Computer networks are based on technology that provides the technical infrastructure where routing protocols are used to transmit packets over the Internet. Routing protocols define how routers communicate with each other by distributing information. They are used to describe how routers communicate with each other, learn available routes, build routing tables, make routing decisions, and share information between neighbors. The main purpose of routing protocols is to determine the best route from source to destination. A particular case of a routing protocol operating within an autonomous system is called an internal routing protocol (IGP – Interior Gateway Protocol). The article analyzes the problem of correctly choosing a routing protocol. Open Shortest Path First (OSPF) and Enhanced Interior Gateway Routing Protocol (EIGRP) are considered leading routing protocols for real-time applications. For this they are chosen to be studied. The main objective of the study is to compare the proposed routing protocols and to evaluate them based on different performance indicators. This assessment is carried out theoretically – by analyzing their characteristics and action, and practically – through simulation experiments. After the study of the literature, the simulation scenarios and quantitative indicators by which the performance of the protocols is compared are defined. First, a network model with OSPF is designed and simulated using the OPNET Modeler simulator. Second, EIGRP is implemented in the same network scenario and a new simulation is done. The implementation of the scenarios shall collect the necessary results and analyze the operation of the two protocols. The data shall be derived and an assessment and conclusion shall be made against the defined quantitative indicators.
A lot of network management tasks require a description of the logical and physical computer network topology. Obtaining such a description in an automatic way is complicated due to the possibility of incompleteness and incorrectness of the initial data on the network structure. This article provides a study on the properties of incomplete initial data on network device connectivity on the link layer. Methods for generalized handling of the heterogeneous input data on the link layer are included. We describe models and methods for deriving a missing part of the data, as well as the condition in which it is possible to get a single correct network topology description. The article includes algorithms for building a link layer topology description from incomplete data when this data is possible to fulfill up to the required level. Also, we provide methods for detecting and resolving an ambiguity in the data and methods for improving incorrect initial data. Tests and evaluations provided in the article demonstrate the applicability and effectiveness of the build methods for discovering various heterogeneous real-life networks. Additionally, we show advantages of the provided methods over the previous analogs: our methods are able to derive up to 99% data on link layer connectivity in polynomial time; able to provide a correct solution from an ambiguous data.
Both timely and adequate response on the computer security incidents and organization losses from the computer attacks depend on the accuracy of situation recognition under the cybersecurity monitoring. The paper is devoted to the enhancement of the attack models in the form of attack graphs for the cybersecurity monitoring tasks. A number of important issues related to the application of attack graphs and their solutions are considered. They include inaccuracies in the definition of the pre- and post-conditions of attack actions, the processing of attack graph cycles for the application of Bayesian inference for the attack graph analysis, the mapping of security incidents on an attack graph, the automatic countermeasure selection in case of a high security risk level. The paper demonstrates a software prototype of the security monitoring system component which was earlier implemented and modified considering the suggested enhancements. The results of experiments are described. The influence of the modifications on the cybersecurity monitoring results is shown on a case study.
The paper describes the overall architecture of the system of intelligent information security services (SIISS) for usage in critical infrastructures, as well as its constituent components. In the overall architecture of SIISS the event level, the data layer and applied level are determined. Structural and functional models of the SIISS overall architecture are outlined to highlight the main functional mechanisms for selected levels. As key components of SIISS, which provide a more detailed description of their architectural design, we consider the event correlation management module, the prognostic security analyzer, the component of attack and security system behavior modelling, the decision support and reaction component, the visualization module, and the repository.
The paper provides an analytical review of perspective research directions according to the talks by leading foreign and domestic experts in the security of computer networks, presented at the 6th International Conference "Mathematical Methods, Models and Architectures for Computer Networks Security» (MMM–ACNS–2012), held in St. Petersburg from 17 to 19 October, 2012. World-known scientists, such as A. Stavrou, B. Livshits, L. Khan, and F. Martinelli, made invited talks. On sections of the conference there were discussed topical issues related to the intrusion prevention, detection, and response, anti-malware techniques, applied cryptography and security protocols, access control and information protection, security event and information management, security modeling and cloud security, and security policies.
The paper is intended to analyze attack modeling problems in large computer networks with the use of different models, methods and tools. The famous models, as well as methods and tools for attack modelling are examined in detail on the basis of the characteristics of large networks as information security related objects and objects of attack, and directions for further development are provided. The role of information security requirements in attack modeling iterations is shown. Examples of attack modeling problems associated with different types of NOT-factors are presented.
1 - 6 of 6 items