Advances in Network Security and Applications

This paper reviews the major contributions in the field of Vulnerability Assessment from 1990 onwards. Even well administered networks are vulnerable to attack .Vulnerabilities are weaknesses in the requirements, design, and implementation, which attackers exploit to compromise the system. Researchers have proposed a variety of methods like graph-based algorithms to generate attack trees (or graphs), “black-box” and “whitebox” analysis, using Mobile Ambients, using Honepots, different Vulnerability tools and their Scoring System’s, and so on. After surveying lot of research papers in the field, the amount of existing works for each method is identified and classified. Especially, the graph-based algorithms itself is a major area for researchers. The paper concludes with some inferences and results obtained in each method so can be used as a guideline for researchers.

In mobile ad hoc network, the cooperation between the nodes is essential to discover and maintain routes. The node cooperation is not always guaranteed because of the misbehaving nodes which exist due to its constraint resources such as battery, bandwidth and computational power. When the node colludes to misbehave, it further makes the routing process difficult due to frequent network partitioning and it results in degrading the overall network throughput. This paper addresses three different kinds of packet dropping misbehavior and proposes a collaborative polling scheme to detect and isolate the colluding packet droppers. The simulation result shows that packet drop ratio, malicious packet drop and false detection has been greatly reduced when compared to the existing system under both entity and group mobility scenario.

The network forensic analysis process involves preparation, collection, preservation, examination, analysis, investigation and presentation phases. The proposed system addresses the major challenges in collection, examination and analysis processes. The model is for collecting network data, identifying suspicious packets, examining protocol features misused and validating the attack. This model has been built with specific reference to security attacks on ICMP protocol that enables forensic experts to analyze the marked suspicious network traffic, thus facilitating cost effective storage and faster analysis of high bandwidth traffic. The ICMP attacks initiated by worms can be detected using this system. The ability of worms to spread at rates that effectively preclude human-directed reaction has elevated them to a first-class security threat to distributed systems. Thus worm detection has become a vital part in the Intrusion Detection Systems. A reaction mechanism that seeks to automatically patch vulnerable software is also proposed. This system employs a collection of sensors that detect and capture potential worm infection vectors. The size of the log file generated by different sensors, used for detecting worm infection vectors can be efficiently reduced by the forensic architecture. It automatically tests the effects of these vectors on appropriately-instrumented sandboxed instances of the targeted application, trying to identify the exploited software weakness. Network forensics relates to the monitoring and analysis of computer network traffic for the purpose of information gathering, legal evidence or intrusion detection.

In recent times, each user needs to secure the information from unwanted disclosure of secret. Encryption is the most wildly used technique to secure the information. LFSR based cipher systems called stream ciphers are commonly used for applications which requires high speed encryption and implementation. Even though these systems provide secrecy to information stream ciphers are highly vulnerable to attacks. The securities of these systems are calculated mostly in terms of correlation attacks and algebraic attacks. In these attacks the key is found by solving this multivariable system of equations. This paper presents a careful analysis on Stream Cipher TRIVIUM. The study has been performed on how the equations are generated and how much they are vulnerable to various attacks. Finally a minor variation has been made on TRIVIUM to prevent algebraic attack by guessing apposite nonlinear variables. Here propose a new design to the key generation of Trivium that has better correlation properties.

The main contribution of the paper is two-fold: Building step by step a chaotic hash function starting from a weak but basic algorithm and analyzing its strengths and weaknesses in order to make it stronger. We start with a basic chaotic hash function with a 128-bit message digest based on Baptista’s encryption algorithm. In the next steps, a pseudo-random number generator using chaotic tent map is incorporated within the hash algorithm and perturbation and block chaining approaches are used to strengthen the hash function. In the literature on chaotic cryptography we have not seen preimage and second-preimage resistance analyis being done which we carry out and show that the proposed hash function is strong against both these attacks. Further, the standard collision analysis is performed in the space of 1-bit neighbourhood of a given message. The hash function is shown to exhibit diffusion effect with average hamming distance between message digests obtained as 63 bits which is close to the ideal of 50%. The collision performance compares favourably with that of chaotic hash functions proposed in the recent literature. It is to be emphasized that the existing chaotic hash functions in the literature use a multitude of chaotic maps whereas we show in this paper that using two chaotic maps judiciously achieves a secure hash function.

Malware attacks which focus on exploiting an application to launch the payload have become major security threat. We present the methodology and algorithm which is able to detect anomaly in application behavior and prevent such type of attacks. Our approach is to represent the normal behavior of an application, detect deviations from this normal behavior and prevent them. We represent normal behavior using system calls made over critical resources by clustering of these system calls and then monitor the behavior of applications for any deviations from the normal behavior, by means of an enforcement algorithm. Any mismatch from the normal behavior indicates an anomaly. We provide a description of our approach. We have implemented and tested the proposed approach and the results are encouraging. As compared to previous research in this direction, we implement on Windows OS instead of Linux OS and use minifilter and registry callback techniques instead of raw system call interception which is prohibited in latest operating system versions.

The number of new malware samples and their complexity is increasing rapidly because of which protecting the system with signature based detection has become increasingly challenging task. In this work we present a novel behaviour-based malware detection expert system named tarantula which makes use of suspicious behaviour rules to detect malicious activity on the system. In our research, we observed that malware targets critical system resources such as system files and registry of operating system in order to execute; shield itself and propagate to other hosts. We identified the critical system resources such as system files and registry in Microsoft Windows and evolved suspicious behaviour rules at a granular level. These behavioural rules are enforced using monitoring and enforcement layer. Through extensive experimentation and testing, we conclude that tool has high detection rate and very less overhead and false positives. The implementation details of prototype (Tarantula) developed for Microsoft Windows XP and Vista operating systems are also provided.

In today’s world, the major security threat is due to Phishing attacks. Phishing attack makes web users believe that they are communicating with a trusted entity for the purpose of stealing account information, login credentials, and identity information in general. This attack method most commonly initiated by sending out e-mails with links to spoofed website that harvest the information. We propose a methodology to detect and prevent the phishing attacks on e-mail. In its more general form it is an end user application that uses hyperlink feature set to detect phishing attacks and digital signature to prevent the attack. Thus our application will act as an interface between a user and its e-mail service provider to provide secure communication. We believe that this will be a better and more cost effective way to prevent people from losing their private information due to phishing.

