Computer Network Security (CNS) Group Homepage

Group Meeting @11:00am every Wednesday morning.

Hints on Writing Technical Papers and Making Presentations
Location: EMCS 323

Members: Dr. Kizza, Alma, Harkeerat and Neeladri

 Fourteen Steps to a Clearly Written Technical Paper

    Plan of the Year 07-08

Elliptic Curve Cryptography by Harkeerat Bedi

A Fine-grained Reputation-based Routing by Alma Cemerlic

Readings in Reputation Systems:

1.      S. Marti, and H. Garcia-Molina. Limited reputation sharing in P2P systems. In Proc. of the 5th ACM conference on Electronic commerce, New York, NY, USA, 2004. http://citeseer.ist.psu.edu/garcia04limited.html

2.      Sergio Marti and Hector Garcia-Molina. Taxonomy of trust: Categorizing P2P reputation systems. Computer NetworksVolume 50, Issue 4, 15 March 2006, Pages 472-484

3.      Shanshan Song, Kai Hwang, Runfang Zhou, Yu-Kwong Kwok, "Trusted P2P Transactions with Fuzzy Reputation Aggregation," IEEE Internet Computing, vol. 9,  no. 6,  pp. 24-34,  Nov/Dec,  2005

4.      Kamvar, S. D., Schlosser, M. T., and Garcia-Molina, H. 2003. The Eigentrust algorithm for reputation management in P2P networks. In Proceedings of the 12th international Conference on World Wide Web (Budapest, Hungary, May 20 - 24, 2003). WWW '03. ACM, New York, NY, 640-651.

5.      Brian F. Cooper, Hector Garcia-Molina, "Peer-to-Peer Data Preservation through Storage Auctions," IEEE Transactions on Parallel and Distributed Systems, vol. 16,  no. 3,  pp. 246-257,  Mar.,  2005

6.      Landon Cox and Brian Noble. Samsara: Honor Among Thieves in Peer-to-Peer Storage. In Proceedings of the ACM Symposium on Operating Systems Principles, October 2003.

7.      Osipkov, I.; Peng Wang; Hopper, N. Robust Accounting in Decentralized P2P Storage Systems.  2006. ICDCS 2006. 26th IEEE International Conference on Distributed Computing Systems, Volume , Issue , 2006 Page(s): 14 – 14.

8.      OURS: Optimal Unicast Routing Systems in Non-Cooperative Wireless Networks.

9.      A Dynamic Anonymous P2P Reputation System based on Trusted Computing Technology.

10.  Passive Listening and Intrusion Management in Commodity Wi-Fi Network.

11.  A Passive Approach to Rogue Access Point Detection.

12.  Design and Evaluation of a Grid Computing Based Architecture for Integrating Heterogeneous IDSs. 

Readings in Intrusion Detection

Survey

1.      Detecting Intruders in Computer Systems. T. Lunt. In Proceedings of the 1993 Conference on Auditing and Computer Technology. 1993.

2.      State of the Practice of Intrusion Detection Technologies. J. Allen, A. Christie, W. Fithen, J. McHugh, J. Pickel, and E. Stoner. CMU/SEI Technical Report (CMU/SEI-99-TR-028. 1999.

3.      Research in Intrusion Detection Systems: A Survey. S. Axelsson. Technical Report. 1999.

4.      Artificial Intelligence and Intrusion Detection: Current and Future Directions. J. Frank. In Proceedings of the 17th National Computer Security Conference. 1994.

5.      An Introduction to Intrusion Detection. A. Sundaram. 1996.

6.      A Revised Taxonomy for Intrusion-Detection Systems. H. Debar, M. Dacier, and A. Wepsi. IBM Research Report. 1999.

General and Theoretical Background

7.      An Intrusion-Detection Model. D. Denning. IEEE Transactions on Software Engineering, 13(2), Feb. 1987.

8.      Statistical Foundations of Audit Trail Analysis for the Detection of Computer Misuse. P. Helman and G. Liepins. IEEE Transactions on Software Engineering, 19(9), September, 1993.

