Browsing by Browse by FOR 2020 "460407 System and network security"

In this work, we proposed Software Defined Networking (SDN) based access control techniques for preventing unauthorised access to traffic flows in secure networks. We have developed an Access Control Application (ACA) for the SDN Controller for differentiating the flow requests from the user/devices that are classified at different security levels and configuring the routes with physical or virtual separation between the flows. This separation of flows makes it difficult for the malicious users with lower security clearance to access the flows that belong to the users with higher security clearance. Hence, our work significantly minimises the attack surface in secure environments. We will also discuss the prototype implementation of our model and some performance characteristics.

In software-defined networks, policy-based security management or architecture (PbSA) is an ideal way to dynamically control the network. We observe that on the one hand, this enables security capabilities intelligently and enhance fine-grained control over end user behavior. But, on the other hand, dynamic variations in network, rapid increases in security attacks, geographical distribution of nodes, complex heterogeneous networks, and so on have serious effects on the performance of PbSAs. These affect the flow specific quality of service requirements with further degradation of the performance of the security context. Hence, in this letter, PbSA's performance is evaluated. The key factors including a number of rules, rule-table size, position of rules, flow arrival rate, and CPU utilization are examined, and found to have considerable impact on the performance of PbSAs.

Software Defined Networking (SDN) is disruptive networking technology which adopts a centralised framework to facilitate fine-grained network management. However security in SDN is still in its infancy and there is need for significant work to deal with different attacks in SDN. In this paper we discuss some of the possible attacks on SDN switches and propose techniques for detecting the attacks on switches. We have developed a Switch Security Application (SSA)for SDN Controller which makes use of trusted computing technology and some additional components for detecting attacks on the switches. In particular TPM attestation is used to ensure that switches are in trusted state during boot time before configuring the flow rules on the switches. The additional components are used for storing and validating messages related to the flow rule configuration of the switches. The stored information is used for generating a trusted report on the expected flow rules in the switches and using this information for validating the flow rules that are actually enforced in the switches. If there is any variation to flow rules that are enforced in the switches compared to the expected flow rules by the SSA, then, the switch is considered to be under attack and an alert is raised to the SDN Administrator. The administrator can isolate the switch from network or make use of trusted report for restoring the flow rules in the switches. We will also present a prototype implementation of our technique.

This paper presents a novel feature learning model for cyber security tasks. We propose to use Auto-encoders (AEs), as a generative model, to learn latent representation of different feature sets. We show how well the AE is capable of automatically learning a reasonable notion of semantic similarity among input features. Specifically, the AE accepts a feature vector, obtained from cyber security phenomena, and extracts a code vector that captures the semantic similarity between the feature vectors. This similarity is embedded in an abstract latent representation. Because the AE is trained in an unsupervised fashion, the main part of this success comes from appropriate original feature set that is used in this paper. It can also provide more discriminative features in contrast to other feature engineering approaches. Furthermore, the scheme can reduce the dimensionality of the features thereby signicantly minimising the memory requirements. We selected two different cyber security tasks: networkbased anomaly intrusion detection and Malware classication. We have analysed the proposed scheme with various classifiers using publicly available datasets for network anomaly intrusion detection and malware classifications. Several appropriate evaluation metrics show improvement compared to prior results.

Software Defined Networking (SDN) is considered as a new approach promising simplified network management by providing a programmable interface. The idea of SDN is based on the separation of control plane from the data plane in networking devices. This is achieved by having the network intelligence centralised in what is called as SDN controller. In this paper we propose techniques for botnet detection in networks using SDN. The SDN controller makes use of generic templates for capturing the traffic flow information from the OpenFlow switches and makes use of this information for detecting bots. We will show that our model can detect a range of bots including IRC, HTTP and peer-to-peer bots.

