Current Search: Computer networks -- Security measures (x)
View All Items
Pages
- Title
- Properties of Static and Mobile Unreliable Networks and their effects on Combating Malicious Objects.
- Creator
- Ruocco, John, Wu, Jie, Florida Atlantic University, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
Wireless sensor networks or WSNs continually become more common in todays world. They are able to give us a constant view into the world as they gather information and make this information more readily available. The infonnation these networks gather and contain is valuable and protecting it is of great importance. Today more and more devices are becoming wireless and mobile. This is allowing for very diverse networks to be created and they are constantly changing. Nodes in these networks...
Show moreWireless sensor networks or WSNs continually become more common in todays world. They are able to give us a constant view into the world as they gather information and make this information more readily available. The infonnation these networks gather and contain is valuable and protecting it is of great importance. Today more and more devices are becoming wireless and mobile. This is allowing for very diverse networks to be created and they are constantly changing. Nodes in these networks are either moving to different positions or going offi ine which constantly changes the overall layout of the network. With this increasing connectivity of today's devices this opens the door for possibility for these types of networks to become targets by malicious objects designed to bring harm to the network. Many unre liable networks already face many problems such as having to optimize battety life and being deployed in areas where they can be damaged. A malicious object in this type of network has the power to destroy data and deplete the networks limited resources such as bandwidth and power. Removal of these malicious objects can also have a negative effect on these limited resources. We must find a way to remove these malicious objects in a way that minimizes loss to the network. In this paper we will look at the information survival threshold of these types of networks. Certain controllable parameters exist that directly impact the survival rate of all data in the network. We will combine this with the addition our own self-replicating objects to the network designed to neutralize their malicious counterparts. We will examine these information survival threshold parameters along with specific parameters available to the network. We shall see how these parameters affect overall survival of data in the network and their impact on our own good data.
Show less - Date Issued
- 2008
- PURL
- http://purl.flvc.org/fau/fd/FA00012545
- Subject Headings
- Wireless communication systems--Security measures, Computer network protocols, Computer security, Computer networks--Security measures
- Format
- Document (PDF)
- Title
- A utility-based routing scheme in multi-hop wireless networks.
- Creator
- Lu, Mingming., College of Engineering and Computer Science, Florida Atlantic University, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
Multi-hop wireless networks are infrastructure-less networks consisting of mobile or stationary wireless devices, which include multi-hop wireless mesh networks and multi-hop wireless sensor networks. These networks are characterized by limited bandwidth and energy resources, unreliable communication, and a lack of central control. These characteristics lead to the research challenges of multi-hop wireless networks. Building up routing schemes with good balance among the routing QoS (such as...
Show moreMulti-hop wireless networks are infrastructure-less networks consisting of mobile or stationary wireless devices, which include multi-hop wireless mesh networks and multi-hop wireless sensor networks. These networks are characterized by limited bandwidth and energy resources, unreliable communication, and a lack of central control. These characteristics lead to the research challenges of multi-hop wireless networks. Building up routing schemes with good balance among the routing QoS (such as reliability, cost, and delay) is a paramount concern to achieve high performance wireless networks. These QoS metrics are internally correlated. Most existing works did not fully utilize this correlation. We design a metric to balance the trade-off between reliability and cost, and build up a framework of utility-based routing model in multi-hop wireless networks. This dissertation focuses on the variations with applications of utility-based routing models, designing new concepts, and developing new algorithms for them. A review of existing routing algorithms and the basic utility-based routing model for multi-hop wireless networks has been provided at the beginning. An efficient algorithm, called MaxUtility, has been proposed for the basic utility-based routing model. MaxUtility is an optimal algorithm that can find the best routing path with the maximum expected utility., Various utility-based routing models are extended to further enhance the routing reliability while reducing the routing overhead. Besides computing the optimal path for a given benefit value and a given source-destination pair, the utility-based routing can be further extended to compute all optimal paths for all possible benefit values and/or all source-destination pairs. Our utility-based routing can also adapt to different applications and various environments. In the self-organized environment, where network users are selfish, we design a truthful routing, where selfish users have to tell the truth in order to maximize their utilities. We apply our utility-based routing scheme to the data-gathering wireless sensor networks, where a routing scheme is required to transmit data sensed by multiple sensor nodes to a common sink node.
Show less - Date Issued
- 2008
- PURL
- http://purl.flvc.org/FAU/77647
- Subject Headings
- Wireless communication systems, Security measures, Computer network protocols, Computer algorithms, Computer networks, Security measures
- Format
- Document (PDF)
- Title
- Design and analysis of key establishment protocols.
