This paper presents a system that is able to detect physical intrusion in a specific space based on temperature and humidity change. This specific space was housing hardware components important for information security management infrastructure. Presented system is able to predict that two spaces are connected and that there is a physical breach in protected space. The presented prediction approach involves identifying patterns in historical data, where the subsequent outcomes are already known in advance, and validating these patterns using more recent data. System is implemented using k-Nearest Neighbours, Random Forest, and Support Vector Machine algorithms in Python programming language on Raspberry Pi. Real observed data to predict if specific temperature and humidity indicates intrusion were used. This approach can be used to detect intrusions in the room or in other closed space. More specifically thermal equilibrium phenomenon between two spaces after barrier between them are opened was monitored. Through process of supervised learning using labelled data, system was able to detect intrusion by using k-nearest neighbours, random forest, and support vector machine with different accuracy. Presented model shows better results using k-nearest neighbours and support vector machine with accuracy of 100% compared to random forest with accuracy of 95%. The system is low cost because of cheap Raspberry Pi controller and sensors.

Denial of Service (DoS) attacks, particularly the distributed variant known as DDoS, are easily initiated but pose significant challenge in terms of mitigation, especially in the case of DDoS. These attacks involve the use of a vast number of packets, often generated by specialized programs and scripts, crafted for specific attack types like SYN flood, ICMP Smurf, and similar. Malicious DoS packets share similar attributes, such as packet length, interval time, destination port, TCP flags, and the number of connections to the same host or service. To rapidly identify anomalous packets amidst legitimate traffic, we propose a system that incorporates the Newcombe-Benford power law and Kolmogorov-Smirnov test. This approach enables the detection of matching first occurrences of leading digits, such as packet size indicating the use of automated scripts for malicious purposes, and the count of connections to the same host or service.

Denial of Service attacks and the distributed variant of this type of attack called DDoS are attack types which are easy to start but hard to stop especially in the DDoS case. The significance of this type of attack is that attackers use a large number of packets usually created with programs and scripts for creating specially crafted types of packets for different types of attack such as SYN flood, ICMP smurf, etc. These packets have similar or identical attributes such as length of packets, interval time, destination port, TCP flags etc. Skilled engineers and researchers use these packet attributes as indicators to detect anomalous packets in network traffic. For fast detection of anomalous packets in legitimate traffic we proposed Interactive Data Extraction and Analysis with Newcombe-Benford power law which is able to detect matching first occurrences of leading digits – size of each packet that indicate usage of automated scripts for attack purposes. Power law can be used to detect the same first two, three, or second digits, last one or two digits in data set etc. We used own data set, and real devices.

Today IT vendors and mail/web/internet providers put their cloud strategy in the first place. Challenges such as data security, privacy protection, data access, storage model, lack of standards and service interoperability were set up almost ten years ago. This paper presents a part of the research on the cloud security systems at the infrastructure layer and its sublayer — network layer. To analyze and protect cloud systems we need storage and machines with extra features. Due to these needs, we used new technologies from Microsoft to suggest framework of host and network based systems for cloud intrusion detection and prevention system (CIDPS). The purpose of this research is to recommend use of the architecture for the detection network anomalies and protection of large amounts of data and traffic generated by cloud systems.

The threat of resource starvation attacks is one of the major problems for the e-Business. More recently these attacks became threats for Cloud environments and Denial of Service is a sub-category of these kinds of attack. The network management is process of taking proactive actions before the attack has taken effect which is responsibility of skilled employees — network managers. In recent time vulnerability testing skills are needed to harden system security. These skills have to be developed thus for we created scenario in a controlled environment, to provide opportunity for student trainees to train their skills, so that defense could be prepared. This paper describes a simulation-based training scenario using simulator and by using hacking tools in which student trainees experience the symptoms and effects of a DDoS attack, practice their responses in a simulated environment, with goal to prepare them for the real attacks.

