The Experts below are selected from a list of 3060 Experts worldwide ranked by ideXlab platform
Kwong H. Yung - One of the best experts on this subject based on the ideXlab platform.
-
RAID - Detecting long connection Chains of interactive terminal sessions
Lecture Notes in Computer Science, 2002Co-Authors: Kwong H. YungAbstract:To elude detection and capture, hackers chain many Computers together to attack the Victim Computer from a distance. This report proposes a new strategy for detecting suspicious remote sessions, used as part of a long connection chain. Interactive terminal sessions behave differently on long chains than on direct connections. The time gap between a client request and the server delayed acknowledgment estimates the round-trip time to the nearest server. Under the same conditions, the time gap between a client request and the server reply echo provides information on how many hops downstream the final Victim is located. By monitoring an outgoing connection for these two time gaps, echo-delay comparison can identify a suspicious session in isolation. Experiments confirm that echo-delay comparison applies to a range of situations and performs especially well in detecting outgoing connections with more than two hops downstream.
-
Detecting long connection chains of interactive terminal sessions
Lecture Notes in Computer Science, 2002Co-Authors: Kwong H. YungAbstract:To elude detection and capture, hackers chain many Computers together to attack the Victim Computer from a distance. This report proposes a new strategy for detecting suspicious remote sessions, used as part of a long connection chain. Interactive terminal sessions behave differently on long chains than on direct connections. The time gap between a client request and the server delayed acknowledgment estimates the round-trip time to the nearest server. Under the same conditions, the time gap between a client request and the server reply echo provides information on how many hops downstream the final Victim is located. By monitoring an outgoing connection for these two time gaps, echo-delay comparison can identify a suspicious session in isolation. Experiments confirm that echo-delay comparison applies to a range of situations and performs especially well in detecting outgoing connections with more than two hops downstream.
Sanjeev Kumar - One of the best experts on this subject based on the ideXlab platform.
-
Do ICMP Security Attacks Have Same Impact on Servers
Journal of Information Security, 2017Co-Authors: Ganesh Reddy Gunnam, Sanjeev KumarAbstract:There are different types of Cyber Security Attacks that are based on ICMP protocols. Many ICMP protocols are very similar, which may lead security managers to think they may have same impact on Victim Computer systems or servers. In this paper, we investigate impact of different ICMP based security attacks on two popular server systems namely Microsoft’s Windows Server and Apple’s Mac Server OS running on same hardware platform, and compare their performance under different types of ICMP based security attacks.
-
Apple's Leopard Versus Microsoft's Windows XP: Experimental Evaluation of Apple's Leopard Operating System with Windows XP-SP2 under Distributed Denial of Service Security Attacks
Information Security Journal: A Global Perspective, 2011Co-Authors: Sirisha Surisetty, Sanjeev KumarAbstract:Apple's iMac Computers are promoted by Apple Inc. to be secure, safe, virus free, and fast Computers. In this experimental paper, we evaluate the security offered by the iMac with its usual Leopard Operating System, against different Distributed Denial of Service (DDoS) attacks in a Gigabit LAN environment. We compared the effect of DDoS attacks on Leopard OS against those on the Window's XP-SP2 when installed on the same iMac platform under the same network attack environment. DDoS-based flooding attacks can originate in a LAN environment or can be from the Internet, which can have an impact on a Victim Computer with a barrage of Denial of Service (DoS) packet requests, thereby exhausting the resources of the Victim Computer in processing these requests. To study the impact on iMac Computers, we created the corresponding DDoS traffic in a controlled lab environment to test against iMac Computer that first deployed Leopard OS. Later, the same iMac platform was made to use Window's XP OS. We compared the behavior of Apple's Leopard OS with Windows's XP-SP2 OS under Ping Flood, ICMP Land, TCP-SYN, Smurf Flood, ARP Flood, and UDP Flood attacks. It was found that the Apple's iMac Computer using its usual Leopard operating system crashed even under low bandwidth of ARP-based attack traffic, requiring forced reboot of the iMac Computer. Interestingly, when compared with Microsoft's Windows XP-SP2 operating system, deployed on the same iMac platform, the Computer was able to sustain the attack and did not crash. Our discovery of this vulnerability shows that Apple's popular operating systems, namely Leopards, commonly deployed on iMacs are prone to crash under ARP-based security attacks. Also in other attacks Windows XP-SP2 was found to have a better performance than Leopard in terms of resource consumption.
