A secure data parser is provided that may be integrated into any suitable system for securely storing and communicating data. The secure data parser parses data and then splits the data into multiple portions that are stored or communicated distinctly. Encryption of the original data, the portions of data, or both may be employed for additional security. The secure data parser may be used to protect data in motion by splitting original data into portions of data, that may be communicated using multiple communications paths.

Secure data parser method and system

The systems and methods of the present invention provide a solution that makes data provably secure and accessible—addressing data security at the bit level—thereby eliminating the need for multiple perimeter hardware and software technologies. Data security is incorporated or weaved directly into the data at the bit level. The systems and methods of the present invention enable enterprise communities of interest to leverage a common enterprise infrastructure. Because security is already woven into the data, this common infrastructure can be used without compromising data security and access control. In some applications, data is authenticated, encrypted, and parsed or split into multiple shares prior to being sent to multiple locations, e.g., a private or public cloud. The data is hidden while in transit to the storage location, and is inaccessible to users who do not have the correct credentials for access.

Systems and methods for securing data in motion

The security of Advanced Metering Infrastructures (AMIs) is of critical importance. The use of secure protocols and the enforcement of strong security properties have the potential to prevent vulnerabilities from being exploited and from having costly consequences. However, as learned from experiences in IT security, prevention is one aspect of a comprehensive approach that must also include the development of a complete monitoring solution. In this paper, we explore the practical needs for monitoring and intrusion detection through a thorough analysis of the different threats targeting an AMI.

/pdf/intrusion-detection-for-advanced-metering-infrastructures-4pw7hn2zbg.pdf

Intrusion Detection for Advanced Metering Infrastructures: Requirements and Architectural Directions

Anomaly detection (AD) use within the network intrusion detection field of research, or network intrusion AD (NIAD), is dependent on the proper use of similarity and distance measures, but the measures used are often not documented in published research. As a result, while the body of NIAD research has grown extensively, knowledge of the utility of similarity and distance measures within the field has not grown correspondingly. NIAD research covers a myriad of domains and employs a diverse array of techniques from simple $k$ -means clustering through advanced multiagent distributed AD systems. This review presents an overview of the use of similarity and distance measures within NIAD research. The analysis provides a theoretical background in distance measures and a discussion of various types of distance measures and their uses. Exemplary uses of distance measures in published research are presented, as is the overall state of the distance measure rigor in the field. Finally, areas that require further focus on improving the distance measure rigor in the NIAD field are presented.

A Survey of Distance and Similarity Measures Used Within Network Intrusion Anomaly Detection

Data processing and an accelerator system therefore are described. An embodiment relates generally to a data processing system. In such an embodiment, a bus and an accelerator are coupled to one another. The accelerator has an application function block. The application function block is to process data to provide processed data to storage. A network interface is coupled to obtain the processed data from the storage for transmission.

Accelerator system for use with secure data storage

Voice over IP (VoIP), also known as Internet telephony, is gaining market share rapidly and now competes favorably as one of the visible applications of the Internet. Nevertheless, being an application running over the TCP/IP suite, it is susceptible to flooding attacks. If flooded, as a time-sensitive service, VoIP may show noticeable service degradation and even encounter sudden service disruptions. Because multiple protocols are involved in a VoIP service and most of them are susceptible to flooding, an effective solution must be able to detect and overcome hybrid floods. As a solution, we offer the VoIP flooding detection system (vFDS)-an online statistical anomaly detection framework that generates alerts based on abnormal variations in a selected hybrid collection of traffic flows. It does so by viewing collections of related packet streams as evolving probability distributions and measuring abnormal variations in their relationships based on the Hellinger distance-a measure of variability between two probability distributions. Experimental results show that vFDS is fast and accurate in detecting flooding attacks, without noticeably increasing call setup times or introducing jitter into the voice streams.

