Time filter

Source Type

Aoba ku, Japan

Hilgenstieler E.,Federal University of Parana | Duarte Jr. E.P.,Federal University of Parana | Mansfield-Keeni G.,Cyber Solutions Inc. | Shiratori N.,Tohoku University
Computers and Security | Year: 2010

IP traceback is used to determine the source and path traversed by a packet received from the Internet. In this work we first show that the Source Path Isolation Engine (SPIE), a classical log-based IP traceback system, can return misleading attack graphs in some particular situations, which may even make it impossible to determine the real attacker. We show that by unmasking the TTL field SPIE returns a correct attack graph that precisely identifies the route traversed by a given packet allowing the correct identification of the attacker. Nevertheless, an unmasked TTL poses new challenges in order to preserve the confidentiality of the communication among the system's components. We solve this problem presenting two distributed algorithms for searching across the network overlay formed by the packet log bases. Two other extensions to SPIE are proposed that improve the efficiency of source discovery: separate logs are kept for each router interface improving the distributed search procedure; an efficient dynamic log paging strategy is employed, which is based on the actual capacity factor instead of the fixed time interval originally employed by SPIE. The system was implemented and experimental results are presented. © 2010 Elsevier Ltd. All rights reserved. Source

Tsunoda H.,Tohoku Institute of Technology | Keeni G.M.,Cyber Solutions Inc.
APNOMS 2014 - 16th Asia-Pacific Network Operations and Management Symposium | Year: 2014

Log messages are generated by operating systems and applications. These messages contain important information about the health and operation of the system. The messages are also of great significance for security management, audit-checks, and forensics in an intranet. So, a logging system that generates, relays, collects and archives log messages, must be monitored and managed just like all other components of the ICT infrastructure, to ensure that it is operating normally i.e., the logs are being collected and archived as desired. In the Internet, some progress has been made towards the standardization of the syslog protocol but, to date, the management aspect of syslog has been neglected, for all practical purposes. In this paper, we discuss the necessity and importance of monitoring and managing logging systems. We present the basic design of a Management Information Base module which will make it possible to monitor and manage a syslog system using standard management protocols. Then we discuss a prototype implementation of the MIB and demonstrate a syslog management application for managing the syslog configuration of an enterprise. © 2014 IEEE. Source

Tsunoda H.,Tohoku Institute of Technology | Keeni G.M.,Cyber Solutions Inc.
IEEE/IFIP NOMS 2014 - IEEE/IFIP Network Operations and Management Symposium: Management in a Software Defined World | Year: 2014

The quality and nature of statistics obtained from network monitoring and management have significant implications in accounting, operations, security and quality of service management. In this paper, we take a closer look at the requirements of monitoring and management in the context of the future Internet and emerging applications and examine the limitations of current practices. We show that the limitations essentially stem from the timestamp attribute of a statistic. Without an implicit or explicit timestamp the usability of a statistic is severely limited especially as the network gets mobile and highspeed and, as more advanced applications appear. © 2014 IEEE. Source

Tsunoda H.,Tohoku Institute of Technology | Keeni G.M.,Cyber Solutions Inc.
Proceedings of the 5th International Conference on Security of Information and Networks, SIN'12 | Year: 2012

In this work we show how data vital to information and network security management can be obtained, relatively easily by basic traffic monitoring and analysis. We introduce a new traffic analysis technique, category transform, to extract more useful information from available data and show the means and significance of looking at traffic characteristics at greater detail. Copyright © 2012 ACM. Source

Cyber Solutions Inc. | Date: 2011-07-05

Electric communication machine apparatus, namely, repeaters, bridges and routers in the field of computer network; Packet Capture Apparatus to receive and manage the packet that is communication signal on computer networks, for controlling and using one or more Packet Capture apparatus, for networks; Computer programs and recorded magnetic and optical data media and downloadable software for use in database management, for use as a spreadsheet, and for making other software. Creation and maintenance of web sites for others; hosting of digital content on the Internet; computer software design, computer programming, or maintenance of computer software.

Discover hidden collaborations