The Challenges, Gaps and Future Trends: Network Security

Deris Stiawan. Ph.D (C|EH. C|HFI)

Communication Network and Security Research Lab (COMNETS)

Faculty of Computer Science Universitas Sriwijaya

www.comnets.unsri.ac.id

@2014

1. Network Attack

• Existing dataset or developing the data

• Analysis of attack – How to sniffing and read the packet from RAW

data

– Classification, Clustering and statistical of data

• How to extraction the data to – Features extraction and selection the raw data to

human readable

• Alert management / correlation – How to analysis, compare and process of alert

Attack Pattern (sample) Sc

ann

ing

Bru

te F

orc

e D

oS

Windows Server 2003

Freebsd

Linux Redhat

(www.pcrg-utm.org/dataset)

10.10.10.15, 10.10.10.20 (Attacker’s) 10.10.10.10.5 (Redhat), 10.10.10.10 (FreeBsd), 10.10.10.25 (Windows Server 2003)

Normal & Attack Traffic

DoS Normal / Attack ?

Normal Access: Web 2.0 ( Video, Blog, Chat)

Penetration Testing: Probe: Scanning, Network Mapping U2R: Rooting, Escalating Privilege R2L: Malware, SQL Injection, ARP Man in the Middle Attack DoS: ICMP Flooding

• Research opportunity ;

– Network Defense : Firewall, IDS / IPS (hybrid, accuracy, prediction, active, smart and extensible)

– Email protection, spam filtering, malware identification, etc

– Statistical data

– Clustering / classification data with Soft computing approach (SOM, PSO, AI, fuzzy, etc)

– The results : algorithm, method or systems

2. Forensic Investigator

• Existing dataset or developing our data • Mobile Device / Phone

– File system

• Network / Host – Analysis the worm, DoS, XSS, SQL injection attack – Log, traffic, alert, etc – RAM, Card, HD, File system (IOS, NTFS, HFS+, Ext, FAT, etc)

• Evidence – How to evidence the sources – How to find the malicious and analyzing the intrusion – How to get the old data, corrupted data, or erased data – Recover the data

Network forensics based on fuzzy logic and expert system Computer Communications, Volume 32, Issue 17, 15 November 2009, Pages 1881-1892 Niandong Liao, Shengfeng Tian, Tinghua Wang

• Research opportunity ;

– Expert in tools : FTK, ENCASE, etc

– Forensic in network

• Log system, log from host, etc

• File system: MBR, images, registry, kernel, etc

– Forensic in mobile phone

• SIM Card, RIM, RAM, Phone contact

• Operating system: android, J2ME, etc

• Messages, history log, firware,

3. Cloud Computing

• Development of previously technology

– Grid computing, Distributed Systems, ASP (Application Service Provider)

– Service Oriented Architecture (SOA)

– Web services : XML, Jason, WSDL, J2ME, Cross platform, etc

– Mobile computing, real time

A survey on security issues in service delivery models of cloud computing Journal of Network and Computer Applications, Volume 34, Issue 1, January 2011, Pages 1-11 S. Subashini, V. Kavitha

A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing Future Generation Computer Systems, Volume 28, Issue 6, June 2012, Pages 833-851 Md. Tanzim Khorshed, A.B.M. Shawkat Ali, Saleh A. Wasimi

Addressing cloud computing security issues Future Generation Computer Systems, Volume 28, Issue 3, March 2012, Pages 583-592 Dimitrios Zissis, Dimitrios Lekkas

• Security question by Dawei Sun et al. – how to provide safety mechanisms, – how to keep data confidentiality for all the individual and

sensitive information, – how to avoid malicious insiders illegal operation under the

general lack of transparency into provider process and procedure environments,

– how to avoid service hijacking, where phishing, fraud and exploitation are well known issues in IT,