Due to the growth of multimedia applications, Quality-of-Service (QoS) is becoming one of the most desirable features of mobile ad hoc networks (MANETs). However, mobility of nodes, limited bandwidth and highly dynamic nature of network topologies make it difficult to provide QoS support in MANETs. In this paper we propose a QoS routing protocol based on TORA (QoS-TORA). This protocol provides not only multiple routes between a given source and destination but also, it selects the optimized route according to applications of QoS requirements. Experimental result shows that QoS-TORA provides better performance than TORA in terms of packet delivery fraction and end to end delay. Experiments are done on NS-2 simulator.

Authentication is a challenging area in wireless networks. The authentication process of IEEE 802.11i is using the standards of IEEE 802.1X for authentication; and for key management and distribution 4-way handshake protocol is used. In this paper, we exhaustively review the authentication technique in IEEE 802.11i. The work presents a security analysis of authentication technique which shows its strengths against various threats and some flaws which are responsible for security breaches. The paper compares and contrasts the techniques and points out current issues and challenges.

With the ubiquitousness and far reaching effects of Internet, the role played by Internet security systems becomes very critical. There arises an imminent need for an in force Intrusion Detection Systems (IDS). In this paper, we propose a blend of an anomaly detection system and misuse detection system. A two-phase Intrusion Detection System (IDS) involves Misuse Detection System using supervised learning techniques and Anomaly Detection System using unsupervised learning techniques. Anomalies are outliers, corresponding to attacks characterized by isolated, sparse clusters. MST based Clustering identifies the outliers by exploiting the isolation property. But in this process, some group of normal packets may be broken into sparse clusters. Our Genetic Algorithm based Optimization combines the sparse normal clusters with sufficiently close normal clusters. The resulting clusters can directly correspond to normal or anomalous types. Experimental results performed using KDD Cup 1999 dataset proved that the proposed method provides significantly high detection rates compared to other techniques.

The rapid expansion of the internet and the wide use of digital data have increased the need for both efficient image database creation and retrieval procedure. In this paper, texture classification based on the combination of texture features is proposed. Since most significant information of a texture often appears in the high frequency channels, the features are extracted by the computation of LBP and Texture Spectrum histogram. Euclidean distance is used for similarity measurement. The experimental result shows that 97.99% classification accuracy is obtained by the proposed method.

Address Resolution Protocol (ARP) based attacks are caused by compromised hosts in the LAN and mainly involve spoofing with falsified IP-MAC pairs. Since ARP is a stateless protocol such attacks are possible. The existing signature or anomaly intrusion detection systems are unable to detect these type of attacks. On one hand there are no signatures available for these attacks and on the other hand no significant statistical behavior change can be observed. Several schemes have been proposed in the literature to circumvent these attacks, however, these techniques either make IP-MAC pairing static, modify the existing ARP, violate network layering architecture, patch operating systems etc. In [1] Neminath et al. proposed a Discrete Event System (DES) based approach for detecting ARP attacks, which solved most of these issues. The approach is formal and can be applied to many attack cases whose nature is similar to that of ARP, e.g., ICMP informational message based attack. However, the work [1] did not show its completeness i.e., all possible scenarios of ARP spoofing can be detected by the scheme. In this paper we show which scenarios of spoofing are detected by the scheme and which are missed. Also the repercussions of the missed classes are analyzed.

Web Services Security Architectures have three layers, as provided by NIST standard: Web Service Layer, Web Services Framework Layer (.NET or J2EE), and Web Server Layer. In services oriented web services architecture, business processes are executed as a composition of services, which can suffer from vulnerabilities pertaining to secure data access and protecting code of Web Services. The goal of the Web services security architecture is to summary out the details of message-level security from the mainstream business logic, with a focus on Web Service contract design and versioning for SOA. Service oriented web services architectures impose additional analysis complexity as they provide much flexibility and frequent changes with in orchestrated processes and services. In this paper, we discuss about developing dependable solutions for Web Services Security Architectures in terms of Privacy and Trust negotiation. All this research is motivated by Secure Service Oriented Analysis and Design research domain. We initially validate this by a BPEL Editor using GWT for RBAC and Privacy. Finally a real world case study is implemented using J2EE, for validating our approach. Secure Stock Exchange System using Web Services is to automate the stock exchange works, and can help user make the decisions when it comes to investment.

Ownership transfer of items that are RFID-tagged require more than physical means to accomplish the process. Their inherent ability to communicate with entities that are not necessarily in their close proximity necessitates supplementary ownership transfer measures that complement the transfer of the physical item. Over the past few years, several ownership transfer protocols have been developed with the explicit purpose of transferring ownership of a tag from one owner to another. While it generally suffices to transfer ownership of tags one by one, sometimes it is necessary to simultaneously transfer ownership of multiple tags from one owner to another. This is especially true when multiple items are required to belong together during and outside of the ownership transfer process. Extant literature on RFID ownership transfer protocol, however, does not consider this scenario. We propose a protocol that attempts to address this gap in the literature.

As the number of users in the internet is increasing rapidly, various attacks are becoming an important issue which needs to be analyzed at the earliest. There exist various attacks like, ARP poisoning, IP spoofing, Denial of Service (DOS) etc. Now-a-days one of the major threats on the internet is Denial of Service (DOS) attack. As this attack slows down a particular system, the resources of that system becomes unavailable to others. DOS attack is mounted by consuming the resources of the victim system. By doing this, it can no longer provide the normal service to others. As the universe of DOS attack is large, there exists various different kind of DOS attacks like Distributive DOS attack, Low rate DOS attack etc. In this paper we have proposed a simple hashing based authentication technique which can protect computers from different DOS attacks. The main contribution of this paper is that, here prior to making a connection between source and destination, an authentication must take place at network layer. So before sending a packet to upper layer protocol such as TCP or UDP, this technique will ensure the authentication of the source in network layer. Here a Hash based DOS Attack Analyzer (HDAA) is used whose main job is to capture the packets in the network layer and perform an authentication. For the proposed method it is necessary for both source and destination to agree upon a set of rules and to pass the authentication process. If authentication passes, then it will deliver the data packet to upper layer protocol. If authentication does not pass then it will drop that packet and block that source address from entering the network. A thorough analysis have been made and compared with some existing techniques. The main advantage of this method lies in the application of simple hashing method in network layer which restricts the packet from entering our system initially. The computation overhead is also very less as this scheme can be implemented in network layer with respect to other techniques.

