Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
- Discipline
Articles 1 - 11 of 11
Full-Text Articles in Physical Sciences and Mathematics
Camdec: Advancing Axis P1435-Le Video Camera Security Using Honeypot-Based Deception, Leslie F. Sikos, Craig Valli, Alexander E. Grojek, David J. Holmes, Samuel G. Wakeling, Warren Z. Cabral, Nickson M. Karie
Camdec: Advancing Axis P1435-Le Video Camera Security Using Honeypot-Based Deception, Leslie F. Sikos, Craig Valli, Alexander E. Grojek, David J. Holmes, Samuel G. Wakeling, Warren Z. Cabral, Nickson M. Karie
Research outputs 2022 to 2026
The explosion of online video streaming in recent years resulted in advanced services both in terms of efficiency and convenience. However, Internet-connected video cameras are prone to exploitation, leading to information security issues and data privacy concerns. The proliferation of video-capable Internet of Things devices and cloud-managed surveillance systems further extend these security issues and concerns. In this paper, a novel approach is proposed for video camera deception via honeypots, offering increased security measures compared to what is available on conventional Internet-enabled video cameras.
Packet Analysis For Network Forensics: A Comprehensive Survey, Leslie F. Sikos
Packet Analysis For Network Forensics: A Comprehensive Survey, Leslie F. Sikos
Research outputs 2014 to 2021
Packet analysis is a primary traceback technique in network forensics, which, providing that the packet details captured are sufficiently detailed, can play back even the entire network traffic for a particular point in time. This can be used to find traces of nefarious online behavior, data breaches, unauthorized website access, malware infection, and intrusion attempts, and to reconstruct image files, documents, email attachments, etc. sent over the network. This paper is a comprehensive survey of the utilization of packet analysis, including deep packet inspection, in network forensics, and provides a review of AI-powered packet analysis methods with advanced network traffic …
A Novel Privacy Preserving User Identification Approach For Network Traffic, Nathan Clarke, Fudong Li, Steven Furnell
A Novel Privacy Preserving User Identification Approach For Network Traffic, Nathan Clarke, Fudong Li, Steven Furnell
Research outputs 2014 to 2021
The prevalence of the Internet and cloud-based applications, alongside the technological evolution of smartphones, tablets and smartwatches, has resulted in users relying upon network connectivity more than ever before. This results in an increasingly voluminous footprint with respect to the network traffic that is created as a consequence. For network forensic examiners, this traffic represents a vital source of independent evidence in an environment where anti-forensics is increasingly challenging the validity of computer-based forensics. Performing network forensics today largely focuses upon an analysis based upon the Internet Protocol (IP) address – as this is the only characteristic available. More typically, …
Cyber Blackbox For Collecting Network Evidence, Jooyoung Lee, Sunoh Choi, Yangseo Choi, Jonghyun Kim, Ikkyun Kim, Youngseok Lee
Cyber Blackbox For Collecting Network Evidence, Jooyoung Lee, Sunoh Choi, Yangseo Choi, Jonghyun Kim, Ikkyun Kim, Youngseok Lee
Australian Digital Forensics Conference
In recent years, the hottest topics in the security field are related to the advanced and persistent attacks. As an approach to solve this problem, we propose a cyber blackbox which collects and preserves network traffic on a virtual volume based WORM device, called EvidenceLock to ensure data integrity for security and forensic analysis. As a strategy to retain traffic for long enough periods, we introduce a deduplication method. Also this paper includes a study on the network evidence which is collected and preserved for analyzing the cause of cyber incident. Then, a method is proposed to suggest a starting …
The Challenges Of Seizing And Searching The Contents Of Wi-Fi Devices For The Modern Investigator, Dan Blackman, Patryk Szewczyk
The Challenges Of Seizing And Searching The Contents Of Wi-Fi Devices For The Modern Investigator, Dan Blackman, Patryk Szewczyk
Australian Digital Forensics Conference
To the modern law enforcement investigator, the potential for an offender to have a mobile device on his or her person, who connects to a Wi-Fi network, may afford evidence to place them at a scene, at a particular time. Whilst tools to interrogate mobile devices and Wi-Fi networks, have undergone significant development, little research has been conducted with regards to interrogating Wi-Fi routers and the evidence they may contain. This paper demonstrates that multiple inhibiting factors exist for forensic investigators when attempting to extract data from Wi-Fi routers at the scene. Data volatility means the Wi-Fi router cannot be …
A User-Oriented Network Forensic Analyser: The Design Of A High-Level Protocol Analyser, D Joy, F Li, N L. Clarke, S M. Furnell