This paper proposes security techniques for counteracting attacks from malicious end hosts in a software defined networking (SDN) environment. This paper describes the design of a security architecture, which comprises a security management application running in the SDN controller for specifying and evaluating security policies, and security components in the switches for enforcing these security policies on network flows. Our proposed security solution helps to detect the attacking end hosts even before the flow requests from the malicious end hosts are forwarded to the SDN controller. Furthermore, if the end hosts become malicious after the interactions with the SDN controller and generate attacks in the data plane, then our architecture has mechanisms to address these attacks that occur after the establishment of routes by the SDN controller. The domain wide network visibility of the SDN controller enables our security architecture to achieve dynamic management of the security policies. The enforcement of security policies in the data plane is tailored to the functionality available in the network switches, making the proposed security solution practical. We describe the implementation of the proposed security architecture and analyze its security and performance characteristics. We also discuss the advantages of the proposed security architecture over existing solutions.

Intrusion detection is one of the important security problems in todays cyber world. A significant number of techniques have been developed which are based on machine learning approaches. However, they are not very successful in identifying all types of intrusions. In this paper, a detailed investigation and analysis of various machine learning techniques have been carried out for finding the cause of problems associated with various machine learning techniques in detecting intrusive activities. Attack classification and mapping of the attack features is provided corresponding to each attack. Issues which are related to detecting low-frequency attacks using network attack dataset are also discussed and viable methods are suggested for improvement. Machine learning techniques have been analyzed and compared in terms of their detection capability for detecting the various category of attacks. Limitations associated with each category of them are also discussed. Various data mining tools for machine learning have also been included in the paper. At the end, future directions are provided for attack detection using machine learning techniques.

Cognitive radio (CR) can improve the utilization of the spectrum by making use of licensed spectrum in an opportunistic manner. The sensing reports from all the CR nodes are sent to a Fusion Centre (FC) which aggregates these reports and takes decision about the presence of the PU, based on some decision rules. Such a collaborative sensing mechanism forms the foundation of any centralised CRN. However, this collaborative sensing mechanism provides more opportunities for malicious users (MUs) hiding in the legal users to launch spectrum sensing data falsification (SSDF) attacks. In an SSDF attack, some malicious users intentionally report incorrect local sensing results to the FC and disrupt the global decision-making process. To mitigate SSDF attacks, an Eclat algorithm based detection strategy is proposed in this paper for finding out the colluding malicious nodes. Simulation results show that the sensing performance of the scheme is better than the traditional majority based voting decision in the presence of SSDF attacks.

Intrusion Detection System is one of the challenging research areas in Cloud Security. Security incidents such as Denial of service, scanning, malware code injection, virus, worm and password cracking are becoming common in cloud environment. These attacks can become a threat to the reputation of the company and can also cause financial loss if not detected on time. Hence securing the cloud from these types of attacks is very important. In this paper, we have proposed techniques to secure cloud environment by incorporating some of the efficient approaches in intrusion detection. We have focused on two major issues in IDS: efficient detection mechanism and speed of detection. We have proposed approaches to tackle these issues using Machine Learning and parallelization. We have also provided security frameworks to demonstrate how these approaches will be deployed in Cloud Environment. A preliminary analysis was conducted for some of the approaches and results are promising.

Sensor networks are ad-hoc mobile networks that include sensor nodes with limited computational and communication capabilities. They have become an economically viable monitoring solution for a wide variety of applications. Obviously, it is important to ensure security and, taking into account limited resources available in wireless sensor networks, the use of symmetric cryptography is strongly recommended. In this paper we present a light-weight authentication model for wireless sensor networks composed of a key management and an authentication protocol. It is based on simple symmetric cryptographic primitives with very low computational requirements, and it achieves better results than other similar proposals in the literature. Compared to SPINS and BROSK protocols, our system can reduce energy consumption by up to 98% and 67% respectively. It also scales well with the size of the network, due to it only requiring one interchanged message, regardless of the total number of nodes in the network.

The botnet is a group of hijacked computers, which are employed under command and control mechanism administered by a botmaster. Botnet evolved from IRC based centralized botnet to employing common protocols such as HTTP with decentralized architectures and then peer-to-peer designs. As Botnets have become more sophisticated, the need for advanced techniques and research against botnets has grown. In this paper, we propose techniques to detect botnets by analysing network traffic flows. We developed templates for capturing traffic flows with more relevant attributes for botnet detection. Also we make use of the IPFIX standard for the specification of the templates. Hence our techniques can be used to detect different bot families with lesser overheads and are vendor neutral.