A distributed system is a collection of independent entities that cooperate to solve a problem that cannot be individually solved. A mobile computing system is a distributed system where some of processes are running on mobile hosts (MHs). Checkpoint is defined as a designated place in a program at which normal processing is interrupted specifically to preserve the status information necessary to allow resumption of processing at a later time. Checkpointing is the process of saving the status information. Over the past two decades, intensive research work has been carried out on providing efficient checkpointing protocols in traditional distributed computing. The existence of mobile nodes in a distributed system introduces new issues that need proper handling while designing a checkpointing algorithm for such systems. These issues are mobility, disconnections, finite power source, vulnerable to physical damage, lack of stable storage etc. Recently, more attention has been paid to providing checkpointing protocols for mobile systems. This paper surveys the algorithms which have been reported in the literature for checkpointing in distributed systems as well as Mobile Distributed systems.

Music can be used as a special language of codes and ciphers. Music cipher is one possible way to communicate among many others. Musical notes with letters are equated in such a way as to make a work or phrase. Broadcast messages encrypted by the sender in the musical notes and decrypted by the receiver can help to protect the message from the intruder. The paper proposes raga as a cryptographic tool. Apart from the novelty, we discover some potential benefits.

The ultimate Aim of ASIC verification is to obtain the highest possible level of confidence in the correctness of a design, attempt to find design errors and show that the design implements the specification. Complexity of ASIC is growing exponentially and the market is pressuring design cycle times to decrease. Traditional methods of verification have proven to be insufficient for Digital Image processing applications. We develop a new verification method based on SystemVerilog verification with MATLAB to accelerate verification. The co-simulation is accomplished using MATLAB and SystemVerilog coupled through the DPI. Here is used the Image Resize design verification as case study by using co-simulation method between SystemVerilog and MATLAB. Golden reference will be made using MATLAB In-built functions, while rest of the Verification Environment are in SystemVerilog. The goal is to find more bugs from the Design as compared to traditional method of Verification, reduce time to verify video processing ASIC, reduce debugging time, and reduce coding length.

Embedded systems are becoming increasingly complex, networked, and functionally extensible through software, exposing them to a large number of security problems that have plagued general-purpose systems and thereby a need for an efficient monitoring method arises. Various security attacks exist and a major concern is memory attack. Any change in the memory content of the processor will change the flow of execution. In order to ensure secure execution and detect intrusion of an embedded processor, effective intrusion monitoring technique is proposed in this paper. The technique uses run-time verification of the program at instruction level. The instruction integrity is verified using hash function. Due to limited memory and processing capabilities of embedded systems this technique functions within the constraints, by focusing on effective detection and low overhead.

Queuing disciplines have been a subject of intensive discussion and research in the network field for scheduling packets from different traffic flows for processing at a specific node. When that particular node is selected for the transmission of all traffic flows since it has been chosen as an emerging node for the shortest path in the adaptive energy efficient algorithm, queue scheduling disciplines have been used to improve the quality of service. In this paper, we evaluate the performance of three queuing disciplines (FIFO, PQ and RED) which is implemented in the AEERG protocol. We carry out simulation using NS-2 and compare their relative performance based on queuing delay, packet drop rate and end-to-end delay with drop-tail policies and RED.

In the present research work an attempt has been made to design and implement a tamper detection scheme that provides an additional procedure which detects tampering, given two signatures, whether one of them was generated by the forger. In this system, emails and files are signed digitally. The scheme automatically computes a hash based on the exact content of the email message, and then encrypts the value with the sender’s private key. The recipient of the email will use their tamper evidence software to compute the same calculation. The matching of the calculation with the hash value is a proof that the message has not been altered. It ensures the data integrity, confidentiality and authentication.

An important factor concerning routing protocol in wireless sensor networks is energy consumption. Single path routing protocols are not optimal in maximizing network lifetime. An energy efficient cost function used in multipath routing protocol that maximizes network lifetime using minimum energy path is proposed. Multipath routing protocol splits the load among multiple paths instead of routing all traffic along a single path. Here the paths with minimum energy are discovered and out of the discovered paths, required paths are selected. The protocol uses a least cost path in terms of cost function that calculates node’s transmission energy, residual energy, and buffer space and signal strength threshold. The cost function is used to find the next preferred hop through the path construction phase. A primary path and alternate path is discovered using cost function and data is transmitted. If a node in selected path has high utilized buffer ratio and the residual energy of nodes in selected paths are different, there is a chance of congestion in the paths. Consequently the network can avoid congestion by assigning traffic to different paths. When congestion is occurred, it can help to detect congestion by using the values of transmitting capacity and alleviate congestion by reassigning traffic. The results of simulations validate that the proposed energy efficient and congestion control mechanism can avoid and alleviate congestion, and has reasonable effects of low energy consumption and high throughput.

In a multi-user system, user name and password serves to authenticate the user. Generally users select alphanumerical passwords or textual passwords in English. It is easy for the intruder to crack these passwords by eaves dropping, password stealing, dictionary attack and shoulder surfing. To overcome these vulnerabilities, graphical password schemes have been introduced. An intruder can easily break the simple graphical password authentication schemes by shoulder surfing and hidden cameras. In this paper a new shape based textual authentication scheme for native language passwords is proposed. User selects a character from his native language and the shape of this character becomes password criteria. The proposed authentication scheme is resistant to attacks like password stealing, eves dropping, shoulder surfing and hidden cameras because every time user enters a new password.