- Creator
- Neupane, Kashi., Charles E. Schmidt College of Science, Department of Mathematical Sciences
- Abstract/Description
-
Consider a scenario where a server S shares a symmetric key kU with each user U. Building on a 2-party solution of Bohli et al., we describe an authenticated 3-party key establishment which remains secure if a computational Bilinear Diffie Hellman problem is hard or the server is uncorrupted. If the BDH assumption holds during a protocol execution, but is invalidated later, entity authentication and integrity of the protocol are still guaranteed. Key establishment protocols based on hardness...
Show moreConsider a scenario where a server S shares a symmetric key kU with each user U. Building on a 2-party solution of Bohli et al., we describe an authenticated 3-party key establishment which remains secure if a computational Bilinear Diffie Hellman problem is hard or the server is uncorrupted. If the BDH assumption holds during a protocol execution, but is invalidated later, entity authentication and integrity of the protocol are still guaranteed. Key establishment protocols based on hardness assumptions, such as discrete logarithm problem (DLP) and integer factorization problem (IFP) are vulnerable to quantum computer attacks, whereas the protocols based on other hardness assumptions, such as conjugacy search problem and decomposition search problem can resist such attacks. The existing protocols based on the hardness assumptions which can resist quantum computer attacks are only passively secure. Compilers are used to convert a passively secure protocol to an actively secure protoc ol. Compilers involve some tools such as, signature scheme and a collision-resistant hash function. If there are only passively secure protocols but not a signature scheme based on same assumption then the application of existing compilers requires the use of such tools based on different assumptions. But the introduction of new tools, based on different assumptions, makes the new actively secure protocol rely on more than one hardness assumptions. We offer an approach to derive an actively secure two-party protocol from a passively secure two-party protocol without introducing further hardness assumptions. This serves as a useful formal tool to transform any basic algebric method of public key cryptography to the real world applicaticable cryptographic scheme. In a recent preprint, Vivek et al. propose a compiler to transform a passively secure 3-party key establishment to a passively secure group key establishment. To achieve active security, they apply this compiler to Joux's, protoc ol and apply a construction by Katz and Yung, resulting in a 3-round group key establishment. In this reserach, we show how Joux's protocol can be extended to an actively secure group key establishment with two rounds. The resulting solution is in the standard model, builds on a bilinear Diffie-Hellman assumption and offers forward security as well as strong entity authentication. If strong entity authentication is not required, then one half of the participants does not have to send any message in the second round, which may be of interest for scenarios where communication efficiency is a main concern.
Show less - Date Issued
- 2012
- PURL
- http://purl.flvc.org/FAU/3342239
- Subject Headings
- Computer networks, Security measures, Computer network protocols, Data encryption (Computer science), Public key infrastructure (Computer security)
- Format
- Document (PDF)
- Title
- Data mining heuristic-¬based malware detection for android applications.
- Creator
- Peiravian, Naser, Zhu, Xingquan, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
The Google Android mobile phone platform is one of the dominant smartphone operating systems on the market. The open source Android platform allows developers to take full advantage of the mobile operation system, but also raises significant issues related to malicious applications (Apps). The popularity of Android platform draws attention of many developers which also attracts the attention of cybercriminals to develop different kinds of malware to be inserted into the Google Android Market...
Show moreThe Google Android mobile phone platform is one of the dominant smartphone operating systems on the market. The open source Android platform allows developers to take full advantage of the mobile operation system, but also raises significant issues related to malicious applications (Apps). The popularity of Android platform draws attention of many developers which also attracts the attention of cybercriminals to develop different kinds of malware to be inserted into the Google Android Market or other third party markets as safe applications. In this thesis, we propose to combine permission, API (Application Program Interface) calls and function calls to build a Heuristic-Based framework for the detection of malicious Android Apps. In our design, the permission is extracted from each App’s profile information and the APIs are extracted from the packed App file by using packages and classes to represent API calls. By using permissions, API calls and function calls as features to characterize each of Apps, we can develop a classifier by data mining techniques to identify whether an App is potentially malicious or not. An inherent advantage of our method is that it does not need to involve any dynamic tracking of the system calls but only uses simple static analysis to find system functions from each App. In addition, Our Method can be generalized to all mobile applications due to the fact that APIs and function calls are always present for mobile Apps. Experiments on real-world Apps with more than 1200 malwares and 1200 benign samples validate the algorithm performance. Research paper published based on the work reported in this thesis: Naser Peiravian, Xingquan Zhu, Machine Learning for Android Malware Detection Using Permission and API Calls, in Proc. of the 25th IEEE International Conference on Tools with Artificial Intelligence (ICTAI) – Washington D.C, November 4-6, 2013.