Cloud computing became very popular in past few years, and most of the business and home users rely on its services. Because of its wide usage, cloud computing services became a common target of different cyber-attacks executed by insiders and outsiders. Therefore, cloud computing vendors and providers need to implement strong information security protection mechanisms on their cloud infrastructures. One approach that has been taken for successful threat detection that will lead to the successful attack prevention in cloud computing infrastructures is the application of machine learning algorithms. To understand how machine learning algorithms can be applied for cloud computing threat detection, we propose the cloud computing threat classification model based on the feasibility of machine learning algorithms to detect them. In this paper, we addressed three different criteria types, where we considered three types of classification: a) type of learning algorithm, b) input features and c) cloud computing level. Results proposed in this paper can contribute to further studies in the field of cloud threat detection with machine learning algorithms. More specifically, it will help in selecting appropriate input features, or machine learning algorithms, to obtain higher classification accuracy.

– Cloud computing is a trending technology, as it reduces the cost of running a business. However, many companies are skeptic moving about towards cloud due to the security concerns. Based on the Cloud Security Alliance report, Denial of Service (DoS) attacks are among top 12 attacks in the cloud computing. Therefore, it is important to develop a mechanism for detection and prevention of these attacks. The aim of this paper is to evaluate Support Vector Machine (SVM) algorithm in creating the model for classification of DoS attacks and normal network behaviors. The study was performed in several phases: a) attack simulation, b) data collection, c) feature selection, and d) classification. The proposed model achieved 100% classification accuracy with true positive rate (TPR) of 100%. SVM showed outstanding performance in DoS attack detection and proves that it serves as a valuable asset in the network security area.

Many organizations suffer great losses due to risk materialization connected to implemented Bring Your Own Device (BYOD) policy because of missing implemented and maintained bests practices and standards for information security. With goal of better dealing with security vulnerabilities caused with implementation of new services and policies such as BYOD policy, measurement of maturity level in secure usage of BYOD is necessary. In this paper we presented approach for creating metrics which can be used to align security policies with BYOD policy in creating metrics based on ISO 27000 standard family.

Penetration testing is the process of detecting computer vulnerabilities and gaining access and data on targeted computer systems with goal to detect vulnerabilities and security issues and proactively protect system. In this paper we presented case of internal penetration test which helped to proactively prevent potential weaknesses of targeted system with inherited vulnerabilities which is Bring Your Own Device (BYOD). Many organizations suffer great losses due to risk materialization because of missing implementing standards for information security that includes patching, change management, active monitoring and penetration testing, with goal of better dealing with security vulnerabilities. With BYOD policy in place companies taking greater risk appetite allowing mobile device to be used on corporate networks. In this paper we described how we used network hacking techniques for penetration testing for the right cause which is to prevent potential misuse of computer vulnerabilities. This paper shows how different techniques and tools can be jointly used in step by step process to successfully perform penetration testing analysis and reporting.

Computer forensic is the practice of collecting, analyzing and reporting evidences in a way that is legally admissible “in open court” or “public” as a part of criminal investigation process. It can be used in the detection and prevention of crime and in any dispute where evidence is stored digitally. In this paper we presented case of criminal activity in progress where forensic using hacker tools helped to proactively prevent criminal act of blackmail in progress. This approach was acceptable to company owner because public case would bring negative publicity and because incident resolution time was very important criteria for this case. Many organizations suffer great losses because of missing implementing standards for information security that includes segregation of duties, and active monitoring. In this paper we described how we used network hacking for forensic investigation for the right cause which is to prevent criminal activity in progress. This paper shows how different techniques and tools can be jointly used in step by step process to successfully perform forensic analysis and reporting.

