We report a vulnerability to network signature-based IDS which we have tested using Snort and we call “Squealing”. This vulnerability has significant implications since it can easily be generalized to any IDS. The vulnerability of signature-based IDS to high false positive rates has been welldocumented but we go further to show (at a high level) how packets can be crafted to match attack signat...

The evaluation of network risk is a vital task. It is an essential step in securing any network. This evaluation can help security professionals in making optimal decisions about how to design security countermeasures in order to improve security. This paper proposes a risk estimation model that uses vulnerability database National Institute of Standards and Technology (NIST) National Vulnerabi...

The GSM network, commonly called 2G, was designed during the 1980s when the Cold War was still on. Due to political pressure from European governments, the security of GSM was deliberately made weak to allow easy interception by law enforcement agencies. Despite strengthened security in subsequent mobile network technologies of 3G and 4G, the weak security of 2G represents the ‘weakest link’ an...

We focus on the crucial role of network architecture in the defence against targeted attacks. A two-stage strategic game between a network designer and a network disruptor is analyzed. Given a set of nodes, the designer builds a network by investing in costly links. In the second stage, the disruptor deletes (possibly in a costly way) some of the links or nodes to reduce the designer’s benefit ...

Power grids exhibit patterns of reaction to outages similar to complex networks. Blackout sequences follow power laws, as complex systems operating near a critical point. Here, the tolerance of electric power grids to both accidental and malicious outages is analyzed in the framework of complex network theory. In particular, the quantity known as efficiency is modified by introducing a new conc...

A significant challenge in evaluating network security stems from the scale of modern enterprise networks and the vast number of vulnerabilities regularly found in software applications. A common technique to deal with this complexity is attack graphs, where a tool automatically computes all possible ways a system can be broken into by analyzing the configuration of each host, the network, and ...