Show less - Date Issued
- 2013
- PURL
- http://purl.flvc.org/fau/fd/FA0004045
- Subject Headings
- Computer networks -- Security measures, Data encryption (Computer science), Data structures (Computer science), Internet -- Security measures
- Format
- Document (PDF)
- Title
- Implementing security in an IP Multimedia Subsystem (IMS) next generation network - a case study.
- Creator
- Ortiz-Villajos, Jose M., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
The IP Multimedia Subsystem (IMS) has gone from just a step in the evolution of the GSM cellular architecture control core, to being the de-facto framework for Next Generation Network (NGN) implementations and deployments by operators world-wide, not only cellular mobile communications operators, but also fixed line, cable television, and alternative operators. With this transition from standards documents to the real world, engineers in these new multimedia communications companies need to...
Show moreThe IP Multimedia Subsystem (IMS) has gone from just a step in the evolution of the GSM cellular architecture control core, to being the de-facto framework for Next Generation Network (NGN) implementations and deployments by operators world-wide, not only cellular mobile communications operators, but also fixed line, cable television, and alternative operators. With this transition from standards documents to the real world, engineers in these new multimedia communications companies need to face the task of making these new networks secure against threats and real attacks that were not a part of the previous generation of networks. We present the IMS and other competing frameworks, we analyze the security issues, we present the topic of Security Patterns, we introduce several new patterns, including the basis for a Generic Network pattern, and we apply these concepts to designing a security architecture for a fictitious 3G operator using IMS for the control core.
Show less - Date Issued
- 2009
- PURL
- http://purl.flvc.org/FAU/186763
- Subject Headings
- Electronic digital computers, Programming, Computer networks, Security measures, TCP/IP (Computer network protocol), Security measures, Internet Protocol Multimedia Subsystem (IMS), Security measures, Multimedia communications, Security measures
- Format
- Document (PDF)
- Title
- Unifying the conceptual levels of network security through the use of patterns.
- Creator
- Kumar, Ajoy, Fernandez, Eduardo B., Florida Atlantic University, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
Network architectures are described by the International Standard for Organization (ISO), which contains seven layers. The internet uses four of these layers, of which three are of interest to us. These layers are Internet Protocol (IP) or Network Layer, Transport Layer and Application Layer. We need to protect against attacks that may come through any of these layers. In the world of network security, systems are plagued by various attacks, internal and external, and could result in Denial...
Show moreNetwork architectures are described by the International Standard for Organization (ISO), which contains seven layers. The internet uses four of these layers, of which three are of interest to us. These layers are Internet Protocol (IP) or Network Layer, Transport Layer and Application Layer. We need to protect against attacks that may come through any of these layers. In the world of network security, systems are plagued by various attacks, internal and external, and could result in Denial of Service (DoS) and/or other damaging effects. Such attacks and loss of service can be devastating for the users of the system. The implementation of security devices such as Firewalls and Intrusion Detection Systems (IDS), the protection of network traffic with Virtual Private Networks (VPNs), and the use of secure protocols for the layers are important to enhance the security at each of these layers.We have done a survey of the existing network security patterns and we have written the missing patterns. We have developed security patterns for abstract IDS, Behavior–based IDS and Rule-based IDS and as well as for Internet Protocol Security (IPSec) and Transport Layer Security (TLS) protocols. We have also identified the need for a VPN pattern and have developed security patterns for abstract VPN, an IPSec VPN and a TLS VPN. We also evaluated these patterns with respect to some aspects to simplify their application by system designers. We have tried to unify the security of the network layers using security patterns by tying in security patterns for network transmission, network protocols and network boundary devices.
Show less - Date Issued
- 2014
- PURL
- http://purl.flvc.org/fau/fd/FA00004132, http://purl.flvc.org/fau/fd/FA00004132
- Subject Headings
- Computer architecture, Computer network architectures, Computer network protocols, Computer network protocols, Computer networks -- Security measures, Expert systems (Computer science)
- Format
- Document (PDF)
- Title
- Reputation-based system for encouraging cooperation of nodes in mobile ad hoc networks.
- Creator
- Anantvalee, Tiranuch., Florida Atlantic University, Wu, Jie
- Abstract/Description
-
In a mobile ad hoc network, node cooperation in packet forwarding is required for the network to function properly. However, since nodes in this network usually have limited resources, some selfish nodes might intend not to forward packets to save resources for their own use. To discourage such behavior, we propose RMS, a reputation-based system, to detect selfish nodes and respond to them by showing that being cooperative will benefit there more than being selfish. We also detect, to some...
