking for Operational Technologies, referred to as OT-SDN, is a leading technology to secure critical infrastructure and command and control systems. As the name implies, OT-SDN networks are programmable, which allows system owners to utilise the characteristics of their physical processes to inform the security of their network. There are best practices for deploying OT-SDN into an environment, whether it is all at once or over time (hybrid) that the network is converted to SDN technologies. Through the development of data-mining tools and standardised process control, OT SDN can be deployed reliably. These tools will minimise or eliminate any communication failures during the transition and will provide network owners with complete documentation of their network environment. The resulting documentation could enable or facilitate network owners to pass any audits or policy checks (such as Authority to Operate) before being allowed to utilise the OT-SDN infrastructure.

Enabling Situational Awareness in Operational Technology Environments through Software Defined Networkin

Abstract:

Network situational awareness has long been associated with the task of aggregating system logs to determine activity and events ongoing in the network. However, this current method of obtaining situational awareness does not clearly address the mission of a facility or organisation, the key customers at stake, and the real-time statuses of the critical infrastructures. 

Software-Defined Networking Traffic Engineering Process for Operational Technology Networks

Abstract: 

Network designs are often functional with little consideration for security. Growth and maintenance of critical infrastructure, mission-focused networks can be ad hoc and can preclude large-scale technology replacements, reconfigurations,or even patching. These restrictions are contributing factors to increased vulnerabilities. 

Covert Channels in the HTTP Network Protocol: Channel Characterization and Detecting Man-in-the-Middle Attacks

Abstract

Network covert channels allow two entities to communicate stealthily. Hypertext Transfer Protocol (HTTP), accounting for approximately half of all traffic on the Internet (Burke, 2007), has become the de facto standard for hiding network covert channels. Proliferation of covert channels throughout the World Wide Web has brought both challenges and enhancements to the area of Information Warfare. This paper defines a set of common characteristics, then classifies and analyzes several known and new covert channels in HTTP with respect to these characteristics. Lastly, this paper proposes that there are beneficial applications of network covert channels, such as detecting Man-in-the-Middle attacks.

Tactics of Attack and Defense in Physical and Digital Environments: An Asymmetric Warfare Approach

Abstract

Asymmetric warfare is frequently described as a conflict between two parties where the ‘weaker’ party aims to offset its comparatively fewer resources by making use of particular tactical advantages. This paper develops a concept model that captures the leverage available to the ‘weaker’ party over the ‘stronger’ party simply because the former is attacking rather than defending.

Understanding the Application of Deception in Network Security

ABSTRACT

Deception techniques are often employed as part of a proactive and preventative measure of security. However, its application in security has seldom been expressed with a defining explanation of the actual deception. This paper will present a discourse on the existence of deceptions in nature to construct a model that has application to network deceptions. A model of deception will be developed with the intention of applying the delineated actions of deceit, deception, and deceiving to a wireless honeypot. In a future experiment, a research goal will be to establish associations between deceptions deployed and the attainment of network defense goals through implementation of the model of deception.

Biometric vs. Password Authentication: A User’s Perspective

ABSTRACT

This study investigates the main factors that affect adoption of biometric authentication. A purposive sample of 85 network users from the Philadelphia area was used for this study. A laboratory experiment was also carried out to assess false reject and false accept rates. The study found that a large majority (84%) of people would prefer biometric authentication. Privacy, cost, accuracy, and the perception of biometric technology are the main concerns that hinder adoption of this technology. False accept rate was found not to be high enough to cause concerns. Finally, the many benefits of using biometric authentication greatly outweigh those of password authentication.

A Case Study in the Security of Network-enabled Devices

ABSTRACT

It is becoming increasingly common for appliances and other electronic devices to be network-enabled for usability and automation purposes. There have been fears that malicious users can control such devices remotely. Since the installation base of such network-enabled household devices is still relatively small, we examine the types of vulnerabilities that another such appliance has, the network-enabled printer, which is commonly found in the education and business sector. In this paper we analyze the source of the vulnerabilities and present detailed threat scenarios. In addition, we examine four organizations in Australia and Europe. Based on the results of the case study, we draw conclusions on the effects of an information warfare attack using network-enabled devices as the medium.

Teaching Hands-On Network Security: Testbeds and Live Exercises

ABSTRACT

Teaching practical network security requires the use of tools and techniques to support the educational process and to evaluate the students’ newly achieved skills. Two fundamental tools that support a hands-on approach to network security are testbed networks and live exercises. Testbed networks provide a safe environment where the students can experiment with the techniques and security tools that they learn about. Live exercises represent a valuable tool to test the students’ newly acquired skills and to teach the students the dynamics of network-based attack and defense techniques. 

Detecting Computer Network Attacks Using a Multi-objective Evolutionary Programming Approach

ABSTRACT

Attacks against computer networks are becoming more sophisticated, with adversaries using new attacks or modifying existing attacks. This research uses two types of multi-objective approaches, lexicographic and Pareto-based, in a multi- objective evolutionary programming algorithm to develop a new method for detecting such attacks. The approach evolves finite state transducers to detect attacks; this approach may allow the system to detect attacks with features similar to known attacks. Initial testing shows the algorithm performs satisfactorily in generating finite state transducers capable of detecting simulated attacks.

Information Assurance Standards: A Cornerstone for Cyber Defense

ABSTRACT

NSA has a rich history of contributing to standards that enable cyber defense. This paper examines that history, tracing the evolution of NSA’s involvement in the development of early commercial encryption standards, through its more public contributions to network security protocols, to its current efforts to promote and create cyber standards that support the Department of Defense’s use of commercial products to protect classified information.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Keywords

A

AI
APT

C

C2
C2S
CDX
CIA
CIP
CPS

D

DNS
DoD
DoS

I

IA
ICS

M

P

PDA

S

SOA

X

XRY

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

Registered Agent and Mailing Address

  • Journal of Information Warfare
  •  ArmisteadTEC
  • Dr Leigh Armistead, President
  • 1624 Wakefield Drive
  • Virginia Beach, VA 23455

 757.510.4574

 JIW@ArmisteadTec.com