1 / 13

Enhanced Security Architecture for Cybercrime Evidence Collection

This presentation discusses an enhanced security architecture model for simplifying and filtering cybercrime evidence collection. It explores the need for a defense-in-depth strategy and presents experiments and results. Specific applications and keywords related to security, confidentiality, trust, and abuse analysis are also mentioned.

wemma
Download Presentation

Enhanced Security Architecture for Cybercrime Evidence Collection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 0 01 010 0100 00101 000110 0000111 00001000 000001001 0000001010 00000001011 000000001100 0000000001101 00000000001110 000000000001111 Enhanced Security Architecture for Cybercrime Evidence Collection Mahmoud Jazzar (Ph. D.) College of Information Technology Royal University for Women Riffa, Kingdom of Bahrain

  2. PRESENTATION AGENDA • Introduction  Security Road-map • Background  Related Research Works The Need of Defense-in-Depth Strategy • Typical vs Enhanced Security Architecture for Cybercrime Evidence Collection • Experiments and Results • Conclusion

  3. SECURITY SPECIFIC APPLICATION ORIENTED • Secure game-play • e-Voting • … CONFIDENTIALITY TRUST ABUSE ANALYSIS • Digital Signature • Public key infrastructure • …. • Man-in-the-Middle (MIM) • Dos/DDoS • Virus/Worm, Spam • Drone Armies • Enterprise level security • Agent-Server Security • Radius/Kerberos • Honeypot/Honeynet • Forensics • Enterprise Audit • Enterprise PenTest Enterprise • Appl. Forensics • Appl. Audit • Appl. Pentest • Database security • Web-based Application Security • SSL, SSH • Buffer Overflow • Format String • Client-side (XST,XSS) • SQL Injection • Phising • Biometrics • Smart Card • One time password Applications • Cryptography (inc. encryption, braid) • steganography • Parallelising crypto operations • Video/Image security • Packet Spoofing • Cryptanalysis • Brute Force • ISN Predictions • Cache Poisoning • Data Forensics • Log/Alert Analysis • False Positive Reduction • Authentication • Non-repudiation • Integrity • Tripwire Data OS (incl. Drivers & Registeries, H/W Interfaces) • OS Forensics • OS PenTest • Intrusion Detection • Rootkit • Trojan Horse • OS Fingerprinting • Sniffing • Hijacking • Re-routing • Network security • Mobile IPv6 security • Tunneling • …. • IPSec • VPN • Firewall • Intrusion Prevention • Trusted OS PROTECTION Physical Network

  4. Due to the dramatic threat of cybercrimes and the network based security concern for different organizations there is attention to deploy more sophisticated intrusion detection sensors (IDS) as first line of defense. An IDS monitors the system activities to decide whether these activities are normal or intrusion. • gathering forensic evidences can be done using variety of means and mediums of delivering and receiving data and information using the Internet. However, finding clear and direct evidence for cybercrimes is critical as there are huge amount of data on the network and the analysis of such data is complex. Network-based IDS process system activities based on network data and make a decision to evaluate the probability of action of these data • the study emphasized on the proposal of an enhanced security architecture model for simplifying and filtering cybercrime evidence collection. A threshold can be established for normal behavior and any deviation from normal behavior profile is considered. INTRODUCTION

  5. Internet IDS Machines, Servers, Networks … IDS Sensor IDS Sensor Administrator Local Network Conventional Network-based IDS Deployment • This research argue to support the current IDS technology of a defense-in-depth strategy at sensor level • This study is conducted to prove the hypothesis that the detection deficiency of IDS sensors can be improved by the supplement of a defense-in-depth strategy at sensor level to elevate higher level analysis operations.

  6. BACKGROUND • Most of network intrusion detection sensors suffer from False Positives • Signatures need updates • Inspection data are not balance and need cleanse and classification • Scenarios are vary …limit detection process • Need robust sensors to defense in depth and work as supplement systems

  7. Network Parallelized Patched Patched Patched Patched infected Infected Network Warning Alert Busy Network

  8. Internet Sniffer IDS Machines, Servers, Networks … Evidence Collection IDS Sensor Evidence preprocessing Local Network Evidence Depository Forensic Agent Report Generator General System Overview

  9. Typical and Enhanced Cloud Data Transaction Architecture

  10. IDS Monitor

  11. IDS Monitor Sets Reduction Rates

  12. Thank You Q&A

More Related