-
Denial of Service Due to Direct and Indirect ARP Storm Attacks in LAN Environment
Journal of Information Security, 2010Co-Authors: Sanjeev Kumar, Orifiel GomezAbstract:ARP-based Distributed Denial of Service (DDoS) attacks due to ARP-storms can happen in local area networks where many Computer systems are infected by worms such as Code Red or by DDoS agents. In ARP attack, the DDoS agents constantly send a barrage of ARP requests to the gateway, or to a Victim Computer within the same sub-network, and tie up the resource of attacked gateway or host. In this paper, we set to measure the impact of ARP-attack on resource exhaustion of Computers in a local area network. Based on attack experiments, we measure the exhaustion of processing and memory resources of a Victim Computer and also other Computers, which are located on the same network as the Victim Computer. Interestingly enough, it is observed that an ARP-attack not only exhausts resource of the Victim Computer but also significantly exhausts processing resource of other non-Victim Computers, which happen to be located on the same local area network as the Victim Computer.
-
Is Apple's iMac Leopard Operating System Secure under ARP-Based Flooding Attacks?
2010 Fifth International Conference on Internet Monitoring and Protection, 2010Co-Authors: Sirisha Surisetty, Sanjeev KumarAbstract:Apple's iMac Computers are promoted by the Apple Inc. to be secure, safe, virus free and fast Computers. In this experimental paper, we evaluate the security offered by the iMac Computers with its usual Leopard Operating System, against ARP-based flooding attacks in a Gigabit LAN environment. We compared the effect of ARP attacks on Leopard OS against those on the Windows XP-SP2 when installed on the same iMac platform under the same network attack environment. ARP-based flooding attacks can originate in a LAN environment, which can impact a Victim Computer with a barrage of ARP requests, and there by exhausting resource of the Victim Computers in processing these requests. To study the impact on iMac Computers, we created the ARP traffic in a controlled lab environment to test against iMac Computer that first deployed Leopard OS and then later the same iMac platform was made to rather use Windows XP OS. It was found that the Apple's iMac Computer using its usual Leopard operating system crashed even under low bandwidth of ARP-based attack traffic, requiring forced reboot of the iMac Computer. Interestingly, when compared with Microsoft's Windows XP-SP2 operating system, deployed on the same iMac platform, the Computer was able to sustain the attack and didn't crash. Our discovery of this vulnerability shows that Apple's popular operating systems namely Leopards commonly deployed on iMacs are prone to crash under ARP-based security attacks.
-
ICDS - Performance of Windows XP, Windows Vista and Apple's Leopard Computers under a Denial of Service Attack
2010 Fourth International Conference on Digital Society, 2010Co-Authors: Raja Sekhar Reddy Gade, Hari Krishna Vellalacheruvu, Sanjeev KumarAbstract:Distributed Denials of Service (DDoS) attacks are increasing over the Internet, where the attacker consumes all the resources of the network or the Victim Computer, thus preventing legitimate users from accessing the services. This paper compares the impact of a DDoS attack, called Land Attack, on popular operating systems such as “Windows XP”, “windows Vista” and “Apple’s Leopard”. We investigate and compare the built-in ability of these operating systems in withstanding land attacks at different loads of Land Attack traffic. In this experiment, we measure the exhaustion of the computing resources, for the above mentioned operating systems under varying loads of the Land Attack traffic. Our results show that Windows XP operating system was most robust, and capable of surviving the ICMP-Land Attack when compared with Windows Vista and Apple’s Leopard operating systems.
Sirisha Surisetty - One of the best experts on this subject based on the ideXlab platform.
-
Apple's Leopard Versus Microsoft's Windows XP: Experimental Evaluation of Apple's Leopard Operating System with Windows XP-SP2 under Distributed Denial of Service Security Attacks
Information Security Journal: A Global Perspective, 2011Co-Authors: Sirisha Surisetty, Sanjeev KumarAbstract:Apple's iMac Computers are promoted by Apple Inc. to be secure, safe, virus free, and fast Computers. In this experimental paper, we evaluate the security offered by the iMac with its usual Leopard Operating System, against different Distributed Denial of Service (DDoS) attacks in a Gigabit LAN environment. We compared the effect of DDoS attacks on Leopard OS against those on the Window's XP-SP2 when installed on the same iMac platform under the same network attack environment. DDoS-based flooding attacks can originate in a LAN environment or can be from the Internet, which can have an impact on a Victim Computer with a barrage of Denial of Service (DoS) packet requests, thereby exhausting the resources of the Victim Computer in processing these requests. To study the impact on iMac Computers, we created the corresponding DDoS traffic in a controlled lab environment to test against iMac Computer that first deployed Leopard OS. Later, the same iMac platform was made to use Window's XP OS. We compared the behavior of Apple's Leopard OS with Windows's XP-SP2 OS under Ping Flood, ICMP Land, TCP-SYN, Smurf Flood, ARP Flood, and UDP Flood attacks. It was found that the Apple's iMac Computer using its usual Leopard operating system crashed even under low bandwidth of ARP-based attack traffic, requiring forced reboot of the iMac Computer. Interestingly, when compared with Microsoft's Windows XP-SP2 operating system, deployed on the same iMac platform, the Computer was able to sustain the attack and did not crash. Our discovery of this vulnerability shows that Apple's popular operating systems, namely Leopards, commonly deployed on iMacs are prone to crash under ARP-based security attacks. Also in other attacks Windows XP-SP2 was found to have a better performance than Leopard in terms of resource consumption.