Show moreIn a mobile ad hoc network, node cooperation in packet forwarding is required for the network to function properly. However, since nodes in this network usually have limited resources, some selfish nodes might intend not to forward packets to save resources for their own use. To discourage such behavior, we propose RMS, a reputation-based system, to detect selfish nodes and respond to them by showing that being cooperative will benefit there more than being selfish. We also detect, to some degree, nodes who forward only the necessary amount of packets to avoid being detected as selfish. We introduce the use of a state model to decide what we should do or respond to nodes in each state. In addition, we introduce the use of a timing period to control when the reputation should be updated and to use as a timeout for each state. The simulation results show that RMS can identify selfish nodes and punish them accordingly, which provide selfish nodes with an incentive to behave more cooperatively.
Show less - Date Issued
- 2006
- PURL
- http://purl.flvc.org/fcla/dt/13406
- Subject Headings
- Computer networks--Security measures, Wireless communication systems, Routers (Computer networks), Computer network architectures
- Format
- Document (PDF)
- Title
- An Empirical Study of Ordinal and Non-ordinal Classification Algorithms for Intrusion Detection in WLANs.
- Creator
- Gopalakrishnan, Leelakrishnan, Khoshgoftaar, Taghi M., Florida Atlantic University
- Abstract/Description
-
Ordinal classification refers to an important category of real world problems, in which the attributes of the instances to be classified and the classes are linearly ordered. Many applications of machine learning frequently involve situations exhibiting an order among the different categories represented by the class attribute. In ordinal classification the class value is converted into a numeric quantity and regression algorithms are applied to the transformed data. The data is later...
Show moreOrdinal classification refers to an important category of real world problems, in which the attributes of the instances to be classified and the classes are linearly ordered. Many applications of machine learning frequently involve situations exhibiting an order among the different categories represented by the class attribute. In ordinal classification the class value is converted into a numeric quantity and regression algorithms are applied to the transformed data. The data is later translated back into a discrete class value in a postprocessing step. This thesis is devoted to an empirical study of ordinal and non-ordinal classification algorithms for intrusion detection in WLANs. We used ordinal classification in conjunction with nine classifiers for the experiments in this thesis. All classifiers are parts of the WEKA machinelearning workbench. The results indicate that most of the classifiers give similar or better results with ordinal classification compared to non-ordinal classification.
Show less - Date Issued
- 2006
- PURL
- http://purl.flvc.org/fau/fd/FA00012521
- Subject Headings
- Wireless LANs--Security measures, Computer networks--Security measures, Data structures (Computer science), Multivariate analysis
- Format
- Document (PDF)
- Title
- Evaluating indirect and direct classification techniques for network intrusion detection.
- Creator
- Ibrahim, Nawal H., Florida Atlantic University, Khoshgoftaar, Taghi M.
- Abstract/Description
-
Increasing aggressions through cyber terrorism pose a constant threat to information security in our day to day life. Implementing effective intrusion detection systems (IDSs) is an essential task due to the great dependence on networked computers for the operational control of various infrastructures. Building effective IDSs, unfortunately, has remained an elusive goal owing to the great technical challenges involved, and applied data mining techniques are increasingly being utilized in...
Show moreIncreasing aggressions through cyber terrorism pose a constant threat to information security in our day to day life. Implementing effective intrusion detection systems (IDSs) is an essential task due to the great dependence on networked computers for the operational control of various infrastructures. Building effective IDSs, unfortunately, has remained an elusive goal owing to the great technical challenges involved, and applied data mining techniques are increasingly being utilized in attempts to overcome the difficulties. This thesis presents a comparative study of the traditional "direct" approaches with the recently explored "indirect" approaches of classification which use class binarization and combiner techniques for intrusion detection. We evaluate and compare the performance of IDSs based on various data mining algorithms, in the context of a well known network intrusion evaluation data set. It is empirically shown that data mining algorithms when applied using the indirect classification approach yield better intrusion detection models.
Show less - Date Issued
- 2004
- PURL
- http://purl.flvc.org/fcla/dt/13128
- Subject Headings
- Computer networks--Security measures, Computer security, Software measurement, Data mining
- Format
- Document (PDF)
- Title
- Misuse Patterns for the SSL/TLS Protocol.
- Creator
- Alkazimi, Ali, Fernandez, Eduardo B., Florida Atlantic University, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
The SSL/TLS is the main protocol used to provide secure data connection between a client and a server. The main concern of using this protocol is to avoid the secure connection from being breached. Computer systems and their applications are becoming more complex and keeping these secure connections between all the connected components is a challenge. To avoid any new security flaws and protocol connections weaknesses, the SSL/TLS protocol is always releasing newer versions after discovering...
