An overview of linux container based network emulation
- Peach, Schalk, Irwin, Barry V W, van Heerden, Renier
- Authors: Peach, Schalk , Irwin, Barry V W , van Heerden, Renier
- Date: 2016
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430095 , vital:72665 , https://www.proceedings.com/30838.html
- Description: The objective of this paper is to assess the current state of Container-Based Emulator implementations on the Linux platform. Through a nar-rative overview, a selection of open source Container-Based emulators are analysed to collect information regarding the technologies used to construct them to assess the current state of this emerging technology. Container-Based Emulators allows the creation of small emulated net-works on commodity hardware through the use of kernel level virtualiza-tion techniques, also referred to as containerisation. Container-Based Emulators act as a management tool to control containers and the ap-plications that execute within them. The ability of Container Based Emu-lators to create repeatable and controllable test networks makes it ideal for use as training and experimentation tools in the information security and network management fields. Due to the ease of use and low hard-ware requirements, the tools present a low cost alternative to other forms of network experimentation platforms. Through a review of cur-rent literature and source code, the current state of Container-Based Emulators is assessed.
- Full Text:
- Date Issued: 2016
- Authors: Peach, Schalk , Irwin, Barry V W , van Heerden, Renier
- Date: 2016
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430095 , vital:72665 , https://www.proceedings.com/30838.html
- Description: The objective of this paper is to assess the current state of Container-Based Emulator implementations on the Linux platform. Through a nar-rative overview, a selection of open source Container-Based emulators are analysed to collect information regarding the technologies used to construct them to assess the current state of this emerging technology. Container-Based Emulators allows the creation of small emulated net-works on commodity hardware through the use of kernel level virtualiza-tion techniques, also referred to as containerisation. Container-Based Emulators act as a management tool to control containers and the ap-plications that execute within them. The ability of Container Based Emu-lators to create repeatable and controllable test networks makes it ideal for use as training and experimentation tools in the information security and network management fields. Due to the ease of use and low hard-ware requirements, the tools present a low cost alternative to other forms of network experimentation platforms. Through a review of cur-rent literature and source code, the current state of Container-Based Emulators is assessed.
- Full Text:
- Date Issued: 2016
Dridex: Analysis of the traffic and automatic generation of IOCs
- Rudman, Lauren, Irwin, Barry V W
- Authors: Rudman, Lauren , Irwin, Barry V W
- Date: 2016
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429525 , vital:72619 , https://ieeexplore.ieee.org/abstract/document/7802932
- Description: In this paper we present a framework that generates network Indicators of Compromise (IOC) automatically from a malware sample after dynamic runtime analysis. The framework addresses the limitations of manual Indicator of Compromise generation and utilises sandbox environment to perform the malware analysis in. We focus on the generation of network based IOCs from captured traffic files (PCAPs) generated by the dynamic malware analysis. The Cuckoo Sandbox environment is used for the analysis and the setup is described in detail. Accordingly, we discuss the concept of IOCs and the popular formats used as there is currently no standard. As an example of how the proof-of-concept framework can be used, we chose 100 Dridex malware samples and evaluated the traffic and showed what can be used for the generation of network-based IOCs. Results of our system confirm that we can create IOCs from dynamic malware analysis and avoid the legitimate background traffic originating from the sandbox system. We also briefly discuss the sharing of, and application of the generated IOCs and the number of systems that can be used to share them. Lastly we discuss how they can be useful in combating cyber threats.
- Full Text:
- Date Issued: 2016
- Authors: Rudman, Lauren , Irwin, Barry V W
- Date: 2016
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/429525 , vital:72619 , https://ieeexplore.ieee.org/abstract/document/7802932
- Description: In this paper we present a framework that generates network Indicators of Compromise (IOC) automatically from a malware sample after dynamic runtime analysis. The framework addresses the limitations of manual Indicator of Compromise generation and utilises sandbox environment to perform the malware analysis in. We focus on the generation of network based IOCs from captured traffic files (PCAPs) generated by the dynamic malware analysis. The Cuckoo Sandbox environment is used for the analysis and the setup is described in detail. Accordingly, we discuss the concept of IOCs and the popular formats used as there is currently no standard. As an example of how the proof-of-concept framework can be used, we chose 100 Dridex malware samples and evaluated the traffic and showed what can be used for the generation of network-based IOCs. Results of our system confirm that we can create IOCs from dynamic malware analysis and avoid the legitimate background traffic originating from the sandbox system. We also briefly discuss the sharing of, and application of the generated IOCs and the number of systems that can be used to share them. Lastly we discuss how they can be useful in combating cyber threats.
- Full Text:
- Date Issued: 2016
Investigating multi-thread utilization as a software defence mechanism against side channel attacks
- Frieslaar, Ibraheem, Irwin, Barry V W
- Authors: Frieslaar, Ibraheem , Irwin, Barry V W
- Date: 2016
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430190 , vital:72672 , https://doi.org/10.1145/3015166.3015176
- Description: A state-of-the-art software countermeasure to defend against side channel attacks is investigated in this work. The implementation of this novel approach consists of using multi-threads and a task scheduler on a microcontroller to purposefully leak out information at critical points in the cryptographic algorithm and confuse the attacker. This research demonstrates it is capable of outperforming the known countermeasure of hiding and shuffling in terms of preventing the secret information from being leaked out. Furthermore, the proposed countermeasure mitigates the side channel attacks, such as correlation power analysis and template attacks.
- Full Text:
- Date Issued: 2016
- Authors: Frieslaar, Ibraheem , Irwin, Barry V W
- Date: 2016
- Subjects: To be catalogued
- Language: English
- Type: text , article
- Identifier: http://hdl.handle.net/10962/430190 , vital:72672 , https://doi.org/10.1145/3015166.3015176
- Description: A state-of-the-art software countermeasure to defend against side channel attacks is investigated in this work. The implementation of this novel approach consists of using multi-threads and a task scheduler on a microcontroller to purposefully leak out information at critical points in the cryptographic algorithm and confuse the attacker. This research demonstrates it is capable of outperforming the known countermeasure of hiding and shuffling in terms of preventing the secret information from being leaked out. Furthermore, the proposed countermeasure mitigates the side channel attacks, such as correlation power analysis and template attacks.
- Full Text:
- Date Issued: 2016
- «
- ‹
- 1
- ›
- »