– how to management multi-instance in multi-tenancy virtual environments,

– how to develop appropriate law and implement legal jurisdiction

Surveying and Analyzing Security, Privacy and Trust Issues in Cloud Computing Environments Procedia Engineering, Volume 15, 2011, Pages 2852-2856 Dawei Sun, Guiran Chang, Lina Sun, Xingwei Wang

• According Dawei Sun et al. Privacy Issue : – how to make users remain control over their data

when it is stored and processed in cloud

– how to guarantee data replications in a jurisdiction and consistent state

– which party is responsible for ensuring legal requirements for personal information,

– what extent cloud sub-contractors involved in processing can be properly identified, checked and ascertained.

• Research opportunity ; – Security sides :

• Infrastructure as a services

• Hardware as a services

– Surveying and Analyzing Security, Privacy and Trust

– Integrity: Certificate Authority, Certificate digital, PKI, ISAKMP, LDAP, etc

– QoS: Session key, Scheduling algorithm,

– Authentication method: physical, AAA, RADIUS

4. Heterogeneous Network

• Integrated and combined the “cloud” • Unified communication: voice, images and video

multicast • Integrated mobile tech, real time and reliable • Quality of services & cross platform

– traffic, bandwidth, services, etc

• Broker’s as a middleware, to connected the node to cloud

• How to management it (monitoring, access and control)

Capability adaptation algorithm based on joint network and terminal selection inheterogeneous networks The Journal of China Universities of Posts and Telecommunications, Volume 18, Supplement 1,September 2011, Pages 76-82

Resource competition in a converged heterogeneous networking Computer Networks, Volume 55, Issue 7, 16 May 2011, Pages 1549-1559 Abbas Jamalipour, Farshad Javadi, Kumudu S. Munasinghe

• Research opportunity ;

– Develop a topology of network to create the dataset, combining technology of Cloud, wireless and mobile

– SLA

– Protocol : integrated IPv4 – IPv6 & how to integrated the devices with heterogeneous network

– Result : the new system, improved from existing, implementation framework based on open sources

5. Network Graph

• How to shows the vulnerability for dynamic attacks

• Graph the correlation and interconnections

• Easy to manages and maintenance network

• Extensible and hybrid

Network analysis of temporal trends in scholarly research productivity Journal of Informetrics, Volume 6, Issue 1, January 2012, Pages 97-110 Hyoungshick Kim, Ji Won Yoon, Jon Crowcroft

Fast detection and visualization of network attacks on parallel Computers & Security, Volume 28, Issue 5, July 2009, Pages 276-288 Hyunsang Choi, Heejo Lee, Hyogon Kim

• Research opportunity ;

– Graph based on bayesian, SOM, etc

– Socket programming, tools matlab, etc

– Graph of DoS, malware, scanning attack

6. Network Management

• Unified Threat Management

• Early system & monitoring for security officer = network monitoring center / network operating center

• How to get SNMP from different devices

• Research opportunity ;

– One stop monitoring & management network

• Tools : Netflow, MRTG, OPManager, the dude

– Integrated network management and control

– Network coordinate, analytic & behavior based on soft computing

7. Big Data Processing

• Networking: Capturing, storing, processing packet data in real-time / online traffic

• Data analytic in GB / TB of Data

• Grid / Parallel / distributed computing – Extract

– Reduce

– Optimized

– Search

• Requirement: Python or Java

8. Internet of Things

• Semantically means ‘‘a world-wide network of interconnected objects uniquely addressable, based on standard communication protocols

• Is not just wireless communications

• The basic idea of this concept is the pervasive presence around us of a variety of things or objects : RFID, tags, sensors, actuators, mobile phones, etc

Luigi Atzori , et al. The Internet of Things: A survey, Computer Networks 54 (2010) 2787–2805

Mu-Sheng Lin, et al. Zigbee-based Internet of Things in 3D Terrains. Computers and Electrical Engineering 39 (2013) 1667–1683

• Research Opportunity