• No results found

PICQUET: Controlling Malicious Nodes in a Network

N/A
N/A
Protected

Academic year: 2020

Share "PICQUET: Controlling Malicious Nodes in a Network"

Copied!
5
0
0

Loading.... (view fulltext now)

Full text

(1)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 3, Issue 10, October 2013)

558

PICQUET: Controlling Malicious Nodes in a Network

Aarti R. Shelukar

1

, Nisarga K. Patil

2

, Poonam M. Bagul

3

, Jinee H. Patel

4

, Prof. S. R. Lahane

5

Gokhale Education Society’s R. H. Sapat College of Engineering, Management Studies and Research, Nasik - 422 005, (M.S.), INDIA

Department of Computer Engineering, Nasik.

Abstract— now days there are many assailants were trying to attack on server using various tools but there are also some firewall present for prevent it. But in case of using Linux OS firewall has some of disadvantages – filters incoming n outgoing packets only, system oriented (separate for each node), doesn’t prevent attacks. To prevent the network form attackers, Picquet is the system which is used to blocking malicious user in network. Malicious users are those who perform misbehaving activity in network. The major advantage of this system is to allow honest user to work in network. Picquet provides privacy for transferring file from server to client and vice versa. Using Picquet any user can check his/her status whether he/she is blocked or not. Our system ensures that our Network does not fail due to the attackers or Hacker and Administrator can block attacker for that activity. We note that if the admin is not present over the network to handle the attacks then he/she can able to handle the system using his/her GPRS enabled mobile.

Index Terms— blacklisting, privacy, GPRS, Malicious activity, Attacker

I. INTRODUCTION

Picquet is the system which is used to blocking malicious user in network. Malicious users are those users who perform misbehaving activity in network. The major advantage of this system is to allow honest user to work in network. Picquet provides privacy for transferring file from server to client and vice versa. Using Picquet any user can check his/her status whether he/she is blocked or not.

Previously software was system oriented which means security was limited to system itself. So it was difficult to maintain misbehaving activity in the network. And it doesn’t mobile network services. These all software was windows oriented but we are designing software for Linux security. E.g. the only security provided for Linux is firewall. But the drawback of firewall is that it just filters packets, it is system oriented & it does not provide user interface.

Nowadays web services technology is widely used to integrate heterogeneous systems and develop new applications.

Here an application of Securing a networks systems by web services, intruders, attackers is presented. PICQUET System integrates mainly two type of system that is IPS (Intrusion Prevention System) & IDS (Intrusion Detection System) together. This integration solution can add or expand Security of Networks based on Linux in any size of Networks and can manageable to any type of Organization. This system increases quality and speed of service in network. Main objective of the System is to prevent the network against the intruders, aggressors, attackers. It acts as an IDS & IPS both system means system is able to track the attack and can prevent network from that attack.

In traditional UNIX models, the root user is all powerful. Root is not restricted from the rules and regulations of the file system, and has abilities that other users do not: putting interfaces into indiscriminate mode, for example. Many folks realized that this uncontrolled access could be a bad thing. Should vulnerability be found in a program that is run as root, it could cause limitless damage. More importantly, should an attacker manage to gain root access to the machine, there is no limit to what they could do and there is no limit how much they can damage our system.

The Linux Intrusion Detection System (LIDS) is a Linux kernel patch that will allow users to take away the all-powerful nature of root. It will be able to give programs exactly the access that they need, and no more. The root user can be expose all his majesty until he is no more powerful than any other user. so at the end, it is possible to have a completely operative system, without worry that some recalcitrant process or malicious attacker can destroy a machine beyond adjustment. All in all PICQUET is a one of the good software for Linux OS but the disadvantage of using PICQUET is that network admin should be continue reside on Server. We cannot handle system without using PC [1].

(2)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 3, Issue 10, October 2013)

559

SELinux is a practical implementation of mandatory access control being applied to a real-world operating system. Due to SELinux it is possible to create systems which have a very strong level of security: systems which can even resist being attacked through vulnerabilities in programs running at the highest levels of system privilege.