Formulating and evaluating trust is important for ensuring security and collaboration among the nodes in MANETs. The dynamic nature of mobile ad hoc networks may contribute to uncertainty in trust opinions. Uncertainty in trust opinions reflects the sufficiency of trust information obtained by a trustor node so that it can accurately compute the trust values of its neighboring nodes. Uncertainty can therefore be reduced by the collection and dissemination of more trust information proactively, exploiting mobility. But the infinite collection and dissemination process leads to communication and cost overhead. And when the trust convergence time increases due to the network size, the possibility of stale opinions also arises. To overcome these overhead, we propose to include the probabilistic Bayesian prediction of trust values, along with gathering of trust information at periodic intervals, before needed, thereby reducing frequent information collection and dissemination. This reduces the communication and cost overhead considerably. The prediction process also prevents aging of opinions when done at desired time intervals. Simulation results are presented to support the performance of the Mobility and Prediction Assisted Uncertainty Reduction Scheme (MPAURS).

The function of Address Resolution Protocol (ARP) is critical in local area networking as well as for routing Internet traffic across gateways.

ARP

, being a Stateless protocol, is prone to various attacks such as ARP spoofing, ARP flooding and ARP poisoning. This work discusses about an efficient scalable implementation of an Intrusion Detection System (IDS) with active detection, to detect ARP spoofing, flooding and related attacks like Man-in-the-Middle(MiTM) and Denial-of-Service(DoS) etc.

Security of Wireless sensor network (WSN) becomes a very important issue with the rapid development of WSN that is vulnerable to a wide range of attacks due to deployment in the hostile environment and having limited resources.Intrusion detection system is one of the major and efficient defensive methods against attacks in WSN. A particularly devastating attack is the sleep deprivation attack, where a malicious node forces legitimate nodes to waste their energy by resisting the sensor nodes from going into low power sleep mode. The goal of this attack is to maximize the power consumption of the target node, thereby decreasing its battery life. Existing works on sleep deprivation attack have mainly focused on mitigation using MAC based protocols, such as S-MAC, T-MAC, B-MAC, etc. In this article, a brief review of some of the recent intrusion detection systems in wireless sensor network environment is presented. Finally, we propose a framework of cluster based layered countermeasure that can efficiently mitigate sleep deprivation attack in WSN. Simulation results on MATLAB exhibit the effectiveness of the proposed model in detecting sleep-deprivation attacks.

Network steganography is a relatively new area of research. Various network steganographic schemes that modifies the header of protocols like TCP and IP are present in literature. An observation suggests that packet length based schemes are suitable for transferring secret information across the network. This paper attempts to propose a novel steganographic scheme which uses the length of the TCP segments to transfer secret information. This scheme embeds the secret information in the TCP sequence number by adjusting the payload of TCP segments. Experiments and results show that this scheme is better than other existing schemes based on adjusting the length of packets.

The Intrusion Detection System (IDS) used today suffer from several shortcomings in the presence of complex and unknown attacks. Intrusion detection system based on honeypot is proposed with Real Time Rule Accession (RTRA) capability. We make use of honeypot to prevent the attack and collect attack traffic on the network. Furthermore, in order to improve the detection performance of our IDS, the Apriori algorithm for association rule mining is used on the data logged by honeypot to generate rules which will be added to the Snort IDS dynamically. This is different from the previous method of off-line rule base addition. The experimental results show that the proposed intrusion detection system is efficient in detecting the attacks at the time of their occurrences even if the system was not equipped with rules to detect it.

We propose one deterministic key distribution schemes for wireless sensor networks, where the nodes are deployed in a 3 dimensional grid like structure.We use combinatorial designs for key predistribution in sensor nodes. Here the deplyment region is a 3-D grid. The whole deployment region is divided into smaller cubic zones. The predistribution scheme has the advantage that all nodes within a particular region can communicate with each other directly and nodes which lie in a different regions can communicate via special nodes called agents which have more resources than the general nodes. The number of agents depend upon the construction.

In our key distribution scheme we have used within group key-distribution and one key distribution for inter-group communication. We use one existing key pre-distribution scheme for intra-group communication between nodes and for inter-group communication we use our proposed scheme.

Extension of Montgomery multiplication algorithms in GF(p) are studied and analyzed. The time and space requirements of various state-of-the-art algorithms are presented. We propose Modified Montgomery Modular Multiplication Algorithms that reduces the number of computational operations such as number of additions, memory reads and writes involved in the existing algorithms, thereby, saving considerable time and area for execution. Many design examples has been solved to prove the theoretical correctness of the proposed algorithms. Complexity analysis shows that Modified Coarsely Integrated Scanning (MCIOS) consume less space and time compared to other modified Montgomery Algorithms. To verify the logical correctness, the proposed MCIOS algorithm was implemented in Xilinx Spartan3E FPGA. The total memory for execution of 64 –bit operand is 135484 KB for MCIOS and 140496 KB for existing Coarsely Integrated Scanning (CIOS) method. Also, the proposed algorithm can be changed to be suitable for any arbitrary Galois field size with little modifications.

Organizations are increasingly adopting Service Oriented Architecture (SOA) to build their distributed applications. SOA is a computing paradigm, emphasizing dynamic service discovery composition and interoperability. Web services are a technology that can be used to implement SOA and are increasingly becoming the SOA implementation of choice. Because a Web service relies on some of the same underlying HTTP and Web-based architecture as common Web applications, it is susceptible to similar threats and vulnerabilities. There are many vulnerabilities in web services such as SQL injection, Denial of Service, etc. that cannot be detected by web service standards and conventional firewalls. In this paper, we present a detailed design of XML firewall that can be used to prevent different vulnerabilities by validating the input xml documents before being processed by the web services. Also the XML firewall does the function of authentication, authorization and session management. We designed a modular architecture for XML firewall where each module checks for a particular vulnerability. We have also developed methods to detect and prevent SQL injection and Denial of Service vulnerabilities.