9.      The Base-Rate Fallacy and Its Implications for the Difficulty of Intrusion Detection. S. Axelsson. In Proceedings of the ACM Conference on Computer and Communication Security. November, 1999.

10.  Information-Theoretic Measures for Anomaly Detection. W. Lee and D. Xiang. In Proceedings of the 2001 IEEE Symposium on Security and Privacy. May, 2001.

11.  Benchmarking Anomaly-Based Detection Systems. R. Maxion and K. M. C Tan. In Proceedings of the 1st International Conference on Dependable Systems & Networks. 2000.

Detection Techniques

Misuse Detection

12.  An Application of Pattern Matching in Intrusion Detection. S. Kumar and E. H. Spafford. Purdue University Technical Report CSD-TR-94-013. 1994.

13.  State Transition Analysis: A Rule-Based Intrusion Detection Approach. K. Ilgun, R. A. Kemmerer, and P. A. Porras. IEEE Transactions on Software Engineering, 21(3). March, 1995.

14.  Detecting Computer and Network Misuse Through the Production-Based Expert System Toolset (P-BEST) . U. Lindqvist and P. A. Porras. In Proceedings of the 1999 IEEE Symposium on Research in Security and Privacy. 1999.

Anomaly Detection

15.  The SRI IDES Statistical Anomaly Detector. H. S. Javitz and A. Valdes. In Proceedings of the IEEE Symposium on Research in Security and Privacy. 1991.

16.  A Sense of Self for Unix Processes. S. Forrest, S. A. Hofmeyr, A. Somayaji, and T. A. Longstaff. In Proceedings of the 1996 IEEE Symposium on Security and Privacy. 1996.

17.  Execution Monitoring of Security-Critical Programs in Distributed Systems: A Specification-based Approach. C. Ko, M. Ruschitzka, and K. Levitt. In Proceedings of the 1997 IEEE Symposium on Security and Privacy. 1997.

18.  Intrusion Detection via Static Analysis. D. Wagner and D. Dean. In Proceedings of the 2001 IEEE Symposium on Security and Privacy. 2001.

19.  A Fast Automaton-Based Method for Detecting Anomalous Program Behaviors. R. Sekar, M. Bendre, D. Dhurjati, and P. Bollineni. In Proceedings of the 2001 IEEE Symposium on Security and Privacy. 2001.

Learning (or Data Mining) Based Approaches

20.  A Framework for Constructing Features and Models for Intrusion Detection Systems. W. Lee and S. J. Stolfo. ACM Transactions on Information and System Security, 3(4). 2000.

21.  Detecting Intrusion Using System Calls: Alternative Data Models. C. Warrender, S. Forrest, and B. Perlmutter. In Proceedings of the 1999 IEEE Symposium on Security and Privacy. 1999.

22.  Probabilistic Alert Correlation. A. Valdes and K. Skinner. In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID 2001). 2001.

23.  Logic Induction of Valid Behavior Specifications for Intrusion Detection. C. Ko. In Proceedings of the 2000 IEEE Symposium on Security and Privacy. 2000.

24.  Temporal Sequence Learning and Data Reduction for Anomaly Detection. T. Lane and C. E. Brodley. ACM Transactions on Information and System Security, 2(3). August, 1999.

Implementation (or Systems) Issues

25.  Network Intrusion Detection. B. Mukherjee, L. T. Heberlein, and K. N. Levitt. IEEE Network, May/June, 1994.

26.  Bro: A System for Detecting Network Intruders in Real-Time. V. Paxson. Computer Networks, 31(23-24). December, 1999.

27.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection. T. H. Ptacek and T. N. Newsham. Technical Report. 1998.

28.  Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics. M. Handley and V. Paxson. In Proceedings of the 10th USENIX Security Symposium. August, 2001.

