An Evaluation of Text Mining Techniques in Sampling of Network Ports from IBR Traffic
- Chindipha, Stones D, Irwin, Barry V W, Herbert, Alan
- Authors: Chindipha, Stones D , Irwin, Barry V W , Herbert, Alan
- Date: 2019
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427630 , vital:72452 , https://www.researchgate.net/profile/Stones-Chindi-pha/publication/335910179_An_Evaluation_of_Text_Mining_Techniques_in_Sampling_of_Network_Ports_from_IBR_Traffic/links/5d833084458515cbd1985a38/An-Evaluation-of-Text-Mining-Techniques-in-Sampling-of-Network-Ports-from-IBR-Traffic.pdf
- Description: Information retrieval (IR) has had techniques that have been used to gauge the extent to which certain keywords can be retrieved from a document. These techniques have been used to measure similarities in duplicated images, native language identification, optimize algorithms, among others. With this notion, this study proposes the use of four of the Information Retrieval Techniques (IRT/IR) to gauge the implications of sampling a/24 IPv4 ports into smaller subnet equivalents. Using IR, this paper shows how the ports found in a/24 IPv4 net-block relate to those found in the smaller subnet equivalents. Using Internet Background Radiation (IBR) data that was collected from Rhodes University, the study found compelling evidence of the viability of using such techniques in sampling datasets. Essentially, being able to identify the variation that comes with sampling the baseline dataset. It shows how the various samples are similar to the baseline dataset. The correlation observed in the scores proves how viable these techniques are to quantifying variations in the sampling of IBR data. In this way, one can identify which subnet equivalent best represents the unique ports found in the baseline dataset (IPv4 net-block dataset).
- Full Text:
- Date Issued: 2019
- Authors: Chindipha, Stones D , Irwin, Barry V W , Herbert, Alan
- Date: 2019
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427630 , vital:72452 , https://www.researchgate.net/profile/Stones-Chindi-pha/publication/335910179_An_Evaluation_of_Text_Mining_Techniques_in_Sampling_of_Network_Ports_from_IBR_Traffic/links/5d833084458515cbd1985a38/An-Evaluation-of-Text-Mining-Techniques-in-Sampling-of-Network-Ports-from-IBR-Traffic.pdf
- Description: Information retrieval (IR) has had techniques that have been used to gauge the extent to which certain keywords can be retrieved from a document. These techniques have been used to measure similarities in duplicated images, native language identification, optimize algorithms, among others. With this notion, this study proposes the use of four of the Information Retrieval Techniques (IRT/IR) to gauge the implications of sampling a/24 IPv4 ports into smaller subnet equivalents. Using IR, this paper shows how the ports found in a/24 IPv4 net-block relate to those found in the smaller subnet equivalents. Using Internet Background Radiation (IBR) data that was collected from Rhodes University, the study found compelling evidence of the viability of using such techniques in sampling datasets. Essentially, being able to identify the variation that comes with sampling the baseline dataset. It shows how the various samples are similar to the baseline dataset. The correlation observed in the scores proves how viable these techniques are to quantifying variations in the sampling of IBR data. In this way, one can identify which subnet equivalent best represents the unique ports found in the baseline dataset (IPv4 net-block dataset).
- Full Text:
- Date Issued: 2019
JSON schema for attribute-based access control for network resource security
- Linklater, Gregory, Smith, Christian, Connan, James, Herbert, Alan, Irwin, Barry V W
- Authors: Linklater, Gregory , Smith, Christian , Connan, James , Herbert, Alan , Irwin, Barry V W
- Date: 2017
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428368 , vital:72506 , https://researchspace.csir.co.za/dspace/bitstream/handle/10204/9820/Linklater_19660_2017.pdf?sequence=1andisAllowed=y
- Description: Attribute-based Access Control (ABAC) is an access control model where authorization for an action on a resource is determined by evalu-ating attributes of the subject, resource (object) and environment. The attributes are evaluated against boolean rules of varying complexity. ABAC rule languages are often based on serializable object modeling and schema languages as in the case of XACML which is based on XML Schema. XACML is a standard by OASIS, and is the current de facto standard for ABAC. While a JSON profile for XACML exists, it is simply a compatibility layer for using JSON in XACML which caters to the XML object model paradigm, as opposed to the JSON object model paradigm. This research proposes JSON Schema as a modeling lan-guage that caters to the JSON object model paradigm on which to base an ABAC rule language. It continues to demonstrate its viability for the task by comparison against the features provided to XACML by XML Schema.
- Full Text:
- Date Issued: 2017
- Authors: Linklater, Gregory , Smith, Christian , Connan, James , Herbert, Alan , Irwin, Barry V W
- Date: 2017
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428368 , vital:72506 , https://researchspace.csir.co.za/dspace/bitstream/handle/10204/9820/Linklater_19660_2017.pdf?sequence=1andisAllowed=y
- Description: Attribute-based Access Control (ABAC) is an access control model where authorization for an action on a resource is determined by evalu-ating attributes of the subject, resource (object) and environment. The attributes are evaluated against boolean rules of varying complexity. ABAC rule languages are often based on serializable object modeling and schema languages as in the case of XACML which is based on XML Schema. XACML is a standard by OASIS, and is the current de facto standard for ABAC. While a JSON profile for XACML exists, it is simply a compatibility layer for using JSON in XACML which caters to the XML object model paradigm, as opposed to the JSON object model paradigm. This research proposes JSON Schema as a modeling lan-guage that caters to the JSON object model paradigm on which to base an ABAC rule language. It continues to demonstrate its viability for the task by comparison against the features provided to XACML by XML Schema.