Resource constraints of the nodes make security protocols difficult to implement. Thus key management is an important area of research in Wireless Sensor Networks (WSN). Key predistribution (kpd) which involves preloading keys in sensor nodes, has been considered as the best solution for key management when sensor nodes are battery powered and have to work unattended. This paper proposes a method to fix some loophole in an existing key predistribution scheme thereby enhancing the security of messages exchanged within a WSN. Here we use a model based on Reed Muller Codes to establish connectivity keys between sensor nodes. The model is then utilized to securely establish communication keys and exchange messages in a WSN designed on basis of two schemes using transversal designs for key predistribution. The combination of the key predistribution scheme and the connectivity model gives rise to highly resilient communication model with same connectivity between nodes as the chosen key predistribution scheme.

Traffic engineering is the task of handling the traffic flows in the back bone networks in order to provide maximum network resource utilization. The key characteristics are redirecting the traffic flows to avoid congestion, applying constraint based shortest path first, providing the ISPs to get more control for the management of traffic flows. Fairness measures or metrics are used in traffic engineering to determine whether users or applications are receiving a fair share of system resources. In this work, the fairness measure considered is congestion control and the control of unresponsive flows.

Mobile ad hoc network (MANET) is a collection of mobile hosts without any existing infrastructure or centralized access point such as a base station. MANET is an emerging research area because of their self configuration and self maintenance capabilities. However the wireless ad-hoc network is more vulnerable to security than conventional wired and wireless networks due to its characteristics like open medium, lack of centralized monitoring, wireless and dynamic nature. Routing security is an important issue in MANET. The primary function of a routing protocol is to establish a secure and efficient route between communicating nodes so that data may be delivered correctly. Existing routing protocols need security mechanism to guard against external and internal attacks but it is very difficult to find a general idea that can prevent efficiently all types of attacks, as each attack has its own distinct characteristics. In this paper, we proposed a method that is based on ad hoc on-demand routing (AODV) protocol and can efficiently prevent the attacks from member of the network including black hole, modifying routing information and impersonation attacks. The proposed method uses only hash function and thus provides fast message verification and sender as well as intermediate nodes authentication. Simulation result shows that in the presence of malicious node, the proposed method performs better than the original AODV protocol.

User authentication is necessary to secure the data and process on internet or mobile communications. Most commonly employed system for said purpose is Static alpha-numeric password based authentication system. But they are susceptible to various types of active and passive attacks. One of the promising alternatives is Graphical password based authentication systems which if implemented properly are secure but not as easy to understand or learn.

In this paper we propose a varied version of inkblot authentication [1] graphical password system which is secure as well as usable. It generates pseudo random one time passwords using a set of inkblots unique to the user. Properties of one time passwords ensures the resistance towards replay, phishing, shoulder surfing, active and dictionary attacks. We also analyze the results from two experiments we have conducted to confirm that this system is easy to learn and password memorability is high, thus making it a promising authentication mechanism.

Web Services in production often evolve over time due to changes in business and security requirements. Often various Web Service standards such as WS-Security, WS-Trust, WS-Routing etc. are introduced or revoked. Such changes alter the structure of an input message accepted by web services. Message validation mechanism becomes in-effective if schemas in use are not updated in line with aforementioned changes. Also, Web Services become prone to different attack vectors if the schemas are loosely defined. Here, we present algorithms that help fine tune schemas by the process of iterative deduction. Also, our work helps to identify patterns of attack vectors that demarcate themselves from genuine messages. Our adaptive schema refining algorithm classifies logged requests into set of schema classes based on a measure of similarity. This classification of messages in to schema classes enables us to tighten the schemas to prevent bad requests or expand the schemas to accommodate newer requests.

One of the most common forms of modulation used in wire and wireless system are QAM system. Quadrature amplitude modulation (QAM) has been widely used in adaptive modulation because of its efficiency in power and bandwidth. Adaptive modulation system is one of the important techniques in building a mobile communication network. Such as WLAN (wireless local area Networks) and WIMAX (Worldwide Inter-oprability for Microwave Access) according to IEEE 802.16 standard. In this paper, a Simulink based simulation system is designed and the details of the simulation is implemented using AWGN Channel. Simulation study helps us to visualize Eye-diagram and scatter plot both at the transmitter and at the receiver and also to observe Spectrum scope. performance analysis is done by comparing the simulated BER with theoretical plot using BER tool. The BER curve for a Communication system illustrates the relationship between power in the transmitted signal in terms of SNR and the resulting BER for the system.

Wireless technology has become a very popular alternative to wired technology in recent years. However, wireless communication faces several security threats. Consequently, several security efforts have been exerted to make wireless communication systems invulnerable to attacks, but unfortunately complete attack prevention is not realistically attainable. Thus, the emphasis on detecting intrusions through a second line of defense, in the form of Intrusion Detection System (IDS), is increasing. But the question that arises is what IDS is more suitable for our systems? The answer necessarily should take the IDSs evaluation into account. However, to consider all possible cases and contexts, the classification of wireless attacks seems necessary. Dealing with this challenge, this paper proposes a holistic taxonomy of wireless security attacks from the perspective of the IDS evaluator. The proposed taxonomy includes all relevant dimensions of wireless attacks and helps to extract the attack test cases that are used for managing unbiased evaluations. Finally, we present our benchmark of two popular wireless IDSs.

We consider the problem of rational secret sharing introduced by Halpern and Teague [5], where the players involved in secret sharing play only if it is to their advantage. This can be characterized in the form of preferences. Players would prefer to get the secret than to not get it and secondly with lesser preference, they would like as few other players to get the secret as possible. Several positive results have already been published to efficiently solve the problem of rational secret sharing but only a handful of papers have touched upon the use of an asynchronous broadcast channel. [3] used cryptographic primitives, [11] used an interactive dealer, and [14] used an honest minority of players in order to handle an asynchronous broadcast channel.

In our paper, we propose an

m

-out-of-

n

rational secret sharing scheme which can function over an asynchronous broadcast channel without the use of cryptographic primitives and with a non-interactive dealer. This is possible because our scheme uses a small number,

k

 + 1, of honest players. The protocol is resilient to coalitions of size up to

k

and furthermore it is

ε

-resilient to coalitions of size up to

m

 − 1. The protocol will have a strict Nash equilibrium with probability

$Pr(\frac{k+1}{n})$

and an

ε

-Nash equilibrium with probability

$Pr(\frac{n-k-1}{n})$

. Furthermore, our protocol is immune to backward induction.