Web based applications are very common nowadays where almost every software can be accessible through a web browser in one form or the other. This paper proposes techniques to detect different threats related to web applications by using a hypervisorbased security architecture. The proposed architecture leverages the hypervisor's visibility of the virtual machines' runtime state and traffic flows for securing the web application. The unique feature of the proposed architecture is that it is capable of doing fine granular detection of web application attacks, i.e. to the specific web page level, and protecting the application against zero-day attacks.

Modern society heavily depends on wireless spectrum for communication purposes. With the rapid increase in mobile devices and Internet of Things (IoT), the need for wireless spectrum has grown dramatically resulting in the limited available spectrum becoming a constrained resource. To remedy this spectrum scarcity, cognitive radio (CR) was proposed as an efficient and opportunistic use of the frequency spectrum in order to increase spectral efficiency. However dynamic sharing of the spectrum between multiple users poses several significant challenges in security and trust. In this paper, we focus on primary user emulation (PUE) attacks in cognitive radio networks (CRNs). We propose a new scheme that we believe could be useful in practice to achieve an improved PUE attack detection in CRNs. The scheme combines energy detection and localization. One of the distinguishing features of the proposed scheme is that instead of detecting received energy level with a single threshold for a secondary user (SU), multiple thresholds have been used for each SU and the global decision is concluded by the majority of participating SUs. Furthermore, in cases where the primary users (PUs) are stationary and their coordinates are already known to SUs, we have combined our improved energy detection with a TDOA localization scheme for detecting PUE attacks. Our simulation results show that this scheme increases the level of accuracy in detecting PUE attacks.

In this paper, we introduce an integrated security architecture that combines TPM based trust management with hypervisor level access control and intrusion detection system to provide a holistic approach for securing services hosted in virtualised environments. We describe the implementation of the security architecture in detail and demonstrate the functionality of the proposed architecture for different attack scenarios. Our architecture is able to perform dynamic attack detection and update the security policies to protect the services from the identified threats. The proposed integrated security architecture can be easily adopted to be used in cloud and distributed virtualised environments.

Security is of paramount importance in this new era of on-demand Cloud Computing. Researchers have provided a survey on several intrusion detection techniques for detecting intrusions in the cloud computing environment. Most of them provide a discussion over traditional misuse and anomaly detection techniques. Virtual Machine Introspection (VMI) techniques are very helpful in detecting various stealth attacks targeting user-level and kernel-level processes running in virtual machines (VMs) by placing the analyzing component outside the VM generally at hypervisor. Hypervisor Introspection (HVI) techniques ensure the hypervisor security and prevent a compromised hypervisor to launch further attacks on VMs running over it. Introspection techniques introspect the hypervisor by using hardware-assisted virtualization-enabled technologies. The main focus of our paper is to provide an exhaustive literature survey of various Intrusion Detection techniques proposed for cloud environment with an analysis of their attack detection capability. We propose a threat model and attack taxonomy in cloud environment to elucidate the vulnerabilities in cloud. Our taxonomy of IDS techniques represent the state of the art classification and provides a detailed study of techniques with their distinctive features. We have provided a deep insight into Virtual Machine Introspection (VMI) and Hypervisor Introspection (HVI) based techniques in the survey. Specific research challenges are identified to give future direction to researchers. We hope that our work will enable researchers to launch and dive deep into intrusion detection approaches in a cloud environment.

Future network innovation lies in software defined networking (SDN). This innovative technology has revolutionised the networking world for half a decade and contributes to transform legacy network architectures. This transformation blesses the networking world with improved performance and quality of service. However, security for SDN remains an afterthought. In this paper we present a detailed discussion of some of the attacks possible in SDN and techniques to deal with the attacks. The threat model will consider some significantly vulnerable areas in SDN which can lead to severe network security breaches. In particular, we describe different attacks such as attacks on the Controller, attacks on networking devices, attacks exploiting the communication links between the control plane and the data plane and different types of topology poisoning attacks. We then propose techniques to deal with some of the attacks in SDN. We make use of northbound security application on the Controller and OpenFlow agents in the networking devices for enforcing security policies in the data plane. The security application is used for specification and storage of the security policies and to make decisions on the enforcement of security policies to deal with different types of attacks. We will describe the prototype implementation of our approach using ONOS Controller and demonstrate its effectiveness against different types of attacks.