29.  Performance Adaptation in Real-Time Intrusion Detection Systems. Wenke Lee, Joao B. D. Cabrera, Ashley Thomas, Niranjan Balwalli, Sunmeet Saluja, and Yi Zhang. In Proceedings of The 5th International Symposium on Recent Advances in Intrusion Detection (RAID 2002), Zurich, Switzerland, October 2002.

30.  Using Embedded Sensors for Detecting Network Attacks. F. Kerschbaum, E. H. Spafford, and D. Zamboni. Purdue University Technical Report. 2000.

31.  Live Traffic Analysis of TCP/IP Gateways. P. A. Porras and A. Valdes. In Proceedings of the Internet Society Symposium on Network and Distributed System Security (NDSS). 1998.

32.  EMERALD: Event Monitoring Enabling Responses to Anomalous Live Disturbances. P. A. Porras and Peter G. Neumann. In Proceedings of the National Information Systems Security Conference. 1997.

33.  An Architecture for Intrusion Detection Using Autonomous Agents. J. S. Balasubramaniyan, J. O. Garcia-Fernandez, D. Isacoff, E. H. Spafford, and D. Zamboni. Purdue University Technical Report. 1998.

34.  The Design of GrIDS: A Graph-Based Intrusion Detection System. S. Cheung, R. Crawford, M. Dilger, J. Frank, J. Hoagland, K. Levitt, J. Rowe, S. Staniford, R. Yip, D. Zerkle. UC Davis Technical Report CSE-99-2. 1999.

35.  Toward Cost-Sensitive Modeling for Intrusion Detection and Response. W. Lee, W. Fan, M. Miller, S. Stolfo, and E. Zadok. Journal of Computer Security 10(1,2), 2002.

36.  Experiences with Tripwire: Using Integrity Checkers for Intrusion Detection. G. H. Kim and E. H. Spafford. In USENIX Systems Administration, Networking and Security Conference III. 1994.

Alert Analysis and Correlation

37.  Information Modeling for Intrusion Report Aggregation. R. P. Goldman, W. Heimerdinger, S. A. Harp, C. W. Geib, V. Thomas, and R. L. Carter. In Proceedings of the DARPA Information Survivability Conference and Exposition (DISCEX II). 2001.

38.  Probabilistic Alert Correlation. A. Valdes and K. Skinner. In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID) 2001.

39.  A Mission-Impact-Based Approach to INFOSEC Alarm Correlation. P. A. Porras, M. W. Fong, A. Valdes. In Proceedings of the 5th International Symposium on Recent Advances in Intrusion Detection (RAID). 2002.

40.  Aggregration and Correlation of Intrusion-Detection Alerts. H. Debar and A. Wespi. In Proceedings of the 4th International Symposium on Recent Advances in Intrusion Detection (RAID). 2001.

Evaluation (or Testing) Issues

41.  A Methodology for Testing Intrusion Detection Systems. N. J. Puketza, K. Zhang, M. Chung, B. Mukherjee, and R. A. Olsson. IEEE Transactions on Software Engineering, 22(10). October, 1996.

42.  Evaluating Intrusion Detection Systems: The 1998 DARPA Off-line Intrusion Detection Evaluation. R. P. Lippmann, D. J. Fried, I. Graf, J. W. Haines, K. P. Kendall, D. McClung, D. Weber, S. E. Webster, D. Wyschogrod, R. K. Cunningham, and M. A. Zissman. In Proceedings of the 2000 DARPA Information Survivability Conference and Exposition (DISCEX). 2000.

43.  The 1999 DARPA Off-line Intrusion Detection Evaluation. R. P. Lippmann, J. W. Haines, D. J. Fried, J. Korba, and K. Das. MIT Lincoln Lab Technical Report. 2000.

44.  Testing Intrusion Detection Systems: A Critique of the 1998 and 1999 DARPA Off-line Intrusion Detection System Evaluation as Performed by Lincoln Laboratory. John McHugh. ACM Transactions on Information and System Security, 3(4). November, 2000.

45.  A Database of Computer Attacks for the Evaluation of Intrusion Detection Systems. K. Kendall. Master Thesis. MIT. 1999.

