barns.blog

After a stormy close to the conference, we have now returned and settled in Frontier Country. Overall, this was a very worthwhile experience. The conference closed with my presentation in Stream A and despite the fact that I was not asked any questions, I feel that it was a good presentation. Unfortunately, it was the only paper of its kind at the conference and was tacked onto a stream of IS papers. I know it went over the heads of some people.

The presented papers encompassed a wide variety of fields and it was interesting to see this variety and to get an idea of what research occurs in IS. Despite the fact that most of the research was of little interest to me, there are always those little gems which emerge from the conference. Its now time to get back into forward gear and concentrate on getting the next paper out…

Greetings from a sunny, but slightly chilly Wilderness. So far a lot has come out of this conference that I thought I would report on. In an egotistical manner, the best is still to come!

Firstly, we drove down on Sunday and had a wonderful relaxed drive. We stopped for lunch at Storms River and then visited the Tsitsikamma Big Tree. We have enjoyed a good social atmosphere with a large group of people from both the CS and IS departments and it has been enjoyable interacting with them all on a social level. As Kevin observed last night: Three generations of Computing Sciences at one table.

The Masters and Doctoral Symposium yesterday was rather rewarding even for those of us who were not participating in it. I took a few things away from it which could be tackled in the Department or actually at Rhodes in general. The following general comments were made:

• Students frequently don’t structure their research objectives (research question) properly.
• Some of the work being conducted was not research in the sense that students are not illustrating what their work is achieving. In particular, a software project is not a research goal.
• Students need to be more articulate about what is their research and what was others research. Here they also need to sell the research.
• Also, it is important in the research to answer the questions WHAT, WHY, HOW and most importantly, the SO WHAT.

My presentation will be rather different as I was not contributing in the M&D, but rather to SAICSIT itself. This means that I am unlikely to get as much feedback from the audience, but also less criticism.

The presentations today were of mixed value to me, but the most interesting was a discussion of high performance scientific computing using the Amazon EC2. It left me with a few ideas.

The conference hotel is reasonable, but not outstanding. Last nights cruise from Knysna to the Featherbed Nature Reserve and supper in the trees was absolutely superb and will be one of the highlights of the conference.

It has been a while since I commented about anything that I am doing at the moment. This has mainly because I have been altogether too busy to write anything.

In a previous post I commented on how I almost worked myself to death in pursuit of submitting a half-decent paper to SAICSIT for their 2008 conference. Well, I was fairly happy with the submission that I did make, and so it was very rewarding to have it accepted.

Hannah, Colin and I will be attending SAICSIT later in the year and will get the opportunity to present our work at that forum. What was rewarding for this paper is that not only will it be indexed by the ACM, the comments on the proposed taxonomy were in agreement. This gives some credability to the process that I am currently taking in the development of my Scan-Detection engine.

Here comes October…

Well, I have finally submitted my SAICSIT paper. It was a very long process, which nearly killed me. On Friday at 11am we decided to change track entirely and with the deadline on Monday at 2pm.

Its now completed under its new title, “Towards a Taxonomy of Network Scanning Techniques”

Abstract:

Network scanning is a common reconnaissance activity in network intrusion. Despite this, it’s classifcation remains vague and detection systems in current Network Intrusion Detection Systems are incapable of detecting many forms of scanning traffic.

This paper presents a classifcation of network scanning and illustrates how complex and varied this activity is. The presented classifcation extends previous, well known, definitions of scanning traffic in a manner which refects this complexity.

I have now submitted the camera-ready version of the ISSA Paper. It will be published under the title An Evaluation of Scan-Detection Algorithms in Network Intrusion Detection Systems.

Abstract:

Network Intrusion Detection Systems are becoming more prevalent as devices to protect a network. However, the methods they use for some forms of detection are flawed. This paper builds upon existing research by van Riel and Irwin which illustrated these flaws in Snort and Bro’s scan-detection engines. Indeed, it has been ascertained that a number of different scanning techniques are not identified by either Snort or Bro.

This paper highlights current research into the improvement of these scan-detection algorithms and presents insight into how this research is being conducted at Rhodes University. This research will improve on the scan-detection engines in Snort and Bro, permitting them to be used in a production environment without fear of succumbing to the false negative problem which currently exists.