The SELinux implementation uses role-based access control (RBAC), which provides abstracted user-level control based on Type Enforcement (TE). TE uses a matrix to handgrip access controls, and accomplishes policy rules based on the types of processes running on host. Process types can be called as domains, and a cross-reference on the matrix of the process's domain and the object's type defines their cooperation. This system maintains a high level of granularity in a Linux system.[2]

We reviewed the major techniques in the field of anonymous communications. They focused on cryptographic primitives, mix net-based systems, DC-net-based systems, network routing DC-net-based systems, and peer-to-peer networks. They briefly described the applications of verifiable mix nets and applications to electronic voting. Though research in anonymous communications has been going on extensively for nearly three decades, it is still a very new and active research area. Design of practical, low-latency, and robust anonymous communication systems is of high practical importance. As portable wireless devices and wireless sensor networks continue to grow and become more common, scalability and efficiency are becoming the next impetus and the most challenging design issues in this area. Some of the attacks from anonymous network cannot be prevented as they don’t know about source of attacker. This concept is usually using in the Internet to hack a website or personal account. We go through this paper they include various term regarding anonymous networks and security.[3].

1.1 Our Solution

PICQUET system provides servers with a means to block misbehaving users of a network. Blocking a particular user, however, is a tough task since that user can acquire several identities—the Sybil attack is well known in this affection. Our system, therefore, focuses on blocking users that are (usually) does some malicious activity in Network. In this paper, we focus on IP addresses as the resource also the mischievous process. Our system ensures that the Network does not fail due to the attackers or Hacker and Administrator can block attacker for that activity. We note that if the admin is not present over the network to handle the attacks then he/she can able to handle the system using his/her GPRS enabled mobile.

In short first step will be the scanning all nodes present in a network, while checking is any one of them is performing a mischievous or not? PM Continuously looks after the each process running on individuals PC’s. If any one of them is found mischievous it will simply send alert to the administrator. It will send a warning to stop there activity, if it stops their activity then it is allowed to work in Network but, if it is still misbehaving admin will simply blocks them from network. Finally blocked user will receive the message that it has been blocked. So, using this strategy we can secure the network from intruders.

In figure, Pseudo-PICQUET Manager continuously scans all nodes present in a network, and checks that is any one of them is honestly working or misbehaving? Pseudo-PICQUET Manager uninterruptedly looks after the each process running on individuals PC’s. It will send all of this information to the PICQUET Manager. It resides over the server to control the malicious activity. It contains the list of authorized and un-authorized activity. It compares the status of each node with this list. If any of nodes is found performing un-authorized activity then it will inform about that node to the Server.

[image:2.612.334.558.484.671.2]

Server will simply send alert or notification to that particular node. If node stops its activity then the node is allowed to work in Network but, if node still misbehaving admin will simply Block that Process. If again node tries to perform that activity again then PICQUET manager will shut down that particular system. Finally blocked user will receive the message that they have been blocked.

(3)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 3, Issue 10, October 2013)

560

There will be some situation occurs where admin is not present when some misbehaving activity is going on, then at that time PM sends alert message to admin’s GPRS enable mobile phone. Then admin will log in to server via GPRS enable mobile phone and simply block that malicious user as shown in figure.

II. AN OVERVIEW TO PICQUET

2.1 System Scanner

Our System starts with the scanning the currently running processes on clients computer. It checks the status of the each node in the network in order to know that the node is behaving or misbehaving. With the help of task manager system scanner will able to see the each process running on each workstation. It will have a list of currently running process on its screen and hence it will send this list to pseudo-PICQUET Manager. System Scanner is the module works at client side so as to know the status of each node present in a network.

This module processes the scan request made by PICQUET Manager and gives response by providing the currently running processes on each node to the PICQUET Manager.

