Physical Sciences and Mathematics Commons^™

Matrix Profile Data Mining For Bgp Anomaly Detection, Ben A. Scott, Michael N. Johnstone, Patryk Szewczyk, Steven Richardson

Research outputs 2022 to 2026

The Border Gateway Protocol (BGP), acting as the communication protocol that binds the Internet, remains vulnerable despite Internet security advancements. This is not surprising, as the Internet was not designed to be resilient to cyber-attacks, therefore the detection of anomalous activity was not of prime importance to the Internet creators. Detection of BGP anomalies can potentially provide network operators with an early warning system to focus on protecting networks, systems, and infrastructure from significant impact, improve security posture and resilience, while ultimately contributing to a secure global Internet environment. In this paper, we present a novel technique for the detection …

Denial Of Service Attack Detection Through Machine Learning For The Iot, Naeem Firdous Syed, Zubair Baig, Ahmed Ibrahim, Craig Valli

Research outputs 2014 to 2021

Sustained Internet of Things (IoT) deployment and functioning are heavily reliant on the use of effective data communication protocols. In the IoT landscape, the publish/subscribe-based Message Queuing Telemetry Transport (MQTT) protocol is popular. Cyber security threats against the MQTT protocol are anticipated to increase at par with its increasing use by IoT manufacturers. In particular, IoT is vulnerable to protocol-based Application layer Denial of Service (DoS) attacks, which have been known to cause widespread service disruption in legacy systems. In this paper, we propose an Application layer DoS attack detection framework for the MQTT protocol and test the scheme on …

Rdtids: Rules And Decision Tree-Based Intrusion Detection System For Internet-Of-Things Networks, Mohammad Amine Ferrag, Leandros Maglaras, Ahmed Ahmim, Makhlouf Derdour, Helge Janicke

Research outputs 2014 to 2021

This paper proposes a novel intrusion detection system (IDS), named RDTIDS, for Internet-of-Things (IoT) networks. The RDTIDS combines different classifier approaches which are based on decision tree and rules-based concepts, namely, REP Tree, JRip algorithm and Forest PA. Specifically, the first and second method take as inputs features of the data set, and classify the network traffic as Attack/Benign. The third classifier uses features of the initial data set in addition to the outputs of the first and the second classifier as inputs. The experimental results obtained by analyzing the proposed IDS using the CICIDS2017 dataset and BoT-IoT dataset, attest …

Anomaly Detection In Bacnet/Ip Managed Building Automation Systems, Matthew Peacock

Theses: Doctorates and Masters

Building Automation Systems (BAS) are a collection of devices and software which manage the operation of building services. The BAS market is expected to be a $19.25 billion USD industry by 2023, as a core feature of both the Internet of Things and Smart City technologies. However, securing these systems from cyber security threats is an emerging research area. Since initial deployment, BAS have evolved from isolated standalone networks to heterogeneous, interconnected networks allowing external connectivity through the Internet. The most prominent BAS protocol is BACnet/IP, which is estimated to hold 54.6% of world market share. BACnet/IP security features are …

Extraction Of Patterns In Selected Network Traffic For A Precise And Efficient Intrusion Detection Approach, Priya Naran Rabadia

Theses: Doctorates and Masters

This thesis investigates a precise and efficient pattern-based intrusion detection approach by extracting patterns from sequential adversarial commands. As organisations are further placing assets within the cyber domain, mitigating the potential exposure of these assets is becoming increasingly imperative. Machine learning is the application of learning algorithms to extract knowledge from data to determine patterns between data points and make predictions. Machine learning algorithms have been used to extract patterns from sequences of commands to precisely and efficiently detect adversaries using the Secure Shell (SSH) protocol. Seeing as SSH is one of the most predominant methods of accessing systems it …

A Centralised Platform For Digital Forensic Investigations In Cloud-Based Environments, Shaunak Mody, Alastair Nisbet

Australian Digital Forensics Conference

Forensic investigations of digital media traditionally involve seizing a device and performing a forensic investigation. Often legal and physical obstructions must be overcome so that the investigator has access to the device and the right to secure it for investigation purposes. Taking a forensic image of a hard disk may need to be done in the field but analysis can usually be performed at a later time. With the rapid increase in hard disk size, the acquiring of a forensic image can take hours or days. This poses significant issues for forensic investigators when potential evidence resides in the cloud. …

Controlled Access To Cloud Resources For Mitigating Economic Denial Of Sustainability (Edos) Attacks, Zubair A. Baig, Sadiq M. Sait, Farid Binbeshr