Later on in the paper, we extend our results to include malicious players as well.

We also show that our protocol handles the possibility of a player deviating in order to force another player to get a wrong value in what we believe to be a more time efficient manner than was done in Asharov and Lindell [2].

Due to the development of in the field of computer networks, Mobile ad hoc network (MANET) has emerged as a technology to provide anywhere, anytime communication. Due to its deployment nature, MANETs are more vulnerable to malicious attack. Authentication and encryption techniques can be used as the first line of defense for reducing the possibilities of attacks. However, these approaches have several drawbacks and they are designed for a set of well known attacks. These techniques cannot prevent newer attacks. Hence there is a critical need for cross layer detection technology. This paper proposes efficient cross layer intrusion detection architecture to discover the malicious nodes and different types of DoS. This proposed approach implements a fixed width clustering algorithm for efficient detection of the anomalies in the MANET traffic and also generated different types of attacks in the network. In the association process, the Fast Apriori algorithm is utilized in association process; it increases efficiency of detecting intrusion in MANET.

Recently, as the serious damage caused by DDoS attacks increases, the rapid detection of the attack and the proper response mechanisms are urgent. Signature based DDoS detection systems cannot detect new attacks. Current anomaly based detection systems are also unable to detect all kinds of new attacks, because they are designed to restricted applications on limited environments. However, existing security mechanisms do not provide effective defense against these attacks, or the defense capability of some mechanisms is only limited to specific DDoS attacks. It is necessary to analyze the fundamental features of DDoS attacks because these attacks can easily vary the used port/protocol, or operation method. Also lot of research work has been done in detecting the attacks using machine learning techniques. Still what are the relevant features and which technique will be more suitable one for the attack detection is an open question. In this paper, we use the chi-square and Information gain feature selection mechanisms for selecting the important attributes. With the selected attributes, various machine learning models, like Navies Bayes, C4.5, SVM, KNN, K-means and Fuzzy c-means clustering are developed for efficient detection of DDoS attacks. Then our experimental results show that Fuzzy c-means clustering gives better accuracy in identifying the attacks.

The Delay/Fault Tolerant Mobile Sensor Network (DFT- MSN) and Mobile Peer to Peer network (MP2PN) have evolved at a tremendous rate in the last couple of years. As the networks are evolving so is the rate at which the queries are exchanged in between these net- work and the number of database accesses that need to be performed. The queries are getting complex due to the mobile nature of the nodes in these network and their eagerness to get the response accurately in short span of time because of their limited energy resources. In this paper we not only propose a set of SQL/TIQL queries that are exchanged between the pair of nodes in the DFT-MSN and MP2PN, but also portrays their execution on Oracle 9i Enterprise Edition Release 9.2.0.1.0 Production and expose how these queries are vulnerable to the SQL Injection attack which can either be launched manually or through the various propri- etary and open source SQL Injection tools.

Financial time series forecast has been classified as standard problem in forecasting due to its high non-linearity and high volatility in data. Statistical methods such as GARCH, GJR, EGARCH and Artificial Neural Networks (ANNs) based on standard learning algorithms such as backpropagation have been widely used for forecasting time series volatility of various fields. In this paper, we propose hybrid model of statistical methods with ANNs. Statistical methods require assumptions about the market, they do not reflect all market variables and they may not capture the non-linearity. Shortcoming of ANNs is their process of identifying inputs insignificantly through which network produces output. The attempt for hybrid system is to outperform the forecast results and overcome the shortcomings by extracting input variables from statistical methods and include them in ANNs learning process. Further genetic algorithm is used for evolution of proposed hybrid models. Experimental results confirm the lesser root mean square error (RMSE) results obtained from proposed evolutionary hybrid ANN models EANN-GARCH, EANN-GJR, EANN-EGARCH than conventional ANNs and statistical methods.

Mobile agents are software programs that live in computer networks, performing their computations and moving from host to host as necessary to fulfill their goals. Mobile agents are especially useful in electronic commerce, for both wired and wireless environments. In this research work, both chain relation and TTP(trusted host) has used for protecting data of free roaming mobile agents which is called Trusted host by Knowledge Based System(TKBS). Using Knowledge based system, trusted host list is maintained. In trusted Host agent may not clone. By using chain relation with trusted host, redundancy will be reduced and efficiency will be improved.

Body Sensor Networks have helped to achieve continuous remote monitoring of the physiological parameters of patients without the need for hospitalization. However the confidentiality and integrity of the medical data that is sensed, collected and transmitted to the remote hospital server has to be ensured in order to protect patient privacy. This paper proposes an end-to-end security mechanism for the At-Home architecture used for monitoring patients in the comforts of their home. Biometrics and cryptography are combined to provide data confidentiality and patient authentication.

Web is a collection of inter-related files on one or more Web servers. Web mining is one of the mining technologies, which applies data mining techniques in large amount of web data to improve the web services. Wide Web provides every internet citizen with access to an abundance of information, but it becomes increasingly difficult to identify the relevant pieces of information. Research in web mining tries to address this problem by applying techniques from data mining and machine learning to Web data and documents. The Web Mining is an application of Data Mining. Without the internet, life would have been almost impossible. The data available on the web is so voluminous and heterogeneous that it becomes an essential factor to mine this available data to make it presentable, useful, and pertinent to a particular problem. Web mining deals with extracting these interesting patterns and developing useful abstracts from diversified sources. The present paper deals with a preliminary discussion of WEB mining, few key computer science contributions in the field of web mining and outlines some promising areas of future research.

This paper discusses difference between Intrusion Detection system and intrusion Prevention System (IDS/IPS) technology in computer networks. The differences between deployment of these system in networks in which IDS are out of band in system, means it cannot sit within the network path but IPS are in-line in the system, means it can pass through in between the devices.IDS generates only alerts if anomaly traffic passes in network traffic, it would be false positive or false negative, means IDS detects only malicious activities but no action taken on those activities but IPS has feature of detection and prevention with auto or manual action taken on those detected malicious activities like drop or block or terminate the connections. Here IDS and IPS systems stability, performance and accuracy wise result are comparing in this paper.

