Change search
Link to record
Permanent link

Direct link
BETA
Publications (6 of 6) Show all publications
Afzal, Z., Garcia, J., Lindskog, S. & Brunström, A. (2018). Slice Distance: An Insert-Only Levenshtein Distance with a Focus on Security Applications. In: Proceedings of NTMS 2018 Conference and Workshop: . Paper presented at 9th IFIP International Conference on New Technologies, Mobility and Security, 26-28 February 2018, Paris, France (pp. 1-5). New York: IEEE
Open this publication in new window or tab >>Slice Distance: An Insert-Only Levenshtein Distance with a Focus on Security Applications
2018 (English)In: Proceedings of NTMS 2018 Conference and Workshop, New York: IEEE, 2018, p. 1-5Conference paper, Published paper (Refereed)
Abstract [en]

Levenshtein distance is well known for its use in comparing two strings for similarity. However, the set of considered edit operations used when comparing can be reduced in a number of situations. In such cases, the application of the generic Levenshtein distance can result in degraded detection and computational performance. Other metrics in the literature enable limiting the considered edit operations to a smaller subset. However, the possibility where a difference can only result from deleted bytes is not yet explored. To this end, we propose an insert-only variation of the Levenshtein distance to enable comparison of two strings for the case in which differences occur only because of missing bytes. The proposed distance metric is named slice distance and is formally presented and its computational complexity is discussed. We also provide a discussion of the potential security applications of the slice distance.

Place, publisher, year, edition, pages
New York: IEEE, 2018
Keywords
Measurement, Pattern matching, Time complexity, Transforms, Security, DNA
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-67012 (URN)10.1109/NTMS.2018.8328718 (DOI)000448864200049 ()978-1-5386-3662-6 (ISBN)978-1-5386-3663-3 (ISBN)
Conference
9th IFIP International Conference on New Technologies, Mobility and Security, 26-28 February 2018, Paris, France
Funder
Knowledge Foundation, 4707
Available from: 2018-04-17 Created: 2018-04-17 Last updated: 2018-11-23Bibliographically approved
Afzal, Z. & Lindskog, S. (2016). IDS rule management made easy. In: Electronics, Computers and Artificial Intelligence (ECAI), 2016 8th International Conference on: . Paper presented at 8th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), 30 June-2 July 2016, Ploiesti, Romania. IEEE conference proceedings
Open this publication in new window or tab >>IDS rule management made easy
2016 (English)In: Electronics, Computers and Artificial Intelligence (ECAI), 2016 8th International Conference on, IEEE conference proceedings, 2016Conference paper, Published paper (Refereed)
Abstract [en]

Signature-based intrusion detection systems (IDSs) are commonly utilized in enterprise networks to detect and possibly block a wide variety of attacks. Their application in industrial control systems (ICSs) is also growing rapidly as modem ICSs increasingly use open standard protocols instead of proprietary. Due to an ever changing threat landscape, the rulesets used by these IDSs have grown large and there is no way to verify their precision or accuracy. Such broad and non-optimized rulesets lead to false positives and an unnecessary burden on the IDS, resulting in possible degradation of the security. This work proposes a methodology consisting of a set of tools to help optimize the IDS rulesets and make rule management easier. The work also provides attack traffic data that is expected to benefit the task of IDS assessment.

Place, publisher, year, edition, pages
IEEE conference proceedings, 2016
Series
International Conference on Electronics Computers and Artificial Intelligence, ISSN 2378-7147
National Category
Computer Sciences
Identifiers
urn:nbn:se:kau:diva-48016 (URN)10.1109/ECAI.2016.7861119 (DOI)000402541200055 ()978-1-5090-2048-5 (ISBN)978-1-5090-2047-8 (ISBN)
Conference
8th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), 30 June-2 July 2016, Ploiesti, Romania
Available from: 2017-02-24 Created: 2017-02-24 Last updated: 2018-01-13Bibliographically approved
Afzal, Z., Lindskog, S. & Lidén, A. (2015). A Multipath TCP Proxy. In: : . Paper presented at The 11th Swedish National Computer Networking Workshop (SNCNW), Karlstad, Sweden, May 28–29, 2015.
Open this publication in new window or tab >>A Multipath TCP Proxy
2015 (English)Conference paper, Oral presentation with published abstract (Refereed)
Abstract [en]

Multipath TCP (MPTCP) is an extension to traditionalTCP that enables a number of performance advantages,which were not offered before. While the protocol specificationis close to being finalized, there still remain some concernsregarding deployability and security. This paper describes theon going work to develop a solution that will facilitate thedeployment of MPTCP. The solution will not only allow non-MPTCP capable end-hosts to benefit from MPTCP performancegains, but also help ease the network security concerns that manymiddleboxes face due to the possibility of data stream beingfragmented across multiple subflows.