Research outputs 2014 to 2021

Cloud computing is a paradigm that provides scalable IT resources as a service over the Internet. Vulnerabilities in the cloud infrastructure have been readily exploited by the adversary class. Therefore, providing the desired level of assurance to all stakeholders through safeguarding data (sensitive or otherwise) which is stored in the cloud, is of utmost importance. In addition, protecting the cloud from adversarial attacks of diverse types and intents, cannot be understated. Economic Denial of Sustainability (EDoS) attack is considered as one of the concerns that has stalled many organizations from migrating their operations and/or data to the cloud. This is …

Intelligent Network Intrusion Detection Using An Evolutionary Computation Approach, Samaneh Rastegari

Theses: Doctorates and Masters

With the enormous growth of users' reliance on the Internet, the need for secure and reliable computer networks also increases. Availability of effective automatic tools for carrying out different types of network attacks raises the need for effective intrusion detection systems.

Generally, a comprehensive defence mechanism consists of three phases, namely, preparation, detection and reaction. In the preparation phase, network administrators aim to find and fix security vulnerabilities (e.g., insecure protocol and vulnerable computer systems or firewalls), that can be exploited to launch attacks. Although the preparation phase increases the level of security in a network, this will never completely …

Usability And Security Support Offered Through Adsl Router User Manuals, Patryk Szewczyk

Australian Information Security Management Conference

ADSL routers are often used as either the target or the means for cyber crime. Many ADSL router threats could be mitigated through the effective use of inbuilt security controls and firmware updates available from vendors. Unfortunately, end‐users typically lack the technical expertise to correctly configure and secure the device. Subsequently, end‐users are reliant on well documented procedures provided by vendors in their user manuals and quick start guides. This study investigates the usability and security recommendations and encouragements put forth by vendors in their user manuals. The study demonstrates that user manual usability does not conform to ideal technical …

A Simulation-Based Study Of Server Location Selection Rules In Manets Utilising Threshold Cryptography, Alastair Nisbet

Australian Information Security Management Conference

Truly Ad Hoc wireless networks where a spontaneous formation of a network occurs and there is no prior knowledge of nodes to each other present significant security challenges, especially as entirely online configuration of nodes with encryption keys must be performed. Utilising threshold cryptography in this type of MANET can greatly increase the security by requiring servers to collaborate to form a single Certificate Authority (CA). In this type of CA responsibility for certificate services is shared between a threshold of servers, greatly increasing security and making attack against the CA considerably more difficult. Choosing which nodes to take on …

Testing A Distributed Denial Of Service Defence Mechanism Using Red Teaming, Samaneh Rastegari, Philip Hingston, Chiou-Peng Lam, Murray Brand

Research outputs 2013

The increased number of security threats against the Internet has made communications more vulnerable to attacks. Despite much research and improvement in network security, the number of denial of service (DoS) attacks has rapidly grown in frequency, severity, and sophistication in recent years. Thus, serious attention needs to be paid to network security. However, to create a secure network that can stay ahead of all threats, detection and response features are real challenges. In this paper, we look at the the interaction between the attacker and the defender in a Red Team/Blue Team exercise. We also propose a quantitative decision …

Exposing Potential Privacy Issues With Ipv6 Address Construction, Clinton Carpene, Andrew Woodward

Australian Information Security Management Conference

The usage of 128 bit addresses with hexadecimal representation in IPv6 poses significant potential privacy issues. This paper discusses the means of allocating IPv6 addresses, along with the implications each method may have upon privacy in different usage scenarios. The division of address space amongst the global registries in a hierarchal fashion can provide geographical information about the location of an address, and its originating device. Many IPv6 address configuration methods are available, including DHCPv6, SLAAC (with or without privacy extensions), and Manual assignment. These assignment techniques are dissected to expose the identifying characteristics of each technique. It is seen …

The 2011 Idn Homograph Attack Mitigation Survey, Peter Hannay, Gregory Baatard

Research outputs 2012

The advent of internationalized domain names (IDNs) has introduced a new threat, with the non-English character sets allowing for visual mimicry of domain names. Whilst this potential for this form of attack has been well recognized, many applications such as Internet browsers and e-mail clients have been slow to adopt successful mitigation strategies and countermeasures. This research examines those strategies and countermeasures, identifying areas of weakness that allow for homograph attacks. As well as examining the presentation of IDNs in e-mail clients and Internet browser URL bars, this year’s study examines the presentation of IDNs in browser-based security certificates and …

A Survey Of Computer And Network Security Support From Computer Retailers To Consumers In Australia, Patryk Szewczyk

Australian Information Security Management Conference

Previously undertaken research suggests that novice end-users rely on computer retailers for security advice and support during and after a sale has occurred. This paper documents the survey results of computer and network security support provided to consumers by retailers in Perth, Western Australia between 2011 and 2012. The conducted survey shows that in the majority of cases, computers retailers were favourable in providing support and recommendations. However, these views were found to be flawed, confusing and do little to ensure that end-users are not victimized by cyber crime.