It also processes the request of process control. Process control is the request made by PICQUET Manager either to kill the running process or to know the status of a particular node in detail. This module works along with another module called Pseudo-PICQUET Manager.

2.2 The Pseudonym Manager

Pseudo-PICQUET Manager resides at the client side. It works along with System Scanner. That means it will scan the currently running processes on clients computer. Major task of this module is to provide the all information of the currently running process to the PICQUET Manager. As client gets connected to server Pseudo-PICQUET Manager gets triggered. It will communicate with the PM. It is the mediator between the System Scanner and PICQUET Manager. It also controls all clients present in network and manages the flow of communication in a network.

2.3 The PICQUET Manager

This Module is the major part of the PIQUET System. Administrator will login to the system through this module. It resides over the server. PICQUET Manager controls the malicious activity. It encompasses the list of authorized and un-authorized processes.

PICQUET Manager will first make a scan request through Pseudo-PICQUET Manager to System scanner to get the status of each node first. As it got a response of scan request it will look out over all networks by comparing the status of each node with this predefined-list of malicious activities.

If found to be un-authorized activity is done by any node then it will inform about that node to the Server. Then Server will first send a warning to the particular node, if a node shutdowns that process then node can able to stay in working mode. If a node still misbehaving that malicious activity then that activity shutdowns itself or may be its system will shut down. This module does the main part of the whole system. Whole system is controlled through this module.

2.4 Alert Generator

Alert generator works along with the Server and PICQUET Manager. Alert generator gets activated by the server. Server will activate this module if there is a need to send any type of alerts or notifications. Admin will login to the system through PM module. Then its first task is to activate the Alert generator is deactivated then PM will not able to send or receive the various request such as scan request, process control request etc. Alert Generator will only produce the alerts according to the server’s instruction. It will produce the alerts like warnings, blocking a node, blacklist of nodes etc.

2.5 Mobile Controller

Mobile Controller is the module that will actually make the PICQUET System more robust, Compatible, and Flexible. The whole system is based on client server architecture so if due to any circumstances Server gets fail then it will be a huge disadvantage. So the solution is that the system can be handled using a portable device that is Mobile.

(4)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 3, Issue 10, October 2013)

561

III. SYSTEM FEATURES

The PICQUET System is a patch and admin tools which enhances the kernel's security. It implements a Mandatory access control in the Linux kernel. When it is in effect, chosen access to file, every network's administrative operations, any capability use, device, memory and I/O access can be made impossible even for root. It uses and extends the system capabilities bounding set to control the whole system and adds some network and file-system security features in kernel to enhance the security. You can finely concern with security protections online, sensitive processes, receive security alerts through the network.

In short, with the security model called PICQUET provides A Protection, Detection and Response in the Linux system.

3.1 Protection

PICQUET provides the following protection:

 PICQUET can protect important files and directories on your hard disk no matter what file-system type they reside on, anybody include root cannot change the files.

 PICQUET can also protect the important process from being killed.

 PICQUET can protect your sensitive files on the system to prevent un-authorized users (including root) and unauthorized program to access them.

3.2 Detection

When someone scans your host, PICQUET can detect it and inform the administrator. PICQUET can also notice any activity on the system which violates the rules.

3.3 Response

When someone violates the rules, PICQUET can log the detail message about the violated action to the system log file which has been protected by PICQUET. PICQUET can also send the log message to your mailbox. In this case, PICQUET can also shutdown the user's session at once.

Algorithm for PICQUET Manager: Step1: Administrator login to the system. If (strcmp(username && password) == 0) then allow

Else

user unable to log in.

Step 2: Admin request to pseudo manager to get the status of

each node.

Step 3: Then it checks for all request & grant the permission

according to the list provided.

Step 4: Admin checks which type of request.

According to the list provided by pseudo manager it

grant the permission.

Step 5: Admin also checks for mischievous user in the network

If any user misbehaving then Admin activates alert manager.

Else allow the user to continue the work.

Step 6: Admin maintain the black list also.