Today we are living in the era of Cloud Computing where services are provisioned to users on demand and on a pay-per-use basis. On oneside, Cloud Computing has made things easier but it has also opened new doors for cyber attackers. In this paper, we propose an efficient security architecture named as NvCloudIDS to deal with intrusions at Network and Virtualization layer in Cloud Environment. NvCloudIDS performs the behavioral analysis of network traffic coming to or going from Cloud Networking Server (CNS) and provides first level of defense from intrusions at network level. It also performs Virtual Machine (VM) memory introspection and VM traffic analysis at hypervsior layer of Cloud Compute Server (CCoS) and provides second level of defense at virtualization level. The architecture of NvCloudIDS is primarily designed to improve the robustness and power of attack detection of IDS by leveraging Virtual Machine Introspection (VMI) and Machine learning techniques. The framework is validated with recent intrusion dataset (UNSW-NB) and malware binaries collected from research centers and the results seem to be promising.

In this paper, we propose a policy driven security architecture for securing end to end services across multiple autonomous domain based SDN environment. We develop a language based approach to designing a range of security policies that are relevant for SDN services and communications. The design of a security architecture that enables secure routing of packets based on the specified security policies in the SDN Controller is described.

In this paper, we propose techniques for securing Software Defined Networks(SDN). We describe the design of a security architecture that makes use of security applications on top of the SDN Controller to specify fine granular security policies based on domain wide knowledge of the domain and Security Agents to enforce these policies in the switches in the data plane. We have extended the Open Flow protocol to enable communication of the security policies between the security applications in the Controller to the agents in the switches. We have implemented the security architecture using POX Controller and demonstrated the operation of our architecture in a range of scenarios such as enforcing specific security policies for different traffic with different services, counteracting attacks such as Heartbleed and Shellshock as well as spoofing attacks, and protecting Content Management Systems(CMS) from data confidentiality attacks.

In this paper, we propose an integrated security architecture which combines policy based access control with intrusion detection techniques and trusted computing technologies for securing distributed applications running on virtualised systems. Our security architecture incorporates access control security policies for secure interactions between applications and virtual machines in different physical virtualized servers. It provides intrusion detection and trusted attestation techniques to detect and counteract dynamic attacks in an efficient manner. We demonstrate how this integrated security architecture is used to secure the life cycle of virtual machines including dynamic hosting and allocation of resources as well as migration of virtual machines across different physical servers. We discuss the implementation of the developed architecture and show how the architecture can counteract attack scenarios involving malicious users exploiting vulnerabilities to achieve privilege escalation and then using the compromised machines to generate further attacks. The feedback between the various security components of our security architecture plays a critical role in detecting sophisticated, dynamically changing attacks, thereby increasing the resilience of the overall secure system.

Cloud security is one of the biggest challenge in today's technological world. Researchers have proposed some solutions for cloud security. Virtual Machine (VM)-level solutions are configured and controlled at VM. They are less robust and can be easily subverted by attackers. In this paper, we propose an out-VM monitoring security approach named as Malicious Network Packet Detection (MNPD) which monitors the VMs from outside at both network and virtualization layer in cloud environment. MNPD performs the behavioral analysis of network traffic at Cloud Networking Server (CNS); providing primary defense from intrusions at network level. MNPD does the VM traffic validation at hypervisor of Cloud Compute Server (CCoS) to detect spoofing attacks, originated from VMs. The non-spoofed packets are further analyzed using behavior analysis of network traffic to detect any abnormality in the virtual traffic; providing second level of defense from intrusions at virtualization level. MNPD employs statistical learning technique (Random Forest) with ensemble of feature selection approach to learn the behavior of traffic patterns. MNPD does not involve overhead incurred in monitoring extensive memory writes or instruction-level traces. It is a more secure solution to detect attacks which never pass through physical interface and hence not detected by traditional IDS. The proposed approach has been validated with latest datasets (UNSW-NB and ITOC) and results seem to be promising.