Insecurity By Obscurity Continues: Are Adsl Router Manuals Putting End-Users At Risk, Kim Andersson, Patryk Szewczyk

Australian Information Security Management Conference

The quantity and sophistication of threats targeting ADSL routers is on a steady increase. There is a reliance on end-users to ensure that their ADSL router is secure by continually updating the firmware, using strong authentication credentials, and enabling the in-built firewall. However, to do this, the end-user must be presented with well written procedural instructions, and an explanation of why this is important. This paper examines the design quality and security content provided by vendors in ADSL router manuals. This paper reveals that the lack of security related content and poor overall design could impact on end-users’ interpretation and …

Ignorant Experts: Computer And Network Security Support From Internet Service Providers, Patryk Szewczyk, Craig Valli

Research outputs pre 2011

The paper examines the advice and support provided by seven major Internet Service Providers in Australia through late 2009 and early 2010 in relation to computer and network security. Previous research has indicated that many end-users will attempt to utilise the support provided by Internet Service Providers as a simple and effective method by which to obtain key information in regards to computer security. This paper demonstrates that in many cases the individuals working at the help desk are either reluctant to provide IT security support or have insufficient skill to provide the correct information.

Insecurity By Obscurity: A Review Of Soho Router Literature From A Network Security Perspective, Patryk Szewczyk, Craig Valli

Research outputs pre 2011

Because of prevalent threats to SoHo based ADSL Routers, many more devices are compromised. Whilst an end-user may be at fault for not applying the appropriate security mechanisms to counter these threats, vendors should equally share the blame. This paper reveals that the lack of security related content and poor overall design could impact on end-users’ interpretation and willingness to implement security controls on their ADSL router. It argues that whilst the number of threats circulating the Internet is increasing, vendors are not improving their product literature.

Network Security Isn’T All Fun And Games: An Analysis Of Information Transmitted While Playing Team Fortress 2, Brett Turner, Andrew Woodward

Australian Information Security Management Conference

In the world of online gaming, information is exchanged as a matter of course. What information is exchanged behind the scenes is something that is not obvious to the casual user. People who play these games trust that the applications they are using are securely written and in this case, communicate securely. This paper looks at the traffic that is transmitted by the game Team Fortress 2 and incidentally the supporting authentication traffic of the Steam network. It was discovered through packet analysis that there is quite a lot of information which should be kept private being broadcast in the …

Identifying Dos Attacks Using Data Pattern Analysis, Mohammed Salem, Helen Armstrong

Australian Information Security Management Conference

During a denial of service attack, it is difficult for a firewall to differentiate legitimate packets from rogue packets, particularly in large networks carrying substantial levels of traffic. Large networks commonly use network intrusion detection systems to identify such attacks, however new viruses and worms can escape detection until their signatures are known and classified as an attack. Commonly used IDS are rule based and static, and produce a high number of false positive alerts. The aim of this research was to determine if it is possible for a firewall to analyse its own traffic patterns to identify attempted denial …

Can Intrusion Detection Implementation Be Adapted To End-User Capabilities?, Patricia A. Williams, Renji J. Mathew

Australian Information Security Management Conference

In an environment where technical solutions for securing networked systems are commonplace, there still exist problems in implementation of such solutions for home and small business users. One component of this protection is the use of intrusion detection systems. Intrusion detection monitors network traffic for suspicious activity, performs access blocking and alerts the system administrator or user of potential attacks. This paper reviews the basic function of intrusion detection systems and maps them to an existing end-user capability framework. Using this framework, implementation guidance and systematic improvement in implementation of this security measure are defined.

How Safe Is Azeroth, Or, Are Mmorpgs A Security Risk?, An Hilven, Andrew Woodward

Australian Information Security Management Conference

Massive Multiplayer Online Role Playing Games (MMORPGs) are at a basic level a networked application. Blizzard’s World of Warcraft is currently the largest example of such a type of application, with over nine million subscribers at last count. Whilst the idea of researching a game for network security may sound trivial, nine million potential backdoors into home and business computers is not. The ports used by the game, as well as authentication methods and client update programs were examined using packet analysis software. No obvious vulnerabilities were discovered as a result of this analysis. In addition to this analysis, an …

Information Security: A Misnomer, William Hutchinson

Research outputs pre 2011

This paper argues that the definition of 'information' is crucial to the understanding of 'information security'. At present, information security concentrates on the technological aspects of data, computer and network security. This computer-centric approach ignores the fact that the majority of information within an organisation is derived from other sources than computer stored data. The implications for security are that much data can be leaked from an organisation even if the computer and network systems are secured.