Show moreThe SSL/TLS is the main protocol used to provide secure data connection between a client and a server. The main concern of using this protocol is to avoid the secure connection from being breached. Computer systems and their applications are becoming more complex and keeping these secure connections between all the connected components is a challenge. To avoid any new security flaws and protocol connections weaknesses, the SSL/TLS protocol is always releasing newer versions after discovering security bugs and vulnerabilities in any of its previous version. We have described some of the common security flaws in the SSL/TLS protocol by identifying them in the literature and then by analyzing the activities from each of their use cases to find any possible threats. These threats are realized in the form of misuse cases to understand how an attack happens from the point of the attacker. This approach implies the development of some security patterns which will be added as a reference for designing secure systems using the SSL/TLS protocol. We finally evaluate its security level by using misuse patterns and considering the threat coverage of the models.
Show less - Date Issued
- 2017
- PURL
- http://purl.flvc.org/fau/fd/FA00004873, http://purl.flvc.org/fau/fd/FA00004873
- Subject Headings
- Computer networks--Security measures., Computer network protocols., Computer software--Development., Computer architecture.
- Format
- Document (PDF)
- Title
- Resource-sensitive intrusion detection models for network traffic.
- Creator
- Abushadi, Mohamed E., Florida Atlantic University, Khoshgoftaar, Taghi M.
- Abstract/Description
-
Network security is an important subject in today's extensively interconnected computer world. The industry, academic institutions, small and large businesses and even residences are now greatly at risk from the increasing onslaught of computer attacks. Such malicious efforts cause damage ranging from mere violation of confidentiality and issues of privacy up to actual financial loss if business operations are compromised, or even further, loss of human lives in the case of mission-critical...
Show moreNetwork security is an important subject in today's extensively interconnected computer world. The industry, academic institutions, small and large businesses and even residences are now greatly at risk from the increasing onslaught of computer attacks. Such malicious efforts cause damage ranging from mere violation of confidentiality and issues of privacy up to actual financial loss if business operations are compromised, or even further, loss of human lives in the case of mission-critical networked computer applications. Intrusion Detection Systems (IDS) have been used along with the help of data mining modeling efforts to detect intruders, yet with the limitation of organizational resources it is unreasonable to inspect every network alarm raised by the IDS. Modified Expected Cost of Misclassification ( MECM) is a model selection measure that is resource-aware and cost-sensitive at the same time, and has proven to be effective for the identification of the best resource-based intrusion detection model.
Show less - Date Issued
- 2003
- PURL
- http://purl.flvc.org/fcla/dt/13054
- Subject Headings
- Computer networks--Security measures--Automation, Computers--Access control, Data mining, Computer security
- Format
- Document (PDF)
- Title
- Techniques for combining binary classifiers: A comparative study in network intrusion detection systems.
- Creator
- Lin, Hua., Florida Atlantic University, Khoshgoftaar, Taghi M., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
We discuss a set of indirect combining techniques for addressing multi-category classification problems that have been used in many domains, but not for intrusion detection systems. In contrast to the indirect combining techniques, direct techniques generally extend associated binary classifiers to handle multi-category classification problems. An indirect combining technique decomposes the original multi-category problem into, based on some criteria, multiple binary-category problems. We...
Show moreWe discuss a set of indirect combining techniques for addressing multi-category classification problems that have been used in many domains, but not for intrusion detection systems. In contrast to the indirect combining techniques, direct techniques generally extend associated binary classifiers to handle multi-category classification problems. An indirect combining technique decomposes the original multi-category problem into, based on some criteria, multiple binary-category problems. We investigated two different approaches for building the binary classifiers. The results of the binary classifiers are then merged using a combining technique---three different combining techniques were studied. We implement some of the indirect combining techniques proposed in recent literature, and apply them to a case study of the DARPA KDD-1999 network intrusion detection project. The results demonstrate the usefulness of using indirect combining techniques for the multi-category classification problem of intrusion detection systems.
Show less - Date Issued
- 2004
- PURL
- http://purl.flvc.org/fcla/dt/13111
- Subject Headings
- Computer networks--Security measures, Computer security, Computers--Access control, Electronic countermeasures, Fuzzy systems
- Format
- Document (PDF)
- Title
- Fuzzy vault fingerprint cryptography: Experimental and simulation studies.
- Creator
- Kotlarchyk, Alex J., Florida Atlantic University, Pandya, Abhijit S., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
The fuzzy vault scheme introduced by Juels and Sudan [Jue02] was implemented in a fingerprint cryptography system using COTS software. This system proved to be unsuccessful. Failure analysis led to a series of simulations to investigate the parameters and system thresholds necessary for such a system to perform adequately and as guidance for constructing similar systems in the future. First, a discussion of the role of biometrics in data security and cryptography is presented, followed by a...