Software Defined Network(SDN) is a promising technological advancement in the networking world. It is still evolving and security is a major concern for SDN. In this paper we proposed policy based security architecture for securing the SDN domains. Our architecture enables the administrator to enforce different types of policies such as based on the devices, users, location and path for securing the communication in SDN domain. Our architecture is developed as an application that can be run on any of the SDN Controllers. We have implemented our architecture using the POX Controller and Raspberry Pi 2 switches. We will present different case scenarios to demonstrate fine granular security policy enforcement with our architecture.

As networks expand in size and complexity, they pose greater administrative and management challenges. Software-defined networks (SDNs) offer a promising approach to meeting some of these challenges. In this paper, we propose a policy-driven security architecture for securing end-to-end services across multiple SDN domains. We develop a language-based approach to design security policies that are relevant for securing SDN services and communications. We describe the policy language and its use in specifying security policies to control the flow of information in a multi-domain SDN. We demonstrate the specification of fine-grained security policies based on a variety of attributes, such as parameters associated with users and devices/switches, context information, such as location and routing information, and services accessed in SDN as well as security attributes associated with the switches and controllers in different domains. An important feature of our architecture is its ability to specify path- and flow-based security policies that are significant for securing end-to-end services in SDNs. We describe the design and the implementation of our proposed policy-based security architecture and demonstrate its use in scenarios involving both intra- and inter-domain communications with multiple SDN controllers. We analyze the performance characteristics of our architecture as well as discuss how our architecture is able to counteract various security attacks. The dynamic security policy-based approach and the distribution of corresponding security capabilities intelligently as a service layer that enables flow-based security enforcement and protection of multitude of network devices against attacks are important contributions of this paper.

Cloud Security is of paramount importance in the new era of virtualization technology. Tenant Virtual Machine (VM) level security solutions can be easily evaded by modern attack techniques. Out-VM monitoring allows cloud administrator (CA) to monitor and control a VM from a secure location outside the VM. In this paper, we propose an out-VM monitoring based approach named as ‘Program Semantic-Aware Intrusion Detection at Network and Hypervisor Layer’ (PSI-NetVisor) to detect attacks in both network and virtualization layer in cloud. PSI-NetVisor performs network monitoring by employing behavior based intrusion detection approach (BIDA) at the network layer of centralized Cloud Network Server (CNS); providing the first level of defense from attacks. It incorporates semantic awareness in the intrusion detection approach and enables it to provide network monitoring and process monitoring at the hypervisor layer of Cloud Compute Server (CCoS); providing the second level of defense from attacks. PSI-NetVisor employs Virtual Machine Introspection (VMI) libraries based on software break point injection to extract process execution traces from hypervisor. It further applies depth first search (DFS) to construct program semantics from control flow graph of execution traces. It applies dynamic analysis and machine learning approaches to learn the behavior of anomalies which makes it secure from obfuscation and encryption based attacks. PSI-NetVisor has been validated with latest intrusion datasets (UNSW-NB & Evasive Malware) collected from research centers and results seem to be promising.

In this paper we make use of SDN for provisioning of Security as a Service (SECaaS) to the tenant and simplify the security management in cloud. We have developed a Security Application (SA) for the SDN Controller which is used for capturing the tenant security requirements and enforcing the related security policies for securing their virtual machines (VMs). We have developed a security policy specification language for enforcing TPM, Access Control and Intrusion Detection related security policies with the SA. Finally we present the prototype implementation of our approach and some performance results.

