Intrusion Detection Systems (IDSs) – An Overview
Security teams have spent the last 12 years or so coming up with ever larger and more costly intrusion detection systems. These systems are generally employed to detect the presence of intrusion into networks, which are themselves often used for security.
In a sense, this is an old problem.
Over the last two years, it has become common to see larger, more sophisticated intrusion detection systems deployed on networks and other systems, in part because of the proliferation of network-based devices and the need for intrusion detection to be as ubiquitous as possible.
The goal of this blog article is to point how such larger system-level intrusion detection systems have become an integral part of the modern enterprise IT infrastructure.
Intrusion detection systems (IDSs) are typically deployed in the context of an enterprise network, in the form of a large number of individual pieces of hardware that form a system of which the IDS is a part. IDSs have come in all sizes, and the sophistication of the systems that they support varies widely, ranging from simple systems for small networks to very sophisticated systems that are deployed on networks with the aim of identifying the entire enterprise.
All of the IDSs we have seen in the last year or so include a component known as “Intelligence”, which is typically implemented in one of two ways: either at the network level, which is how intrusion detection is typically deployed, or the collection of all the infrastructure devices at the system level, which is how IDS is typically deployed. An example of the former would be an intrusion detection system deployed on the premises of a person’s office; an example of the latter would be an automated installation of an IDS on each individual hardware device in the enterprise.
In all cases, the Intelligence component is a very complex system, and the goal of the component is to detect and alert on the potential presence of a given security threat, whether that threat is malicious or benign.
The Intelligence components of IDSs are usually deployed at the network level.
Discussion at the Editorial Board on the issue of research manipulation.
Article Title: Discussion at the Editorial Board on the issue of research manipulation | Network Security. Full Article Text: We propose an article discussion at the Editorial Board on the issue of R&D manipulation within the research domain. The purpose is to foster open and constructive dialogue. The discussion covers a wide range of topics linked to the debate over research manipulation, including how best to define research, the role of incentives, funding, and incentives, the challenges of identifying and preventing research manipulation, and the implications of misconduct. Authors from academia and industry, such as those from the fields of computer science and law, are invited to participate. The discussion is open to the general public. Further, the discussion will contain open discussion, so that members of the audience can share their own experiences as researchers and non-researchers. We hope that members of the public will participate. This article is the third in a series on the topic presented at the Annual Meeting of the Association for Computing Machinery, held January 6, 2019, in Vancouver, Canada.
The issue of research manipulation in the research domain is on the rise. This issue has been noted by several media sources such as the Chronicle of Higher Education, Technology Review, Forbes, and MIT Sloan Management Review. In addition, IMS researchers are regularly featured in media and academic articles. Recently, a prominent researcher has faced claims of research fraud, and the research community has been debating the issues related to misconduct.
The issue of research manipulation is receiving more attention due to new cases identified within several top-tier research institutions, including Harvard Business Review, the MIT Sloan Management Review, and IMS, in recent years. In the past, several research misconduct cases have raised questions about what constitutes research versus commercialization and whether commercialization is the default position of top-tier institutions.
There is no doubt that the issue of research manipulation is rising in some academic and non-academic areas. This is true for a range of academic fields such as physics and mathematics, as well as business. A study published in the Journal of the American Statistical Association by John B. Lassus and colleagues from the University of Maryland University College, reported a finding that researchers from several departments of the University of Maryland – College Park had inappropriately manipulated data before the release of the data. Several papers in this journal addressed the issue of research manipulation.
Inappropriate manipulation in digital imaging.
Article Title: Inappropriate manipulation in digital imaging | Network Security. Full Article Text: This paper examines the way in which images that are manipulated so as to be used for malicious purposes are captured and transmitted over networks. The paper describes how these image manipulations, using the image as a source, can be used to attack different targets, and discusses the implications for network security. It also highlights the need to develop countermeasures that can block the image manipulations from occurring. The paper concludes with a consideration of future work.
Abstract: This paper examines how image manipulation is used for malicious purposes over a network. A distinction is made between network security and image manipulation.
The first form is the use of the image source as a part of a command-and-control (C2) server. In this case, the C2 server manages the use of the image for malicious purposes. The second form is the use of the image as a part of an email relay server, where relaying the manipulated image is necessary for the C2 server to continue performing its control functions. The third form is the exploitation of a network resource that is being used for malicious purposes, such as a DNS server, as a source of the image. The paper presents an approach for blocking all image manipulations, but only as part of a network security system. The paper also discusses the issue of why it is needed, and what impact this will have on network security.
Abstract: The paper describes the development of an image manipulation (IM) filter for the Image Manipulation Classifier (IMCL) at the University of South Australia in Adelaide. The IMCL is a part of the National Institute of Information and Communications Technology (NICT)’s National Image Recognition and Manipulation (NIRMAP) project, and is used for recognizing the malicious use of images, with a focus on exploitation and manipulation of images in the NIRMAP framework. The IMCL algorithm utilises the image manipulation features defined by the Image Manipulation (IM) Classifier (IMCL). The paper presents the development of the IMCL and the testing of the algorithm using a dataset that is a collection of high-quality images of a number of targets, including a target that is an image manipulated for malicious purposes.
Tradeoff between the size and resolution of the microscopal images
The resolution and size of the microscopal images are the most important design parameters for a successful security system and will have a negative influence on the effectiveness. The analysis indicates that smaller images can be obtained if the camera is at least as powerful as the computer. This means that the computer needs to be as powerful as the camera. Furthermore, the camera needs to have sufficient processing power for the computer to be able to capture images with a resolution that allows both a high number of pixels per square millimetre and a high resolution which is better than other methods. This can be done by using a larger frame buffer, but then the computer would have to write to memory more often. Another option is to use much smaller computers, but this can also have negative effects on the computer. In the example presented, the computer is not able to capture a well-resolved image even though the memory is well-used and the computer has sufficient processing power.
Network security systems use a wide range of sensors to provide detailed images of networks and objects. However, for each system the range of possible resolutions and sizes of the images is limited. Consequently, the security system has to choose between the quality of images, the number and size of sensors, and the resources available on the computers. In this paper we present a framework to help system designers decide which of the following is the strongest and most reliable choice: the resolution of the image, the size of the image, or the image quality. In contrast to most of the work on this subject, we do not want to use a simple linear correlation but rather to look at the tradeoff between the system’s resources and the resolution and size of the microscopal images. The discussion is based on a study of the computer and camera design and on the system security architecture, both in terms of requirements and of the tradeoff between security functions, the resources available on the computers, the type of sensor and the resolution of the microscopal images. The analysis is carried out on several different security systems.
Abstract: The resolution of the microscopal images is the most important design parameter for a successful security system and will have a negative influence on the effectiveness. The analysis indicates that smaller images can be obtained if the camera is at least as powerful as the computer.
Tips of the Day in Network Security
Today we will talk about how to find a router bug.
This post is for security related routers, and as such there are no specific details about where they’re located, a list of which will be in a future post.
The router we are talking about is a Linksys WRT54GL, or as the customer calls it the ‘PC’.
For the purposes of this post, we will only be looking at the Linksys WRT54GL router, and so far we will only be looking at the common symptoms, things that happen when you are running a Linksys router.
This will only be a few hints, hints which will be more likely to work on a typical Linksys router, and as such it might not work on the most popular routers.
This is what we hope can work, but it’s always a good idea to test things on your router.
One of the most commonly reported problems with linksys routers is an incorrect IP address being entered into the router to change the router’s MAC address.