Show moreThe fuzzy vault scheme introduced by Juels and Sudan [Jue02] was implemented in a fingerprint cryptography system using COTS software. This system proved to be unsuccessful. Failure analysis led to a series of simulations to investigate the parameters and system thresholds necessary for such a system to perform adequately and as guidance for constructing similar systems in the future. First, a discussion of the role of biometrics in data security and cryptography is presented, followed by a review of the key developments leading to the development of the fuzzy vault scheme. The relevant mathematics and algorithms are briefly explained. This is followed by a detailed description of the implementation and simulation of the fuzzy vault scheme. Finally, conclusions drawn from analysis of the results of this research are presented.
Show less - Date Issued
- 2006
- PURL
- http://purl.flvc.org/fcla/dt/13360
- Subject Headings
- Computer networks--Security measures, Computer security, Data encryption (Computer science)
- Format
- Document (PDF)
- Title
- Web-based wireless sensor network monitoring using smartphones.
- Creator
- Marcus, Anthony M., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
This thesis consists of the development of a web based wireless sensor network (WSN) monitoring system using smartphones. Typical WSNs consist of networks of wireless sensor nodes dispersed over predetermined areas to acquire, process, and transmit data from these locations. Often it is the case that the WSNs are located in areas too hazardous or inaccessible to humans. We focused on the need for access to this sensed data remotely and present our reference architecture to solve this problem....
Show moreThis thesis consists of the development of a web based wireless sensor network (WSN) monitoring system using smartphones. Typical WSNs consist of networks of wireless sensor nodes dispersed over predetermined areas to acquire, process, and transmit data from these locations. Often it is the case that the WSNs are located in areas too hazardous or inaccessible to humans. We focused on the need for access to this sensed data remotely and present our reference architecture to solve this problem. We developed this architecture for web-based wireless sensor network monitoring and have implemented a prototype that uses Crossbow Mica sensors and Android smartphones for bridging the wireless sensor network with the web services for data storage and retrieval. Our application has the ability to retrieve sensed data directly from a wireless senor network composed of Mica sensors and from a smartphones onboard sensors. The data is displayed on the phone's screen, and then, via Internet connection, they are forwarded to a remote database for manipulation and storage. The attributes sensed and stored by our application are temperature, light, acceleration, GPS position, and geographical direction. Authorized personnel are able to retrieve and observe this data both textually and graphically from any browser with Internet connectivity or through a native Android application. Web-based wireless sensor network architectures using smartphones provides a scalable and expandable solution with applicability in many areas, such as healthcare, environmental monitoring, infrastructure health monitoring, border security, and others.
Show less - Date Issued
- 2011
- PURL
- http://purl.flvc.org/FAU/3171682
- Subject Headings
- Smartphones, Wireless communication systems, Security measures, Wireless communication systems, Technological innovations, Computer networks, Security measures, Ad hoc networks (Computer networks), Security measures
- Format
- Document (PDF)
- Title
- Secure routing in wireless sensor networks.
- Creator
- Ibriq, Jamil, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
This research addresses communication security in the highly constrained wireless sensor environment. The goal of the research is twofold: (1) to develop a key management scheme that provides these constrained systems with the basic security requirements and evaluate its effectiveness in terms of scalability, efficiency, resiliency, connectivity, and flexibility, and (2) to implement this scheme on an appropriate routing platform and measure its efficiency., The proposed key management scheme...
Show moreThis research addresses communication security in the highly constrained wireless sensor environment. The goal of the research is twofold: (1) to develop a key management scheme that provides these constrained systems with the basic security requirements and evaluate its effectiveness in terms of scalability, efficiency, resiliency, connectivity, and flexibility, and (2) to implement this scheme on an appropriate routing platform and measure its efficiency., The proposed key management scheme is called Hierarchical Key Establishment Scheme (HIKES). In HIKES, the base station, acting as the central trust authority, empowers randomly selected sensors to act as local trust authorities, authenticating on its behalf the cluster members and issuing to them all secret keys necessary to secure their communications. HIKES uses a novel key escrow scheme that enables any sensor node selected as a cluster head to generate all the cryptographic keys needed to authenticate other sensors within its cluster. This scheme localizes secret key issuance and reduces the communication cost with the base station. The key escrow scheme also provides the HIKES with as large an addressing mechanism as needed. HIKES also provides a one-step broadcast authentication mechanism. HIKES provides entity authentication to every sensor in the network and is robust against most known attacks. We propose a hierarchical routing mechanism called Secure Hierarchical Energy-Efficient Routing protocol (SHEER). SHEER implements HIKES, which provides the communication security from the inception of the network. SHEER uses a probabilistic broadcast mechanism and a three-level hierarchical clustering architecture to improve the network energy performance and increase its lifetime., Simulation results have shown that HIKES provides an energy-efficient and scalable solution to the key management problem. Cost analysis shows that HIKES is computationally efficient and has low storage requirement. Furthermore, high degree of address flexibility can be achieved in HIKES. Therefore, this scheme meets the desired criteria set forth in this work. Simulation studies also show that SHEER is more energy-efficient and has better scalability than the secure version of LEACH using HIKES.