The Internet of Things (IoT) is increasingly being used in applications ranging from precision agriculture to critical national infrastructure by deploying a large number of resource-constrained devices in hostile environments. These devices are being exploited to launch attacks in cyber systems. As a result, security has become a significant concern in the design of IoT-based applications. In this article, we present a security architecture for IoT networks by leveraging the underlying features supported by software-defined networks (SDNs). Our security architecture not only restricts network access to authenticated IoT devices but also enforces fine granular policies to secure the flows in the IoT network infrastructure. The authentication is achieved using a lightweight protocol to authenticate IoT devices. Authorization is achieved using a dynamic policy driven approach. Such an integrated security approach involving authentication of IoT devices and enables authorized flows to protect IoT networks from malicious IoT devices and attacks. We have implemented and validated our architecture using ONOS SDN Controller and Raspbian Virtual Machines, and demonstrated how the proposed security mechanisms can counteract malware packet injection, DDoS attacks using Mirai, spoofing/masquerading, and man-in-the-middle attacks. An analysis of the security and performance of the proposed security mechanisms and their applications is presented in this article.

Today there are several health care related problems such as dementia and cancer with no possible cure. Hence there is considerable interest in the medical sectors and constant encouragement from the governments to make use of the latest technological advancements for supporting such patients. Software Defined Networking(SDN) is a promising technological advancement in the networking world. In this paper we propose techniques for making use of the SDN, Wireless LAN and wearable devices for secure monitoring of the patients with wandering behaviour in hospital environments. Our model makes use of the global network knowledge available at the SDN controller to deal with the attacks in WLAN and provide priority for real time location monitoring of the patients. We will also present the prototype implementation of our model using ONOS SDN controller and OpenFlow Access Points.

In this paper we propose techniques for securing big data environments such as public cloud with tenants using their virtual machines for different services such as utility and healthcare. Our model makes use of state based monitoring of the data sources for service specific detection of the attacks and offline traffic analysis of multiple data sources to detect attacks such as botnets.

In this paper we proposed policy based security architecture for securing the communication in multiple Autonomous System (AS) domains with Software Defined Networks (SDN). We will present a high level overview of the architecture and detail discussion on some of the important components for securing the communication in multiple AS domains. A key component of the security architecture is the specification of security policies that are to be enforced on the SDN communications whether they are intra or inter-domain. We will present example scenarios to demonstrate the operation of the security architecture to enable end-to-end secure communication within a single AS domain and for multiple AS domains. We have justified the model using ONOS controller.

In this paper, we propose techniques for securing the SDN controller and the switches from malicious end-host attacks. Our model makes use of trusted computing and introspection-based intrusion detection to deal with attacks in SDN. We have developed a security application for the SDN controller to validate the state of the switches in the data plane and enforce the security policies to monitor the virtual machines at system call level and detect attacks. We have developed a feature extraction method named vector of n-grams which represents the traces in an efficient way without losing the ordering of system calls. The flows from the malicious hosts are dropped before they are processed by the switches or forwarded to the SDN controller. Hence, our model protects the switches and the SDN controller from the attacks.

In this paper, we propose techniques and architecture for securing services that are hosted in a multi-tenant networked cloud infrastructures. Our architecture is based on trusted virtual domains and takes into account both security policies of the tenant domains as well as specific security policies of the virtual machines in the tenant domains. We describe techniques for detecting a range of attacks such as attacks between the virtual machines within a trusted virtual domain, attacks between the virtual machines in different domains, malicious insider attacks and attacks against specific services such as DNS, database and web servers within a domain. We address security policies for trusted virtual domain management such as secure addition and deletion of a virtual machine and the revocation of privileges associated with a virtual machine in a domain. We also discuss forensic analysis of attacks and fine granular detection of malicious entities and mechanisms for restoration of services. Furthermore the proposed architecture provides mechanisms for enhancing the assurance of communications between the virtual machines in different domains. Finally, we present the implementation of our security architecture using Xen and illustrate how our architecture is able to secure services in networked cloud infrastructures.

Cloud Computing is the key technology of today's cyber world which provides online provisioning of resources on demand and pay per use basis. Malware attacks such as virus, worm and rootkits etc. are some threats to virtual machines (VMs) in cloud environment. In this paper, we present a system call analysis approach to detect malware attacks which maliciously affect the legitimate programs running in Virtual Machines (VMs) and modify their behavior. Our approach is named as 'Malicious System Call Sequence Detection (MSCSD)' which is based on analysis of short sequence of system calls (n-grams). MSCSD employs an efficient feature representation method for system call patterns to improve the accuracy of attack detection and reduce the cost of storage with reduced false positives. MSCSD applies Machine Learning (Decision Tree C 4.5) over the collected n-gram patterns for learning the behavior of monitored programs and detecting malicious system call patterns in future. We have analyzed the performance of some other classifiers and compared our work with the existing work for securing virtual machine in cloud. A prototype implementation of the approach is carried out over UNM dataset and results seem to be promising.