46.  Attack Development for Intrusion Detection Evaluation. . K. Das. B.S. Thesis. MIT. 2000.

Topic 1

Bayesian Network: An Overview of Learning Bayes Nets From Data by Chris Meek

  • Tools:
    • www.norsys.com;
    • BAYDA 1.0
    • Bayesian belief network software (Win95/98/NT/2000), from J. Cheng, including
      BN PowerConstructor: An efficient system for learning BN structures and parameters from data. Constantly updated since 1997. BN PowerPredictor: A data mining program for data modeling/classification/prediction. It extends BN PowerConstructor to BN based classifier learning.
    • Bayesian Logistic Regression Software, for large-scale Bayesian logistic regression (Windows and Linux)
    • Bayesian Network tools in Java (BNJ): an open-source suite of Java tools for probabilistic learning and reasoning (Kansas State University KDD Lab)
    • FDEP, induces functional dependencies from a given input relation. (GNU C).
    • GeNIe, decision modeling environment implementing influence diagrams and Bayesian networks (Windows).
    • JavaBayes
    • jBNC, a Java toolkit for training, testing, and applying Bayesian Network Classifiers.
    • MSBN: Microsoft Belief Network Tools, tools for creation, assessment and evaluation of Bayesian belief networks. Free for non-commercial research users.
    • PNL, Intel Open-Source Probabilistic Network Library
    • Pulcinella, tool for Propagating Uncertainty through Local Computations based on the Shenoy and Shafer framework. (Common Lisp)
  • Applied areas include
    • Intrusion Detection (DARPA dataset: http://www.ll.mit.edu/IST/ideval/data/data_index.html ),
      • *Data Mining for Network Intrusion Detection, Paul Dokas, Levent Ertoz, Vipin Kumar, Aleksandar Lazarevic, Jaideep Srivastava, Pang-Ning Tan, University of Minnesota, Minneapolis, MN
      • *Selective Features for Intrusion Detection: A Feature Relevance Analysis on KDD 99 Intrustion Detection Datasets, H. Gunes Kayacik, A. Nur Zincir-Heywood, Malcolm I. Heywood
      • *A Framework for an Adaptive Intrusion Detection System Using Bayesian Network, Farah Jemili.
      • Real Time Data Mining-based Intrusion Detection, Wenke Lee, Salvatore J. Stolfo, Philip K. Chan, Northe Carolina State University.
      • Naive Bayes vs. Decision Trees in Intrusion Detection Systems, Nahla Ben Amor, Salem Benferhat, Zied Elouedi, 2004.
      • An Intrustion Detection Model, Dorothy E. Denning, IEEE Transactions on Software Engineering, 1987. 
    • Spamming and
    • Forensics
      • An Embedded Bayesian Network Hidden Markov Model for Digital Forensics, Olivier De Vel Nianjun Liu, Terry Caelli, and Tiberio S. Caetano.

Topic 2

Latent Dirchlet Allocation (LDA) based dark web analysis

  • LDA paper: Here.
  • LDA implementation in C by Blei.
  • LDA implementations in C and matlab.
  • LDA and Social Network
    • An LDA-based Community Structure Discovery Approach for Large-Scale Social Networks, Haizheng Zhang, Baojun Qiu, C. Lee Giles, Henry C. Foley and John Yen, In Proceedings of IEEE Intelligence and Security Informatics, 2007.
  • Dark website
    • Tracing the Event from Evolution of Terror Attacks from On-Line News, Christopher C. Yang, Xiaodong Shi, and Chih-Ping Wei, In Proceedings of IEEE Intelligence and Security Informatics, 2006.
    • On the Topology of the Dark Web of Terrorist Groups, Jennifer Xu, Hsinchun Chen, Yilu Zhou, and Jialun Qin, In Proceedings of IEEE Intelligence and Security Informatics 2006.

