A resource-preserving self-regulating Uncoupled MAC algorithm to be applied in incident detection
The result's identifiers
Result code in IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F49777513%3A23520%2F19%3A43955230" target="_blank" >RIV/49777513:23520/19:43955230 - isvavai.cz</a>
Result on the web
<a href="https://doi.org/10.1016/j.cose.2019.05.010" target="_blank" >https://doi.org/10.1016/j.cose.2019.05.010</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.1016/j.cose.2019.05.010" target="_blank" >10.1016/j.cose.2019.05.010</a>
Alternative languages
Result language
angličtina
Original language name
A resource-preserving self-regulating Uncoupled MAC algorithm to be applied in incident detection
Original language description
The connectivity of embedded systems is increasing accompanied with thriving technology such as Internet of Things/Everything (IoT/E), Connected Cars, Smart Cities, Industry 4.0, 5G or Software-Defined Everything. Apart from the benefits of these trends, the continuous networking offers hackers a broad spectrum of attack vectors. The identification of attacks or unknown behavior through Intrusion Detection Systems (IDS) has established itself as a conducive and mandatory mechanism apart from the protection by cryptographic schemes in a holistic security eco-system. In systems where resources are valuable goods and stand in contrast to the ever increasing amount of network traffic, sampling has become a useful utility in order to detect malicious activities on a manageable amount of data. In this work an algorithm – Uncoupled MAC – is presented which secures network communication through a cryptographic scheme by uncoupled Message Authentication Codes (MAC) but as a side effect also provides IDS functionality producing alarms based on the violation of Uncoupled MAC values. Through a novel self-regulation extension, the algorithm adapts its sampling parameters based on the detection of malicious actions. The evaluation in a virtualized environment clearly shows that the detection rate increases over runtime for different attack scenarios. Those even cover scenarios in which intelligent attackers try to exploit the downsides of sampling.
Czech name
—
Czech description
—
Classification
Type
J<sub>imp</sub> - Article in a specialist periodical, which is included in the Web of Science database
CEP classification
—
OECD FORD branch
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Result continuities
Project
<a href="/en/project/LO1506" target="_blank" >LO1506: Sustainability support of the centre NTIS - New Technologies for the Information Society</a><br>
Continuities
P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)<br>I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace
Others
Publication year
2019
Confidentiality
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Data specific for result type
Name of the periodical
Computers & Security
ISSN
0167-4048
e-ISSN
—
Volume of the periodical
85
Issue of the periodical within the volume
AUG 2019
Country of publishing house
GB - UNITED KINGDOM
Number of pages
18
Pages from-to
270-287
UT code for WoS article
000475993700016
EID of the result in the Scopus database
2-s2.0-85066237307