The current mobile devices have become smart and are increasingly being used for conducting business and personal activities. Also, there is increasing number of attacks targeting such mobile devices. The term mobile botnet refers to group of mobile devices that are compromised and controlled by the attacker that can be used for generating distributed denial-of-service attacks. The security protocols that have been proposed for wireless and mobile networks have several weaknesses that can be exploited by the attacker to obtain unauthorized access and generate attacks. Also, there is growing number of malicious applications that are aimed to compromise smartphones and using them for generating different types of attacks. In this paper, we propose techniques to counteract distributed denial-of-service attacks on wireless mobile devices. We describe the operation and architectural components of our model. We will show that our model is able to efficiently deal with the attacks by dropping the attack traffic before it targets the victim mobile node, can prevent the attack traffic at the upstream nodes, and also deal with the attack cases that involve mobility of the attacking and victim nodes.

Enterprise networks are increasingly moving towards Software Defined Networking, which is becoming a major trend in the networking arena. With the increased popularity of SDN, there is a greater need for security measures for protecting the enterprise networks. This paper focuses on the design and implementation of an integrated security architecture for SDN based enterprise networks. The integrated security architecture uses a policy-based approach to coordinate different security mechanisms to detect and counteract a range of security attacks in the SDN. A distinguishing characteristic of the proposed architecture is its ability to deal with dynamic changes in the security attacks as well as changes in trust associated with the network devices in the infrastructure. The adaptability of the proposed architecture to dynamic changes is achieved by having feedback between the various security components/mechanisms in the architecture and managing them using a dynamic policy framework. The paper describes the prototype implementation of the proposed architecture and presents security and performance analysis for different attack scenarios. We believe that the proposed integrated security architecture provides a significant step towards achieving a secure SDN for enterprises.

Internet of Medical Things (IoMT) are getting popular in the smart healthcare domain. These devices are resource-constrained and are vulnerable to attack. As the IoMTs are connected to the healthcare network infrastructure, it becomes the primary target of the adversary due to weak security and privacy measures. In this regard, this paper proposes a security architecture for smart healthcare network infrastructures. The architecture uses various security components or services that are developed and deployed as virtual network functions. This makes the security architecture ready for future network frameworks such as OpenMANO. Besides, in this security architecture, only authenticated and trusted IoMTs serve the patients along with an encryption-based communication protocol, thus creating a secure, privacy-preserving and trusted healthcare network infrastructure.

Autonomous Networks has a potential to solve complex and critical management issues in large scale multi- technological networks. Further, the novel paradigms, i.e., Software-Defined Networks (SDN) and Network Function Vir- tualization (NFV) offer unique and attractive solutions for Autonomous Networks or Systems (AS). However, despite of these attractive features, we observed two critical issues in this interlinked multi-technology domain. Firstly, the network externality and nodes heterogeneity seriously effected the flow specific Quality of Service (QoS). Secondly, it influenced se- curity adoption in an network of interconnected nodes. We observed that QoS and security both are non-negligible and inter-dependent factors. This motivates us to investigate solution towards a) alleviating the SDN network heterogeneity at control layer, and b) to strengthen the network security after alleviating the heterogeneity. In this research effort, we have attempted to alleviate the first issue. Firstly, significant and reasonable examples have been cited to motivate researchers to study QoS and security hand-to-hand. Secondly, a theoretical high level frame work has been proposed with the aim to transform the N heterogeneous controllers to n homogeneous controller groups. Following this, we have demonstrated that our approximation method to transform heterogeneous systems to homogeneous groups works well even at high degree of heterogeneity in the network. We have shown our theoretical analysis results using Matlab. Following this, we have shown the Proof of Concept (PoC) of our approach in SDN-NFV ecosystem using Mininet. This early analysis will help researchers to address heterogeneity and security in more effective ways.