In long duration emergency and large scale disaster situations, information on asset position, information of current and information history of weather conditions, and communication are crucial for every rescue operation. Picture and voice are crucial so that affected population can make important decisions and take actions. Available technology offers affordable (low cost) and robust infrastructure solutions in disaster relief situations supported by radio amateur communication. In this paper we presented three types of services for which same hardware in essence can be used. First service is for GPS location mapping, second one is for VOIP communication, and third one is to provide real time video capturing. GPS location mapping was performed by using APRS-IS SDR, VOIP communication is performed via radio-svxlink-Internet using Echolink (svxlink which is linux compatible version) software, and for video capturing was used using Motion software. All above stated services is possible to install on low energy microcomputer such as Raspberry Pi which can be powered with 5 V battery or with mobile phone power adapter.

Radio amateurism is a hobby, which helped in pioneering many innovations that we are using today. Hobbyists, which use radio communication to communicate, are called Hams. Radio communications has great history and Hams are part of it. Radio amateurism is a hobby which plays great part in emergency and disaster relief situations when conventional communications became unavailable. Technology built around radio communication is suitable in education to test study cases, and gain knowledge in wireless and computer communications. Purpose of this paper is to experiment with open source VOIP software (svxlink) using, cheap microcomputer hardware, one of available Linux distributions, radio amateur frequencies, radio amateur transceivers and antennas. Different technological issues brought together in this paper such as wired and wireless communication, VOIP over Internet with voice coming from radio amateur equipment and vice versa. We also tested integrated automatic position reporting system (APRS) because svxlink has capability to dynamically update data on APRS server what is capability with potential many applications such as active and passive measuring activities of VOIP users, users' mobility, and other applicable APRS functionalities as well. In this paper are published experiences from real disaster situation during floods and mudslides which hits Bosnia and Herzegovina in May 2014.

Radio communication has great history of innovations. A hobby which helped in pioneering many innovations in radio communications that we are using today is radio amateurism. Hams are radio amateur hobbyists, which use radio communication to communicate, research, and explore new radio technologies and applications, such as Automatic Packet Reporting System (APRS), which is digital communications information channel for Ham radio. Among other purposes APRS is used to report and map position of any stationary or mobile object via radio. In this paper we presented a low cost APRS client-server infrastructure using Raspberry Pi, APRSdroid, and software defined radio (SDR).

With computers, and other electronic devices being involved in an increasing number, and type, of crimes the electronic trace left on electronic media can be a vital part of the legal process. To ensure acceptance by courts, accepted processes and procedures need to be acquired and demonstrated which are not dissimilar to the issues surrounding traditional forensic investigations. Forensic technology makes it possible to: identify privacy issues; establish a chain of custody for provenance; employ write protection for capture and transfer; and detect forgery or manipulation. It can extract and mine relevant metadata and content; enable efficient indexing and searching by curators; and facilitate audit control and granular access privileges. In recent years, digital forensics has emerged as an essential source of tools and approaches for facilitating digital preservation and curation, specifically for protecting and investigating evidence from the past. Institutional repositories and professionals with responsibilities for personal archives can benefit from forensics in addressing digital authenticity, accountability and accessibility. Digital personal information must be handled with due sensitivity and security respecting available standards while demonstrably protecting its evidential value. A digital forensic investigation is a special case of a digital investigation where the procedures and techniques that are used will allow the results to be entered into a court of law. Computer forensics is a new and fast growing field that involves carefully collecting and examining electronic evidence that not only assesses the damage to a computer as a result of an electronic attack, but also to recover lost information from such systems to prosecute criminals. With the growing importance of computer security today and the seriousness of cyber-crime, it is important for computer professionals to understand the technology used in computer forensics. Keywords: Computer forensics, image acquisition, digital preservation, data recovery

Rationale for this work was driven by need to create secure remote repository for contest log activities of radio amateurs (Hams) and remote access to Ham radio where data integrity would be protected using VPN. Owners of remote Ham radio stations have to consider overhead of specific technology such as VPN prior making decision to use it. In this paper are presented results of VPN performance measurement on different network types and different VPN applications.