Show less - Date Issued
- 2007
- PURL
- http://purl.flvc.org/FAU/42771
- Subject Headings
- Sensor networks, Security measures, Ad hoc networks (Computer networks), Security measures, Wireless communication systems, Security measures, Wireless communication systems, Technological innovations, Mobile computing
- Format
- Document (PDF)
- Title
- Security in voice over IP networks.
- Creator
- Pelaez, Juan C., Florida Atlantic University, Fernandez, Eduardo B., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
Voice over IP (VoIP) is revolutionizing the global communications system by allowing human voice and fax information to travel over existing packet data networks along with traditional data packets. The convergence of voice and data in one simplified network brings both benefits and constraints to users. Among the several issues that need to be addressed when deploying this technology, security is one of the most critical. This thesis will present a combination of security patterns based on...
Show moreVoice over IP (VoIP) is revolutionizing the global communications system by allowing human voice and fax information to travel over existing packet data networks along with traditional data packets. The convergence of voice and data in one simplified network brings both benefits and constraints to users. Among the several issues that need to be addressed when deploying this technology, security is one of the most critical. This thesis will present a combination of security patterns based on the systematic analysis of attacks against a VoIP network and the existing techniques to mitigate these attacks, providing good practices for all IP telephony systems. The VoIP Security Patterns which are based on object-oriented modeling, will help network designers to improve the level of security not only in voice but also in data, video, and fax over IP networks.
Show less - Date Issued
- 2004
- PURL
- http://purl.flvc.org/fcla/dt/13190
- Subject Headings
- Internet telephony--Security measures, Computer network protocols, Multimedia systems
- Format
- Document (PDF)
- Title
- A comparative study of classification algorithms for network intrusion detection.
- Creator
- Wang, Yunling., Florida Atlantic University, Khoshgoftaar, Taghi M., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
As network-based computer systems play increasingly vital roles in modern society, they have become the targets of criminals. Network security has never been more important a subject than in today's extensively interconnected computer world. Intrusion Detection Systems (IDS) have been used along with the data mining techniques to detect intrusions. In this thesis, we present a comparative study of intrusion detection using a decision-tree learner (C4.5), two rule-based learners (ripper and...
Show moreAs network-based computer systems play increasingly vital roles in modern society, they have become the targets of criminals. Network security has never been more important a subject than in today's extensively interconnected computer world. Intrusion Detection Systems (IDS) have been used along with the data mining techniques to detect intrusions. In this thesis, we present a comparative study of intrusion detection using a decision-tree learner (C4.5), two rule-based learners (ripper and ridor), a learner to combine decision trees and rules (PART), and two instance-based learners (IBK and Nnge). We investigate and compare the performance of IDSs based on the six techniques, with respect to a case study of the DAPAR KDD-1999 network intrusion detection project. Investigation results demonstrated that data mining techniques are very useful in the area of intrusion detection.
Show less - Date Issued
- 2004
- PURL
- http://purl.flvc.org/fcla/dt/13102
- Subject Headings
- Computer networks--Security measures, Data mining, Decision trees
- Format
- Document (PDF)
- Title
- Firewall formulation driven by risk analysis.
- Creator
- Srinivasan, Sriram, Jr., Florida Atlantic University, Pandya, Abhijit S., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
At the turn of the new millennium, the focus of Information Technology Management turned to Information and Systems Security, as opposed to competitive advantage investment. In catering to the security needs of various firms and institutions, it is seen that different entities require varying Information Security configurations. This thesis attempts to utilize Risk Analysis, a commonly used procedure in business realms, to formulate customized Firewalls based on the specific needs of a...
Show moreAt the turn of the new millennium, the focus of Information Technology Management turned to Information and Systems Security, as opposed to competitive advantage investment. In catering to the security needs of various firms and institutions, it is seen that different entities require varying Information Security configurations. This thesis attempts to utilize Risk Analysis, a commonly used procedure in business realms, to formulate customized Firewalls based on the specific needs of a network, subsequently building an effective system following the "Defense in Depth" strategy. This is done by first choosing an efficient Risk Analysis model which suits the process of creating Firewall policies, and then applying it to a particular case study. A network within Florida Atlantic University is used as an experimental test case, and by analyzing the traffic to which it is subject while behind a single Firewall layer, a specific Security Policy is arrived at and implemented.