Cloud computing technologies are receiving a great deal of attention. Although there are several benefits with the cloud, attackers can also make use of the cloud infrastructure for hosting malicious services and generating different types of attacks. In this paper, we propose trust enhanced security techniques for securing tenant transactions in the cloud. Our model takes advantage of the features of trusted computing technology to enhance the design and enforcement of security policies and mechanisms in a cloud environment. Furthermore, the cloud service provider monitors the ongoing tenant transactions for different types of attacks and terminates the malicious transactions. Hence, our model can be used to enhance the security of tenant transactions in cloud.

In a cognitive radio network (CRN), energy detection is one of the most efficient spectrum sensing techniques for the protection of legacy spectrum users, with which the presence of primary users (PUs) can be detected promptly, allowing secondary users (SUs) to vacate the channels immediately. In this paper, we design a novel trust based energy detection model for CRNs. This model extends the widely used energy detection and employs the idea of a trust model to perform spectrum sensing in the CRN. In this model, trust among SUs is represented by opinion, which is an item derived from subjective logic. The opinions are dynamic and updated frequently: If one SU makes a correct decision, its opinion from other SUs' point of view can be increased. Otherwise, if an SU exhibits malicious behavior, it will be ultimately denied by the whole network. A trust recommendation is also designed to exchange trust information among SUs. The salient feature of our trust based energy detection model is that using trust relationships among SUs, this guarantees only reliable SUs will participate in generating a final result. This greatly reduces the computation overheads. Meanwhile, with neighbors' trust recommendations, a SU can make objective judgment about another SU's trustworthiness to maintain the whole system at a certain reliable level.

Cloud computing provides on demand provisioning of resources mostly offered as Infrastructure as a Service. The flexibility in services has opened doors for attackers. Research has been performed to detect various malware in the last few years. However, modern malware are advanced enough to detect the presence of virtualization environment, security analyzer, or even the hypervisor by observing the virtualization-specific information such as virtual processor features, timing features, etc. The malware exhibit evasive nature and can fool existing security solutions by performing modern antidetection tactics. In this paper, we propose an approach named as VMI-assisted evasion detection (VAED), deployed at virtual machine monitor, to detect the evasion-based malware attacks. The VAED is based on learning the program semantic of evasive malware. It uses system call dependency graph approach generated using Markov Chain principle and keeps track of system call ordering with transition probability distribution between each pair system calls. It uses software break point injection technique to extract the system call traces of evasive malware samples, which is free from any modification in hardware-specific values. Hence, it is secure from evasion attempts. The VAED is validated over evasive samples collected from the University of California on request, and results seem to be promising .

Cloud security is of paramount importance in the new era of computing. Advanced malware can hide their behavior on detection of the presence of a security tool at a tenant virtual machine (TVM). Hence, TVM-layer security solutions are not reliable. In this paper, we propose a Virtual Machine Introspection (VMI) based security architecture design for fine granular monitoring of the virtual machines to detect known attacks and their variants. We have developed techniques for monitoring the TVMs at the process level and system call level to detect attacks such as those based on malicious hidden processes, attacks that disable security tools in the virtual machines and attacks that alter the behavior of legitimate applications to access sensitive data. Our architecture, VMGuard, utilizes the introspection feature at the VMM-layer to analyze system call traces of programs running on TVM. VMGuard applies the software breakpoint injection technique which is OS agnostic and can be used to trap the execution of programs. Motivated by text mining approaches, VMGuard provides `Bag of n-grams (BonG)' approach integrated with Term Frequency-Inverse Document Frequency (TF-IDF) method, to extract and select features of normal and attack traces. It then applies the Random Forest classifier to produce a generic behavior for different categories of intrusions of the monitored TVM. We have implemented a prototype and conducted a detailed analysis using University of New Mexico (UNM) datasets and a Windows malware dataset obtained from the University of California. The results obtained are promising and demonstrate the applicability of the VMGuard. We compare VMGuard with existing techniques and discuss its advantages.