Topic 3

Secure Wireless Sensor Network

  • Security: Key chain encryption
  • Integrity: Reputation-based Peer Monitoring
  • Reliability: k-connectivity Deployment
  • Multicasting

Topic 4

Event-correlation based Intrusion Detection

  • Tools: Backtracker
  • Correlate events from application, operating system and hardware architecture layer to detect intrusion fast and accurately.

  

Year 06-07

Week 1

(wireless network)

Survivable Mobile Wireless Networks: Issues, Challenges, and Research Directions

Week 2

(wireless routing)

A Performance Comparison of Multi-Hop Wireless Ad Hoc Network Routing

Week 3

(wireless routing)

Dynamic Source Routing in Ad Hoc Wireless Networks

Week 4

(wireless routing)

Ad hoc On-Demand Distance Vector (AODV) Routing,

http://moment.cs.ucsb.edu/AODV/aodv.html where you can find AODV implementation and simulation.

Week 5

(wireless routing)

GPSR: Greedy Perimeter Stateless Routing for Wireless Networks Protocols,

http://www.icir.org/bkarp/gpsr/gpsr.html where you can find ns2 simulation code for GPSR.

Week 6

presentation on DSR, AODV by Alma and Feiqiong

Week 7

simulation demo of DSR and AODV by Alma and Feiqiong

Week 8, 9

(trust)

1. TARP: Trust-Aware Routing Protocol 

2. Establishing Trust in Pure Ad-hoc Networks

3. A Robust Reputation System for P2P and Mobile Ad-hoc Networks 

4. A Quantitative Trust Establishment Framework for Reliable Data Packet Delivery in MANETs

Week 10

(trust)

Using Trust for Secure Collaboration in Uncertain Environment

A Security-Aware Routing Protocol for Wireless Ad Hoc Networks

Trust based Adaptive On Demand Ad Hoc Routing Protocol 

Week 11

Performance Comparison of Trust-Based Reactive Routing Protocols

 

Week 12

The “bad cop” approach

n      Detect and route around misbehaving nodes

n      Collectively isolate misbehaving nodes

1.      Mitigating routing misbehavior in mobile ad hoc networks, Marti, Baker etal, MOBICOM ’00

2.      Performance analysis of the CONFIDANT protocol ", Buchegger and Le Boudec, MOBIHOC ’02

3.      Sustaining cooperation in multi-hop wireless networks, Mahajan, Wetherall etal, NSDI ’05

 

Week 13

The “good cop” approach

n      Selfish/rational nodes will act correctly if they are given the right incentives for cooperation

n      Virtual currency can provide the incentives

1.      Simulating Cooperation in Self-Organizing Mobile Ad Hoc Networks, Hubaux et. al MONET 2002.

2.      Sprite: A Simple Cheat-Proof Credit-Based System for Mobile Ad Hoc Networks, Zhong et. al, INFOCOM ’03

 

Week 14

3.      Ad hoc VCG: A Truthful and Cost-Efficient Routing Protocol for Mobile Ad Hoc Networks with Selfish Agents, Anderegg and Eidenbanz, MOBICOM ’03

4.      Cooperation in Wireless Ad Hoc Networks, Srinivasan et. al, INFOCOM ’03

Week 15

5.      Priority Forwarding in Ad Hoc Networks with Self-Interested Parties, Barath Raghavan and Alex Snoeren, Workshop on P2P systems, 2003

6.      On Designing Incentive­Compatible Routing and Forwarding Protocols in Wireless Ad­Hoc Networks -- An Integrated Approach Using Game Theoretical and Cryptographic Techniques Sheng Zhong, Li (Erran) Liy Yanbin Grace Liuz Yang Richard Yang, MobiCom’05

Week 16

7.      A Framework for Incentive Compatible Topology Control in NonCooperative Wireless MultiHop Networks, Paolo Santi, et. al,  DIWANS’06

8.      OURS: Optimal Unicast Routing Systems in Non-Cooperative Wireless Networks Weizhao Wang, et. al, MobiCom’06

Simulation Tools