In a proxy re-encryption (PRE) scheme, Alice gives a special information to a proxy that allows it to transform messages encrypted under Alice’s public key into a encryption under Bob’s public key such that the message is not revealed to the proxy. In [14], Jian Weng and others introduced the notion of conditional proxy re-encryption (C-PRE) and proposed a system using bilinear pairings. Later, a break for the same was published in [17] and a new C-PRE scheme with bilinear pairings was introduced. In C-PRE, the proxy also needs to have the right condition key to transform the ciphertext (associated with a condition set by Alice) under Alice’s public key into ciphertext under Bob’s public key, so that Bob can decrypt it. In this paper, we propose an efficient C-PRE scheme which uses substantially less number of bilinear pairings when compared to the existing one [17]. We then prove its chosen-ciphertext security under modified Computational Diffie-Hellman (mCDH) and modified Computational Bilinear Diffie-Hellman (mCBDH) assumptions in the random oracle model.

Understanding malware behavior will help in implementing robust intrusion detection and prevention systems. In this paper, we studied the behavioral characteristics of different malware types affecting the Internet and other enterprise email systems. This research was carried out on spam email data received by a single user’s test email account collected over a period of six months. A sandbox test environment platform using virtual machines was built to perform this research and simulate real-life malware behavior and determine its signature at the point of execution for proper analysis. Analysis of email data using the sandbox setup helps to produce a comprehensive data analysis about botnet behavior. We described in detail the design and implementation of sandbox test environment including the challenges faced in building this test environment. As a cost saving measure, we used VMware based virtual platforms built on Linux PC-class hardware. We present results of our behavioral measurement of the most active botnets. Our study discovered that for a single email user for a period of six months, two active Trojans contributed around 20 percent of the total identified malwares received within this time period and the remaining 80 percent of malware binaries were distributed over many different types of botnets; the email malware shows a classic long-tail distribution. During this experiment, we also discovered very strong polymorphic behaviors exhibited by these malware samples, ostensibly intended to help the malware authors and hackers to penetrate and bypass the enterprise intrusion detection systems. Finally, we are releasing the repository of malware collected as a data set for evaluation by other researchers.

A cluster-based wireless sensor network (WSN) can enhance the whole network lifetime. In each cluster, the cluster head (CH) plays an important role in aggregating and forwarding data sensed by other common nodes. So a major challenge in the WSN is the appropriate cluster head selection approach while maintaining all the necessary requirement of the WSN. Lack of sufficient power and bandwidth makes the task of clustering much more challenging. In this paper we have introduced a new clustering approach termed as Sequential Multi-Clustering Protocol (SMCP).This ensures message complexity and number of clusters formed much smaller compared to the other clustering algorithms. Moreover along with the message efficient multi-clustering we also proposed a node deployment protocol which enhances the lifetime of the network. The effectiveness of these proposed methods is presented in this paper in form of simulation results.

Due to changing trends, there is an increasing risk of people having Cardiac Disorders. This is the impetus behind, for developing a system which can diagnose the cardiac disorder and also risk level of the patient, so that effective medication can be taken in the initial stages. In this paper, Atrial rate, Ventricular rate, QRS Width and PR Interval are extracted from ECG signal, so that arrhythmia disorders- Sinus tachycardia (ST), supra-ventricular tachycardia (SVT), ventricular tachycardia (VT), junctional tachycardia (JT), ventricular and Atrial fibrillation (VF & AF) have been diagnosed with their respective risk levels. So that the system acts as an risk analyzer, which tells how far the subject is prone to arrhythmia. LabVIEW signal express is used to read ECG and for analysis this information is passed to the Fuzzy Module. In the Fuzzy module Various “If-then rules” have been framed to identify the risk level of the patient. The Extracted information is then published to the client from the server by using a Online publishing tool. After passing the report developed by the system to the doctor,he or she can pass the medical advice to the server, i.e. generally the system where the patient ECG is extracted and analyzed.

According to a definition rolled out from the Workshop on Adaptable and Adaptive Software [1]

“A program is called adaptive if it changes its behaviour automatically according to its context.”

Within this context, we restrict our research domain to the automatic runtime adaptation of existing behaviours. In this paper, we propose an Autonomic Design Pattern which is an amalgamation of chain of responsibility and visitor patterns that can be used to analyze or design self-adaptive systems.We harvested this pattern and applied it on unstructured peer to peer networks and Webservices environments.Representation of an operation to be performed on the elements of an object structure is taken from the Visitor pattern and to reduce the coupling between the sender of a request to its receiver by giving more than one object a chance to handle the request is adopted from Chain of responsibility.

Rapid development of the Internet and increasing number of available Web services has generated a need for tools and environments facilitating automated composition of atomic Web services into more complex Web processes. JADE is an agent development environment where Web services and agents can be linked together to enable semantic Web applications. However, the current JADE message transportation protocols do not allow agent communication through firewalls and network address translators (NAT-s). Fortunately, the firewall/NAT issue can be solved by using the current JXTA implementation for agent communication. In this paper we describe our efforts to incorporate JXTA protocols into JADE for facilitating inter-agent communication over the Internet. We also describe the design and implementation of an agent-based Web service composition environment, where service registration and discovery are resolved using the JXTA advertisements. By combining the capabilities of JADE and JXTA, agent-based Web service applications can be supported in JADE at a higher level of abstraction. In this paper we are using Aspect oriented programming (AOP) to enable dynamic adaptation at the time of invoking Agent web services in P2P network. We propose an approach to implement dynamic adaptability especially in existing Agent Services, p2p JXTA-WS programs and Aspect weaving in P2P JXTA using AOP. We have used AspectJ; Java based language to create aspects in Eclipse supported framework.