A User-Oriented Network Forensic Analyser: The Design Of A High-Level Protocol Analyser, D Joy, F Li, N L. Clarke, S M. Furnell
Australian Digital Forensics Conference
Network forensics is becoming an increasingly important tool in the investigation of cyber and computer-assisted crimes. Unfortunately, whilst much effort has been undertaken in developing computer forensic file system analysers (e.g. Encase and FTK), such focus has not been given to Network Forensic Analysis Tools (NFATs). The single biggest barrier to effective NFATs is the handling of large volumes of low-level traffic and being able to exact and interpret forensic artefacts and their context – for example, being able extract and render application-level objects (such as emails, web pages and documents) from the low-level TCP/IP traffic but also understand how …
Rapid Forensic Crime Scene Analysis Using Inexpensive Sensors, Dan Blackman
Rapid Forensic Crime Scene Analysis Using Inexpensive Sensors, Dan Blackman
Australian Digital Forensics Conference
Network forensics and Network Intrusion Detection Systems (NIDS) have ultimately become so important to corporations that in many cases they have been relied upon to identify the actions of offenders and to provide sufficient details to prosecute them. Unfortunately, as data links on corporate networks have increased to saturation, more information is being missed and even though corporations have spent heavily acquiring loud, power hungry devices to monitor their networks. A more power efficient solution, which consumes less electricity, yet provides the same or better packet inspection is an obvious solution.. This paper discusses a possible solution using a cluster …
Adsl Router Forensics Part 2: Acquiring Evidence, Patryk Szewczyk
Adsl Router Forensics Part 2: Acquiring Evidence, Patryk Szewczyk
Australian Digital Forensics Conference
The demand for high-speed Internet access is escalating high sales of ADSL routers. In-turn this has prompted individuals to attack and exploit the vulnerabilities in these devices. To respond to these threats, methods of acquisition and analysis are needed. The configuration data provides a wealth of information into the current state of the device. Hence, this data may be used to identify and interpret unlawful ways in which the device was used. This paper is centres around an empirical learning approach identifying techniques to address the device’s acquirable limitations taking into consideration that the owner may not willingly present login …
Visualisation Of Honeypot Data Using Graphviz And Afterglow, Craig Valli
Visualisation Of Honeypot Data Using Graphviz And Afterglow, Craig Valli
Research outputs pre 2011
This research in progress paper explores the use of Graphviz and Afterglow for the analysis of data emanating from a honeypot system. Honeypot systems gather a wide range of data that is often difficult to readily search for patterns and trends using conventional log file analysis techniques. The data from the honeypots has been statically extracted and processed through Afterglow scripts to produce inputs suitable for use by the DOT graph based tools contained within Graphviz. This paper explores some of the benefits and drawbacks of currently using this type of approach.
An Examination Of The Asus Wl-Hdd 2.5 As A Nepenthes Malware Collector, Patryk Szewczyk
An Examination Of The Asus Wl-Hdd 2.5 As A Nepenthes Malware Collector, Patryk Szewczyk
Australian Digital Forensics Conference
The Linksys WRT54g has been used as a host for network forensics tools for instance Snort for a long period of time. Whilst large corporations are already utilising network forensic tools, this paper demonstrates that it is quite feasible for a non-security specialist to track and capture malicious network traffic. This paper introduces the Asus Wireless Hard disk as a replacement for the popular Linksys WRT54g. Firstly, the Linksys router will be introduced detailing some of the research that was undertaken on the device over the years amongst the security community. It then briefly discusses malicious software and the impact …
Honeyd - A Os Fingerprinting Artifice, Craig Valli
Honeyd - A Os Fingerprinting Artifice, Craig Valli
Research outputs pre 2011
The research looks at the efficiency of the honeyd honeypot system to reliably deceive intruders. Honeypots are being used as frontline network intelligence and forensic analysis tools. A honeypots ability to reliably deceive intruders is a key factor in gathering reliable and forensically sound data. Honeyd's primary deceptive mechanism is the use of the NMAP fingerprint database to provide bogus OS fingerprints to would be intruders. Tests conducted by the author on honeyd's ability to provide bogus fingerprints sees 78% of 704 signatures invalidated under heavy probing. However, the tests left 152 viable signatures for producing hardened honeypot designs.