Step 7: If Admin not present at the system then he/she can handle it by mobile using mobile controller.

Step 8: Stop

Algorithm for pseudo Picquet manager

Step 1: Pseudo manager takes the request from the system scanner.

Step 2: Then it will provide the information to the Picquet manager.

Step 3: Pseudo manager establish the connection between the

node & Picquet manager.

Step 4:Stop.

Algorithm for scanner

Step 1: Scans each node in the node.

Step 2: Provide information to the pseudo manager.

Step 3: Stop.

Algorithm for mobile controller

Step 1: Login to the system using GPRS.

Step 2: Admin is allow to operate the Picquet manager through

mobile.

(5)

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459,ISO 9001:2008 Certified Journal, Volume 3, Issue 10, October 2013)

562

IV. CONCLUSIONS

We have proposed and built a comprehensive credential system called PICQUET, which can be used for protecting our Linux Based network and also system is portable i.e. handled using Mobile device having GPRS facility. Servers can blacklist disobedient users while maintaining privacy, and we show how the properties can be attained in a way that is practical, powerful, and sensitive to the needs of both users and services.

We can assume that our system will increase the mainstream acceptance of security to Linux Based Networks has, thus far, been completely blocked by several services because of users who abuse their rights.

Acknowledgments

We take this opportunity to express our profound gratitude and deep regards to my guide Prof.S.R.Lahane for his exemplary guidance, monitoring and constant encouragement throughout the course of this thesis. The blessing, help and guidance given by him time to time shall carry me a long way in the journey of life on which we about to embark.

REFERENCES

[1] http://www.tjscott.net/ids/lids.faq.htm

[2] ―Survey on anonymous communications in computer networks‖ Jian Ren , Jie Wu Michigan State University, East Lansing, MI 48824, USA Temple University, Philadelphia, PA 19122, USA

[3] ―Pseudonym Systems ― Anna Lysyanskaya, Ronald L. Rivest, Amit Sahai, Stefan Wolf MIT LCS , 545 echnology Square, Cambridge, MA 02139 USA, {anna, rivest, amits} @theory.lcs.mit.edu Computer Science Department, ETH Zurich, CH -8092 Zurich, Switzerland, wolf@inf.ethz.ch

[4] http://docs.fedoraproject.org/enUS//Fedora/18/pdf/Security_Guide/F edora-18-Security_Guide-en-US.pdf

[5] Nymble: Blocking Misbehaving Users in Anonymizing Networks Patrick P. Tsang, Apu Kapadia, Member, IEEE, Cory Cornelius, and Sean W. Smith.

[6] Ronald L. Rivest, Adi Shamir, and Yael Tauman. How to leak a secret. In Colin Boyd, editor, ASIACRYPT, volume 2248 of LNCS, pages 552–565. Springer, 2001

Figure

Fig. 1. The PICQUET system architecture showing the various modes of interaction.

References

Related documents

• The latest approach to benchmarking • Continuous monitoring of specific process performance with a select group of benchmarking partners time 1st Benchmarking project

Insurance Absolute Health Europe Southern Cross and Travel Insurance • Student Essentials. • Well Being

A number of samples were collected for analysis from Thorn Rock sites in 2007, 2011 and 2015 and identified as unknown Phorbas species, and it initially appeared that there were

• to aid teachers in understanding the role of student standards in language education • to provide instruction in training students effectively in the use of technology •

Local Exhaust: When finishing tasks produce concrete dusts in excess of applicable exposure standards, use sufficient local exhaust to reduce the level of respirable

There are eight government agencies directly involved in the area of health and care and public health: the National Board of Health and Welfare, the Medical Responsibility Board

Animals at high risk of developing colon cancer were given probiotics and the researchers looked for the appearance of tumours, or early signs of damage to the intestinal

The Asia Tour: Tokyo Dental College (Japan), Korean Dental Society (Korea), National Kaohsiung Medical College, National Tainan Medical College (Republic of China), Hong