Volume 5, Issue 1

Volume 5, Issue 1 Editorial

Stylized Image of the Word Editorial

May 2006

Volume 5 starts with a special series on the network security topic of digital security. There are three special papers on this topic. Valli examines the ability of malicious attackers to control machines remotely, Bhuyan examines how honeypots can be use to identify botnets, whilst Yek examines the use of fingerprinting by honeypots.

A Preliminary Investigation into Malware Propagation on Australian ISP Networks using the mwcollect Malware Collector Daemon

ABSTRACT

This paper describes an initial investigation into the propagation of malicious software (malware) that allows for remote command and control of Internet connected machines using the Windows platform in the Australian ISP address space. The research as conducted utilised the mwcollect daemon which is a low interaction honeypot on the Linux platform, to collect the details about the activity. The program mwcollect works by emulation of vulnerable services on the target platform in this case Windows based computers. There were two collectors within the pilot collection system. The machines were running no other Internet services such as http or mail, and were not used by any person - they were simply connected to the Internet. The machines are located on two separate ISP networks and they both utilised high-speed ADSL connections connected to different segments of the Australian ISP network.

Using Honeynets for Discovering and Disrupting IRC-Based Botnets

ABSTRACT

A botnet is a network of compromised computers that can be remotely controlled by an attacker through a predefined communication channel. A computer becomes part of a botnet when it gets infected by a software agent commonly known as a ‘bot’. Studies carried out by various research groups show the presence of hundreds of thousands of such compromised computers across the Internet. The sheer presence of such a large number of bots poses a serious threat to e-business infrastructures in particular and the Internet community at large. There have already been a number of well-documented incidents where such an army of bots has been used to launch Distributed Denial of Service (DDoS) attacks against corporate networks. Research carried out by various bot activity-monitoring groups also indicates that in recent months there has been a shift towards using these bots and botnets for monetary gains and espionage activities.

Investigating the Accuracy of Wired and Wireless TCP/IP Fingerprinting on Honeyd

ABSTRACT

TCP/IP fingerprinting is a technique used to identify the unique network stack characteristics of an Operating System (OS) and may identify a digital device by its version, vendor and operating platform. The popular network scanning tool Network Mapper (NMAP) employs TCP/IP fingerprinting to discover host to a high degree of granularity from the manipulation of flag settings in packets. In this research, the honeyd honeynet was configured to test the accuracy of NMAP OS name resolution over a wired and wireless medium. The results indicated how the TCP/IP spoofing capabilities of honeyd could be a realistic network countermeasure.

Biometric vs. Password Authentication: A User’s Perspective

ABSTRACT

This study investigates the main factors that affect adoption of biometric authentication. A purposive sample of 85 network users from the Philadelphia area was used for this study. A laboratory experiment was also carried out to assess false reject and false accept rates. The study found that a large majority (84%) of people would prefer biometric authentication. Privacy, cost, accuracy, and the perception of biometric technology are the main concerns that hinder adoption of this technology. False accept rate was found not to be high enough to cause concerns. Finally, the many benefits of using biometric authentication greatly outweigh those of password authentication.

Security Management: Modelling Critical Infrastructure

ABSTRACT

Secure management of Australia’s commercial critical infrastructure presents ongoing challenges to owners and the government. Currently a high-level information sharing collaboration between the government and business manages complex security issues, but critical infrastructure protection also lacks a scalable model exhibiting the overall structure of critical infrastructure at various levels, sectors and sub-sectors. This research builds on the work of Marasea and Warren (2003) to establish a representative model of Australia’s critical infrastructure; discusses the boundaries between critical infrastructures, and considers the existence and potential influence of critical infrastructure relationships.

Anticipatory Decision-Making Support Using a Bayesian Network

ABSTRACT

The changing Information Warfare environment requires that a decision-maker have effective processes to manage situations. This research paper presents an outline of anticipatory decision-making and indicates the usefulness of the Bayesian method for decision-making support. The Bayesian paradigm provides an elegant approach to pursue rational decisions in uncertain conditions. The main contribution of this constructive study has been to develop a network for time expanded anticipatory decision-making for actions of Information Warfare and Security generally.

Journal of Information Warfare

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

Quick Links

View the latest issue of JIW.

Latest Edition

Purchase a subscription to JIW.

Subscribe

Media Parner to JIW.

Media Partner

Keywords

Quill Logo

The definitive publication for the best and latest research and analysis on information warfare, information operations, and cyber crime. Available in traditional hard copy or online.

SUBSCRIBE NOW

Get in touch

  • Journal of Information Warfare
    114 Ballard Street
    Yorktown, VA
    23690
  • 757.234.6664
  • jiw@gbpts.com