The need for adaptability in software is growing, driven in part by the emergence of autonomic computing. In many cases, it is desirable to enhance existing programs with adaptive behavior, enabling them to execute effectively in dynamic environments. The peer-to-peer (p2p) paradigm is attracting increasing attention from both the research community and software engineers, due to potential performance, reliability and scalability improvements. P2P model has opened many new avenues for research and applications within the field of distributed computation, so performance evaluation is unavoidable.Existing web service invocation and adaptation mechanisms are limited only to the scope of web service choreography in terms of web service selection. Such a scope hardly leaves ground for a participating service in a choreographed flow to re-adjust itself in terms of changed non functional expectations.In this paper we are using Aspect oriented programming (AOP) to enable dynamic adaptation at the time of invoking web services in P2P Systems. We propose an approach to implement dynamic adaptability especially in existing p2p JXTA-WS programs and Aspect weaving in p2p JXTA Multicast sockets using AOP. We have used AspectJ; Java based language to create aspects in Eclipse supported framework.

In today’s world Wireless Ad-hoc sensor network, which consists of many small sensor nodes having limited resources, has a great potential to solve problems in various domain like disaster management, military field etc. In this paper a new protocol “QCS-protocol” has been introduced which is the backbone of our Intelligent Energy Efficient Ad-hoc Sensor Network. Two other protocols “Final Broadcast-Petrol Flow” protocol and “Irregular Information Transfer” protocol are designed to help the QCS protocol to run the system properly and make the network more energy efficient and perfect. The challenges in Ad-hoc sensor network are limited node power, Ad-hoc organization of network and reliability. Most of the existing approaches have done by addressing the problems separately, but not in a totality. This paper shows how the network can have unlimited life and all time readiness with overall stability to send information to the base station with minimum power dissipation with the help of multimode same type sensor nodes and type categorization of generated information.

A Mobile Adhoc Network is a group of wireless mobile computers in which nodes cooperate by forwarding packets for each other to allow them to communicate beyond direct wireless transmission range. Due to wide-ranging characteristics of the Ad Hoc Networks, it is always at a risk to internal as well as external attacks. Many solutions have been proposed and currently being improved in this area. Most of these solutions involve encryption, secure routing, quality of service etc. Each of them is designed to operate in a particular situation, which may fail to work successfully in other scenarios.

This paper offers an alternate approach to improve the trustworthiness of the neighbourhood nodes and secure the routing procedure. It helps in computing the trust in neighbours and selecting the most secured route from the available ones for communication. It also helps detecting the compromised node and virtually removing from the network.

With a view to support delay sensitive multimedia traffic, IEEE 802.11e standard(EDCA) has been proposed as an improvement over IEEE 802. 11 based DCF mechanism. But studies show that EDCA is unable to cope with high traffic load conditions thus failing to offer QoS guarantees for multimedia traffic. This work proposes a routing mechanism that can take advantage of the service differentiation offered by the MAC and at the same time overcome its limitation under heavy load conditions thus facilitating transport of real time data. Our work measures the existing work load of the high priority queues and the level of contention caused due to neighboring nodes to assess the available bandwith and accordingly route the audio -video stream along less congested paths, to ensure better end to end delay and throughput. Simulation studies show that our protocol is able to protect delay constrained traffic under heavy traffic conditions.

In many large/small organization or enterprises, managing the heterogeneity among data at various level has made a challenging task for its management community. In an organization, data may vary from fully structured to completely unstructured. The existing data management systems fail to manage such data in efficient manner. Now, Dataspace technology addresses the problem of heterogeneity present in data and solving various shortcomings of the existing systems. This paper presents a survey on dataspace and discusses issues related to the dataspace like system architecture, data modelling, querying and answering techniques, and indexing.

Recent studies on social networks are based on a characteristic which includes assortative mixing, high clustering, short average path lengths, broad degree distributions and the existence of community structure. Here, a application has been developed in the domain of ‘Business collaboration’ which satisfies all the above characteristics, based on some existing social network models. In addition, this model facilitates interaction between various communities (Academic/Research/Business groups). This application gives very high clustering coefficient by retaining the asymptotically scale-free degree distribution. Here the business network community is raised from a mixture of random attachment and implicit preferential attachment. In addition to earlier works which only considered Neighbor of Initial Contact (NIC) as implicit preferential contact, we have considered Neighbor of Neighbor of Initial Contact (NNIC) also. This application supports the occurrence of a contact between two Initial contacts if the new vertex chooses more than one initial contacts. This ultimately will develop a complex social network rather than the one that was taken as basic reference.

The need for adaptability in software is growing, driven in part by the emergence of autonomic computing. In many cases, it is desirable to enhance existing programs with adaptive behavior, enabling them to execute effectively in dynamic environments. The peer-to-peer (p2p) paradigm is attracting increasing attention from both the research community and software engineers, due to potential performance, reliability and scalability improvements. P2P model has opened many new avenues for research and applications within the field of distributed computation, so performance evaluation is unavoidable. In this paper we are using Aspect oriented programming (AOP) to enable dynamic adaptation in existing p2p JXTA Sockets. We propose an approach to implement dynamic adaptability especially in existing p2p JXTA socket programs and Aspect weaving in p2p JXTA using AOP. We have used AspectJ; Java based language to create aspects in Eclipse supported framework.

The need for adaptability in software is growing, driven in part by the emergence of autonomic computing. In many cases, it is desirable to enhance existing programs with adaptive behavior, enabling them to execute effectively in dynamic environments. The peer-to-peer (p2p) paradigm is attracting increasing attention from both the research community and software engineers, due to potential performance, reliability and scalability improvements. P2P model has opened many new avenues for research and applications within the field of distributed computation, so performance evaluation is unavoidable. In this paper we are using Aspect oriented programming (AOP) to enable dynamic adaptation in existing p2p JXTA Services. We propose an approach to implement dynamic adaptability especially in existing p2p JXTA Service programs and Aspect weaving in p2p JXTA using AOP. We have used AspectJ; Java based language to create aspects in Eclipse supported framework.

Grid computing system is an open, dynamic and service-oriented environment. There are multiple service providers, which offer services in Grid to users. In order to make the entity use the resources and deploy services with safety and reliability, the “trust” notion is addressed. Trust mechanism has been focus of much research in recent years providing a safety and reliable Grid computing environment. In this paper we have proposed a technique for calculating the trust based on the rule based fuzzy logic. Three parameters reliability, capability, and user satisfaction are taken as an input and output is trust factor. We have implemented and evaluated the performance using GridSim simulator.