-
Is Apple's iMac Leopard Operating System Secure under ARP-Based Flooding Attacks?
2010 Fifth International Conference on Internet Monitoring and Protection, 2010Co-Authors: Sirisha Surisetty, Sanjeev KumarAbstract:Apple's iMac Computers are promoted by the Apple Inc. to be secure, safe, virus free and fast Computers. In this experimental paper, we evaluate the security offered by the iMac Computers with its usual Leopard Operating System, against ARP-based flooding attacks in a Gigabit LAN environment. We compared the effect of ARP attacks on Leopard OS against those on the Windows XP-SP2 when installed on the same iMac platform under the same network attack environment. ARP-based flooding attacks can originate in a LAN environment, which can impact a Victim Computer with a barrage of ARP requests, and there by exhausting resource of the Victim Computers in processing these requests. To study the impact on iMac Computers, we created the ARP traffic in a controlled lab environment to test against iMac Computer that first deployed Leopard OS and then later the same iMac platform was made to rather use Windows XP OS. It was found that the Apple's iMac Computer using its usual Leopard operating system crashed even under low bandwidth of ARP-based attack traffic, requiring forced reboot of the iMac Computer. Interestingly, when compared with Microsoft's Windows XP-SP2 operating system, deployed on the same iMac platform, the Computer was able to sustain the attack and didn't crash. Our discovery of this vulnerability shows that Apple's popular operating systems namely Leopards commonly deployed on iMacs are prone to crash under ARP-based security attacks.
Wei-cheng Fan - One of the best experts on this subject based on the ideXlab platform.
-
Detecting Step-Stone with Network Traffic Mining Approach
2009 Fourth International Conference on Innovative Computing Information and Control (ICICIC), 2009Co-Authors: Han-wei Hsiao, Wei-cheng FanAbstract:In recent years, many network users has been the serious impact by the intrusion of the Internet, there are many attack events occur at the present time. On the Internet, the intruders usually launch attacks from the stepping stone that they previously compromised. In this way, the attackers can reduce their risk of directly detected. Even if the network managers detect the invasion that still can't identify the true attack intruders IP location through the observation records. And there are many network attacks using a large amount of stepping stone to launch a joint flooding attack at the same time. The Victim Computer or web site will not bear this kind large flood traffic that make the servers cannot work properly to provide normal Internet services. The problem of stepping stone has being caused serious impact on network security. In this study, we use the association rules mining technique to establish an automatically stepping stone detection module. By collect the connecting records in the local network to gather the information of source and destination IP addresses in the same period. The traffic data analyse by association rule algorithms trying to figure out the transmission characteristics of the stepping stone. By identifying the suspicious IP addresses of stepping stone will be helpful for the network security administrators to improve the security of network.
Han-wei Hsiao - One of the best experts on this subject based on the ideXlab platform.
-
Detecting Step-Stone with Network Traffic Mining Approach
2009 Fourth International Conference on Innovative Computing Information and Control (ICICIC), 2009Co-Authors: Han-wei Hsiao, Wei-cheng FanAbstract:In recent years, many network users has been the serious impact by the intrusion of the Internet, there are many attack events occur at the present time. On the Internet, the intruders usually launch attacks from the stepping stone that they previously compromised. In this way, the attackers can reduce their risk of directly detected. Even if the network managers detect the invasion that still can't identify the true attack intruders IP location through the observation records. And there are many network attacks using a large amount of stepping stone to launch a joint flooding attack at the same time. The Victim Computer or web site will not bear this kind large flood traffic that make the servers cannot work properly to provide normal Internet services. The problem of stepping stone has being caused serious impact on network security. In this study, we use the association rules mining technique to establish an automatically stepping stone detection module. By collect the connecting records in the local network to gather the information of source and destination IP addresses in the same period. The traffic data analyse by association rule algorithms trying to figure out the transmission characteristics of the stepping stone. By identifying the suspicious IP addresses of stepping stone will be helpful for the network security administrators to improve the security of network.