National Category
Computer Sciences
Identifiers
urn:nbn:se:kau:diva-39059 (URN)
Conference
The 11th Swedish National Computer Networking Workshop (SNCNW), Karlstad, Sweden, May 28–29, 2015
Available from: 2016-01-18 Created: 2016-01-18 Last updated: 2018-01-10Bibliographically approved
Afzal, Z. & Lindskog, S. (2015). Automated Testing of IDS Rules. In: Software Testing, Verification and Validation Workshops (ICSTW), 2015 IEEE Eighth International Conference on: . Paper presented at 6th International Workshop on Security Testing (SECTEST) - IEEE Eighth International Conference on Software Testing, Verification and Validation Workshops (ICSTW), 13-17 April 2015, Graz. IEEE conference proceedings
Open this publication in new window or tab >>Automated Testing of IDS Rules
2015 (English)In: Software Testing, Verification and Validation Workshops (ICSTW), 2015 IEEE Eighth International Conference on, IEEE conference proceedings, 2015Conference paper, Published paper (Refereed)
Abstract [en]

As technology becomes ubiquitous, new vulnerabilities are being discovered at a rapid rate. Security experts continuously find ways to detect attempts to exploit those vulnerabilities. The outcome is an extremely large and complex rule set used by Intrusion Detection Systems (IDSs) to detect and prevent the vulnerabilities. The rule sets have become so large that it seems infeasible to verify their precision or identify overlapping rules. This work proposes a methodology consisting of a set of tools that will make rule management easier.

Place, publisher, year, edition, pages
IEEE conference proceedings, 2015
National Category
Computer Sciences
Research subject
Computer Science
Identifiers
urn:nbn:se:kau:diva-38996 (URN)10.1109/ICSTW.2015.7107461 (DOI)000373338600057 ()978-1-4799-1885-0 (ISBN)
Conference
6th International Workshop on Security Testing (SECTEST) - IEEE Eighth International Conference on Software Testing, Verification and Validation Workshops (ICSTW), 13-17 April 2015, Graz
Available from: 2016-01-11 Created: 2016-01-11 Last updated: 2018-01-10Bibliographically approved
Afzal, Z. & Lindskog, S. (2015). Multipath TCP IDS Evasion and Mitigation. In: Information Security: 18th International Conference, ISC 2015, Trondheim, Norway, September 9-11, 2015, Proceedings. Paper presented at The 18th Information Security Conference (ISC), Trondheim, Norway, September 9-11, 2015. (pp. 265-282). Springer, 9290
Open this publication in new window or tab >>Multipath TCP IDS Evasion and Mitigation
2015 (English)In: Information Security: 18th International Conference, ISC 2015, Trondheim, Norway, September 9-11, 2015, Proceedings, Springer, 2015, Vol. 9290, p. 265-282Conference paper, Published paper (Refereed)
Abstract [en]

The existing network security infrastructure is not ready for future protocols such as Multipath TCP (MPTCP). The outcome is that middleboxes are configured to block such protocols. This paper studies the security risk that arises if future protocols are used over unaware infrastructures. In particular, the practicality and severity of cross-path fragmentation attacks utilizing MPTCP against the signature-matching capability of the Snort intrusion detection system (IDS) is investigated. Results reveal that the attack is realistic and opens the possibility to evade any signature-based IDS. To mitigate the attack, a solution is also proposed in the form of the MPTCP Linker tool. The work outlines the importance of MPTCP support in future network security middleboxes.

Place, publisher, year, edition, pages
Springer, 2015
Series
Lecture Notes in Computer Science, ISSN 0302-9743 ; 9290
National Category
Computer Sciences
Identifiers
urn:nbn:se:kau:diva-39058 (URN)10.1007/978-3-319-23318-5_15 (DOI)000363678700015 ()978-3-319-23317-8 (ISBN)
Conference
The 18th Information Security Conference (ISC), Trondheim, Norway, September 9-11, 2015.
Available from: 2016-01-18 Created: 2016-01-18 Last updated: 2018-01-10Bibliographically approved
Afzal, Z., Garcia, J. & Lindskog, S.Partial Signature Matching in an MPTCP World using Insert-only Levenshtein Distance.
Open this publication in new window or tab >>Partial Signature Matching in an MPTCP World using Insert-only Levenshtein Distance
(English)Manuscript (preprint) (Other academic)
National Category
Computer Sciences
Identifiers
urn:nbn:se:kau:diva-48173 (URN)
Available from: 2017-03-17 Created: 2017-03-17 Last updated: 2018-08-14Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0001-9886-6651

Search in DiVA

Show all publications