Detecting VoIP Floods Using the Hellinger Distance

Being a fast-growing Internet application, voice over Internet protocol (VoIP) shares the network resources with the regular Internet traffic, and is susceptible to the existing security holes of the Internet. Moreover, given that voice communication is time sensitive and uses a suite of interacting protocols, VoIP exposes new forms of vulnerabilities to malicious attacks. In this paper, we propose a highly-needed VoIP intrusion detection system. Our approach is novel in that, it utilizes not only the state machines of network protocols but also the interaction among them for intrusion detection. This detection approach is particularly suited for protecting VoIP applications, in which a melange of protocols are involved to provide IP telephony services. Based on tracking deviations from interacting protocol state machines, our solution shows promising detection characteristics and low runtime impact on the perceived quality of voice streams

/pdf/voip-intrusion-detection-through-interacting-protocol-state-2y6xzms289.pdf

VoIP Intrusion Detection Through Interacting Protocol State Machines

Recently Voice over IP (VoIP) is experiencing a phenomenal growth. Being a real-time service, VoIP is more susceptible to Denial-of-Service (DoS) attacks than regular Internet services. Moreover, VoIP uses multiple protocols for call control and data delivery, making it vulnerable to various DoS attacks at different protocol layers. An attacker can easily disrupt VoIP services by flooding TCP SYN packets, UDP-based RTP packets, or SIP-based INVITE messages, which pose a critical threat to IP telephony. In this paper, we present an online statistical detection mechanism, called vFDS, to detect DoS attacks in the context of VoIP. The core of vFDS is based on Hellinger distance method, which computes the variability between two probability measures. Using Hellinger distance, we characterize normal protocol behaviors and then detect the traffic anomalies caused by flooding attacks. Our experimental results show that vFDS achieves fast and accurate detection of DoS attacks.

/pdf/fast-detection-of-denial-of-service-attacks-on-ip-telephony-ggvimchq5u.pdf

Fast Detection of Denial-of-Service Attacks on IP Telephony

While network-wide anomaly analysis has been well studied, the on-line detection of network traffic anomalies at a vantage point inside the Internet still poses quite a challenge to network administrators. In this paper, we develop a behavioral distance based anomaly detection mechanism with the capability of performing on-line traffic analysis. To construct accurate online traffic profiles, we introduce horizontal and vertical distance metrics between various traffic features (i.e., packet header fields) in the traffic data streams. The significant advantages of the proposed approach lie in four aspects: (1) it is efficient and simple enough to process on-line traffic data; (2) it facilitates protocol behavioral analysis without maintaining per-flow state; (3) it is scalable to high speed traffic links because of the aggregation, and (4) using various combinations of packet features and measuring distances between them, it is capable for accurate on-line anomaly detection. We validate the efficacy of our proposed detection system by using network traffic traces collected at Abilene and MAWI high-speed links.

Online detection of network traffic anomalies using behavioral distance

The threat of voice spam, commonly known as Spam over Internet Telephony (SPIT) is a real and contemporary problem. If the problem remains unchecked then it may become as potent as email spam today. In this paper, we present two approaches to detect and prevent SPITting over the Internet. Both of our approaches are based on the anomaly detection of the distributions of selected call features (i.e., day and time of calling, call durations etc.). The first approach uses Mahalanobis Distance as a summarization tool and it is able to reliably detect individual spam VoIP calls at a microscopic level. The second approach is designed to detect groups of (potentially collaborating) VoIP spam calls at a macroscopic level. By computing entropy of call durations of groups of calls, we are able to build profile of normal calls and reliably detect the deviation from normal human call behavior that are caused by bulk spam calls. We empirically validate our VoIP spam call detection approaches with real VoIP call traces obtained from a VoIP service provider network. Our experimental results show that call feature distributions can be used to build a fairly general and effective anomalous call behavior detection framework.

/pdf/call-behavioral-analysis-to-thwart-spit-attacks-on-voip-ylt0nqvdv5.pdf

Hemant Sengar

Papers

Detecting VoIP Floods Using the Hellinger Distance

VoIP Intrusion Detection Through Interacting Protocol State Machines

Fast Detection of Denial-of-Service Attacks on IP Telephony

Online detection of network traffic anomalies using behavioral distance

Call Behavioral Analysis to Thwart SPIT Attacks on VoIP Networks