ABSTRACT
Once the development of information technology and network, the problem of information security is becoming increasingly prominent. The scope and content of network security threats continue to expand and evolve, and the network security situation and challenges are becoming increasingly severe and complex. It is becoming more and more important to perceive the network security situation, monitor the network operation status, and ensure the security of information assets.
Security Onion (SO) is a free and opensource Linux distribution for threat hunting, enterprise security monitoring, and log management. Security Onion is used to monitor specific network traffic, detect intrusion actions, and stop the attacker from taking further actions. Bugs in other Linux versions of operating systems may also exist in SO.
This paper presents some existing security bugs in Ubuntu and the Linux kernel and tests whether these exist and lead to security vulnerabilities that can be exploited in Security Onion as well. Kali Linux with Nmap and Metasploit-Framework is used to implement exploits.
- S. Bokhari, The Linux operating system, Computer, vol. 28, no. 8, pp. 74-79, 1995.Google ScholarDigital Library
- A. Silberschatz, J. L. Peterson, and P. B. Galvin, Operating system concepts. Addison-Wesley Longman Publishing Co., Inc., 1991.Google Scholar
- R. I. Pereira, I. M. Dupont, P. C. Carvalho, and S. C. Juca, IoT embedded linux system based on Raspberry Pi applied to real-time cloud monitoring of a decentralized photovoltaic plant, Measurement, vol. 114, pp. 286-297, 2018.Google ScholarCross Ref
- J. Corbet, A. Rubini, and G. Kroah-Hartman, Linux device drivers. O'Reilly Media, Inc., 2005.Google Scholar
- R. Heenan and N. Moradpoor, Introduction to Security Onion, in The First Post Graduate Cyber Security Symposium, 2016.Google Scholar
- K. Ilgun, USTAT: A real-time intrusion detection system for UNIX, in Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy, 1993: IEEE, pp. 16-28.Google Scholar
- S. Kesh, S. Ramanujan, and S. Nerur, A framework for analyzing e-commerce security, Information Management & Computer Security, 2002.Google ScholarCross Ref
- P. Loscocco and S Smalley, Integrating Flexible Support for Security Policies into the Linux Operating System, in USENIX Annual Technical Conference, FREENIX Track, 2001, pp. 29-42.Google Scholar
- F. Valeur, G. Vigna, C. Kruegel, and R. A. Kemmerer, Comprehensive approach to intrusion detection alert correlation, IEEE Transactions on dependable and secure computing, vol. 1, no. 3, pp. 146-169, 2004.Google ScholarDigital Library
- C. Harini and C. Fancy, A Study on the Prevention Mechanisms for Kernel Attacks, in Artificial Intelligence Techniques for Advanced Computing Applications: Springer, 2021, pp. 11-17.Google ScholarCross Ref
- K. B. Ferreira, K. Pedretti, R. Brightwell, P. G. Bridges, D. Fiala, and F. Mueller, Evaluating operating system vulnerability to memory errors, in Proceedings of the 2nd International Workshop on Runtime and Operating Systems for Supercomputers, 2012, pp. 1-8.Google ScholarDigital Library
- O. H. Alhazmi and Y. K. Malaiya, Application of vulnerability discovery models to major operating systems, IEEE Transactions on Reliability, vol. 57, no. 1, pp. 14-22, 2008.Google ScholarCross Ref
- P. F. Linington, Open system interconnection (OSI), in Encyclopedia of Computer Science, 2003, pp. 1288-1289.Google ScholarDigital Library
- D. Ferraiolo, D. R. Kuhn, and R. Chandramouli, Role-based access control. Artech House, 2003.Google ScholarCross Ref
- R. S. Sandhu and P. Samarati, Access control: principle and practice, IEEE communications magazine, vol. 32, no. 9, pp. 40-48, 1994.Google Scholar
- O. Shoewu and O. Idowu, Development of attendance management system using biometrics, The Pacific Journal of Science and Technology, vol. 13, no. 1, pp. 300¬307, 2012.Google Scholar
- J. H. Allen, S. Barnum, R. J. Ellison, G. McGraw, and N. R. Mead, Software security engineering. Pearson India, 2008.Google Scholar
- J. K. Millen, Covert channel capacity, in 1987 IEEE Symposium on Security and Privacy, 1987: IEEE, pp. 60-60.Google Scholar
- T. Karygiannis and L. Owens, Wireless Network Security. US Department of Commerce, Technology Administration, National Institute of ..., 2002.Google Scholar
- S. T. Zargar, J. Joshi, and D. Tipper, A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks, IEEE communications surveys & tutorials, vol. 15, no. 4, pp. 2046-2069, 2013.Google Scholar
- X. Lin, L. Lei, Y. Wang, J. Jing, K. Sun, and Q. Zhou, A measurement study on Linux container security: Attacks and countermeasures, in Proceedings of the 34th Annual Computer Security Applications Conference, 2018, pp. 418-429.Google ScholarDigital Library
- A. Noertjahyana, J. Andjarwirawan, and R. PANGALILA, Information Management System and Website Server Penetration Testing Case Study University, IJSEA, vol. 4, no. 4, pp. 169-173, 2015.Google ScholarCross Ref
- R. G. Bace, Intrusion detection. Sams Publishing, 2000.Google ScholarDigital Library
- R. A. Kemmerer and G. Vigna, Intrusion detection: a brief history and overview, Computer, vol. 35, no. 4, pp. sup127-sup130, 2002.Google Scholar
- B. Mukherjee, L. T. Heberlein, and K. N. Levitt, Network intrusion detection, IEEE network, vol. 8, no. 3, pp. 26-41, 1994.Google Scholar
- R. Verma and S. Bharti, A Survey of Network Attacks in Wireless Sensor Networks, in International Conference on Information, Communication and Computing Technology, 2020: Springer, pp. 50-63.Google ScholarCross Ref
- E. Nikolova and V. Jecheva, Some similarity coefficients and application of data mining techniques to the anomaly-based IDS, Telecommunication Systems, vol. 50, no. 2, pp. 127-135, 2012.Google ScholarDigital Library
- Z. He, T. Zhang, and R. B. Lee, Machine learning based DDoS attack detection from source side in cloud, in 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), 2017: IEEE, pp. 114-120.Google Scholar
- https://cve.mitre.org/Google Scholar
Recommendations
Software Security
ECBS '13: Proceedings of the 20th Annual IEEE International Conference and Workshops on the Engineering of Computer Based SystemsThe importance of IT security is out of doubt. Data, computer and network security are essential for any business or organization. Software security often remains out of focus, from an organization's, a developer's and from an end-user's point of view. ...
Security versus performance bugs: a case study on Firefox
MSR '11: Proceedings of the 8th Working Conference on Mining Software RepositoriesA good understanding of the impact of different types of bugs on various project aspects is essential to improve software quality research and practice. For instance, we would expect that security bugs are fixed faster than other types of bugs due to ...
Cyber Security in Internet of Things using Optimization algorithms: A Systematic Mapping of Literature
IC3-2023: Proceedings of the 2023 Fifteenth International Conference on Contemporary ComputingCybersecurity has emerged as one of the most crucial facets of the Internet of Things (IoT) due to the increased possibility of cyberattacks. IoT cybersecurity aims to lower cybersecurity risk for businesses and users by safeguarding IoT resources and ...
Comments