- Full Text:
- Date Issued: 2017
Weems: An extensible HTTP honeypot
- Pearson, Deon, Irwin, Barry V W, Herbert, Alan
- Authors: Pearson, Deon , Irwin, Barry V W , Herbert, Alan
- Date: 2017
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428396 , vital:72508 , https://researchspace.csir.co.za/dspace/bitstream/handle/10204/9691/Pearson_19652_2017.pdf?sequence=1andisAllowed=y
- Description: Malicious entities are constantly trying their luck at exploiting known vulnera-bilities in web services, in an attempt to gain access to resources unauthor-ized access to resources. For this reason security specialists deploy various network defenses with the goal preventing these threats; one such tool used are web based honeypots. Historically a honeypot will be deployed facing the Internet to masquerade as a live system with the intention of attracting at-tackers away from the valuable data. Researchers adapted these honeypots and turned them into a platform to allow for the studying and understanding of web attacks and threats on the Internet. Having the ability to develop a honeypot to replicate a specific service meant researchers can now study the behavior patterns of threats, thus giving a better understanding of how to de-fend against them. This paper discusses a high-level design and implemen-tation of Weems, a low-interaction web based modular HTTP honeypot sys-tem. It also presents results obtained from various deployments over a period of time and what can be interpreted from these results.
- Full Text:
- Date Issued: 2017
- Authors: Pearson, Deon , Irwin, Barry V W , Herbert, Alan
- Date: 2017
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/428396 , vital:72508 , https://researchspace.csir.co.za/dspace/bitstream/handle/10204/9691/Pearson_19652_2017.pdf?sequence=1andisAllowed=y
- Description: Malicious entities are constantly trying their luck at exploiting known vulnera-bilities in web services, in an attempt to gain access to resources unauthor-ized access to resources. For this reason security specialists deploy various network defenses with the goal preventing these threats; one such tool used are web based honeypots. Historically a honeypot will be deployed facing the Internet to masquerade as a live system with the intention of attracting at-tackers away from the valuable data. Researchers adapted these honeypots and turned them into a platform to allow for the studying and understanding of web attacks and threats on the Internet. Having the ability to develop a honeypot to replicate a specific service meant researchers can now study the behavior patterns of threats, thus giving a better understanding of how to de-fend against them. This paper discusses a high-level design and implemen-tation of Weems, a low-interaction web based modular HTTP honeypot sys-tem. It also presents results obtained from various deployments over a period of time and what can be interpreted from these results.
- Full Text:
- Date Issued: 2017
FPGA Based Implementation of a High Performance Scalable NetFlow Filter
- Herbert, Alan, Irwin, Barry V W, Otten, D F, Balmahoon, M R
- Authors: Herbert, Alan , Irwin, Barry V W , Otten, D F , Balmahoon, M R
- Date: 2015
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427887 , vital:72470 , https://www.researchgate.net/profile/Barry-Ir-win/publication/327622948_FPGA_Based_Implementation_of_a_High_Perfor-mance_Scalable_NetFlow_Filter/links/5b9a17a192851c4ba8181ba5/FPGA-Based-Implementation-of-a-High-Performance-Scalable-NetFlow-Filter.pdf
- Description: Full packet analysis on firewalls and intrusion detection, although effec-tive, has been found in recent times to be detrimental to the overall per-formance of networks that receive large volumes of throughput. For this reason partial packet analysis algorithms such as the NetFlow protocol have emerged to better mitigate these bottlenecks. This research delves into implementing a hardware accelerated, scalable, high per-formance system for NetFlow analysis and attack mitigation. Further-more, this implementation takes on attack mitigation through collection and processing of network flows produced at the source, rather than at the site of incident. This research platform manages to scale out its back-end through dis-tributed analysis over multiple hosts using the ZeroMQ toolset. Fur-thermore, ZeroMQ allows for multiple NetFlow data publishers, so that plug-ins can subscribe to the publishers that contain the relevant data to further increase the overall performance of the system. The dedicat-ed custom hardware optimizes the received network flows through cleaning, summarization and re-ordering into an easy to pass form when given to the sequential component of the system; this being the back-end.
- Full Text:
- Date Issued: 2015
- Authors: Herbert, Alan , Irwin, Barry V W , Otten, D F , Balmahoon, M R
- Date: 2015
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/427887 , vital:72470 , https://www.researchgate.net/profile/Barry-Ir-win/publication/327622948_FPGA_Based_Implementation_of_a_High_Perfor-mance_Scalable_NetFlow_Filter/links/5b9a17a192851c4ba8181ba5/FPGA-Based-Implementation-of-a-High-Performance-Scalable-NetFlow-Filter.pdf
- Description: Full packet analysis on firewalls and intrusion detection, although effec-tive, has been found in recent times to be detrimental to the overall per-formance of networks that receive large volumes of throughput. For this reason partial packet analysis algorithms such as the NetFlow protocol have emerged to better mitigate these bottlenecks. This research delves into implementing a hardware accelerated, scalable, high per-formance system for NetFlow analysis and attack mitigation. Further-more, this implementation takes on attack mitigation through collection and processing of network flows produced at the source, rather than at the site of incident. This research platform manages to scale out its back-end through dis-tributed analysis over multiple hosts using the ZeroMQ toolset. Fur-thermore, ZeroMQ allows for multiple NetFlow data publishers, so that plug-ins can subscribe to the publishers that contain the relevant data to further increase the overall performance of the system. The dedicat-ed custom hardware optimizes the received network flows through cleaning, summarization and re-ordering into an easy to pass form when given to the sequential component of the system; this being the back-end.
- Full Text:
- Date Issued: 2015
- «
- ‹
- 1
- ›
- »