Show less - Date Issued
- 2006
- PURL
- http://purl.flvc.org/fcla/dt/13348
- Subject Headings
- Computer networks--Security measures, Electronic data processing departments--Security measures, Firewalls (Computer security), Risk assessment
- Format
- Document (PDF)
- Title
- Intrusion detection in wireless networks: A data mining approach.
- Creator
- Nath, Shyam Varan., Florida Atlantic University, Khoshgoftaar, Taghi M., College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
The security of wireless networks has gained considerable importance due to the rapid proliferation of wireless communications. While computer network heuristics and rules are being used to control and monitor the security of Wireless Local Area Networks (WLANs), mining and learning behaviors of network users can provide a deeper level of security analysis. The objective and contribution of this thesis is three fold: exploring the security vulnerabilities of the IEEE 802.11 standard for...
Show moreThe security of wireless networks has gained considerable importance due to the rapid proliferation of wireless communications. While computer network heuristics and rules are being used to control and monitor the security of Wireless Local Area Networks (WLANs), mining and learning behaviors of network users can provide a deeper level of security analysis. The objective and contribution of this thesis is three fold: exploring the security vulnerabilities of the IEEE 802.11 standard for wireless networks; extracting features or metrics, from a security point of view, for modeling network traffic in a WLAN; and proposing a data mining-based approach to intrusion detection in WLANs. A clustering- and expert-based approach to intrusion detection in a wireless network is presented in this thesis. The case study data is obtained from a real-word WLAN and contains over one million records. Given the clusters of network traffic records, a distance-based heuristic measure is proposed for labeling clusters as either normal or intrusive. The empirical results demonstrate the promise of the proposed approach, laying the groundwork for a clustering-based framework for intrusion detection in computer networks.
Show less - Date Issued
- 2005
- PURL
- http://purl.flvc.org/fcla/dt/13246
- Subject Headings
- Wireless communication systems, Data warehousing, Data mining, Telecommunication--Security measures, Computer networks--Security measures, Computer security
- Format
- Document (PDF)
- Title
- Machine learning algorithms for the analysis and detection of network attacks.
- Creator
- Najafabadi, Maryam Mousaarab, Khoshgoftaar, Taghi M., Florida Atlantic University, College of Engineering and Computer Science, Department of Computer and Electrical Engineering and Computer Science
- Abstract/Description
-
The Internet and computer networks have become an important part of our organizations and everyday life. With the increase in our dependence on computers and communication networks, malicious activities have become increasingly prevalent. Network attacks are an important problem in today’s communication environments. The network traffic must be monitored and analyzed to detect malicious activities and attacks to ensure reliable functionality of the networks and security of users’ information....
Show moreThe Internet and computer networks have become an important part of our organizations and everyday life. With the increase in our dependence on computers and communication networks, malicious activities have become increasingly prevalent. Network attacks are an important problem in today’s communication environments. The network traffic must be monitored and analyzed to detect malicious activities and attacks to ensure reliable functionality of the networks and security of users’ information. Recently, machine learning techniques have been applied toward the detection of network attacks. Machine learning models are able to extract similarities and patterns in the network traffic. Unlike signature based methods, there is no need for manual analyses to extract attack patterns. Applying machine learning algorithms can automatically build predictive models for the detection of network attacks. This dissertation reports an empirical analysis of the usage of machine learning methods for the detection of network attacks. For this purpose, we study the detection of three common attacks in computer networks: SSH brute force, Man In The Middle (MITM) and application layer Distributed Denial of Service (DDoS) attacks. Using outdated and non-representative benchmark data, such as the DARPA dataset, in the intrusion detection domain, has caused a practical gap between building detection models and their actual deployment in a real computer network. To alleviate this limitation, we collect representative network data from a real production network for each attack type. Our analysis of each attack includes a detailed study of the usage of machine learning methods for its detection. This includes the motivation behind the proposed machine learning based detection approach, the data collection process, feature engineering, building predictive models and evaluating their performance. We also investigate the application of feature selection in building detection models for network attacks. Overall, this dissertation presents a thorough analysis on how machine learning techniques can be used to detect network attacks. We not only study a broad range of network attacks, but also study the application of different machine learning methods including classification, anomaly detection and feature selection for their detection at the host level and the network level.
Show less - Date Issued
- 2017
- PURL
- http://purl.flvc.org/fau/fd/FA00004882, http://purl.flvc.org/fau/fd/FA00004882
- Subject Headings
- Machine learning., Computer security., Data protection., Computer networks--Security measures.
- Format
- Document (PDF)