network security Recently Published Documents

Total documents.

  • Latest Documents
  • Most Cited Documents
  • Contributed Authors
  • Related Sources
  • Related Keywords

A Survey on Ransomware Malware and Ransomware Detection Techniques

Abstract: is a kind of malignant programming (malware) that takes steps to distribute or hinders admittance to information or a PC framework, for the most part by scrambling it, until the casualty pays a payoff expense to the assailant. As a rule, the payoff request accompanies a cutoff time. Assuming that the casualty doesn't pay on schedule, the information is gone perpetually or the payoff increments. Presently days and assailants executed new strategies for effective working of assault. In this paper, we center around ransomware network assaults and study of discovery procedures for deliver product assault. There are different recognition methods or approaches are accessible for identification of payment product assault. Keywords: Network Security, Malware, Ransomware, Ransomware Detection Techniques

Analysis and Evaluation of Wireless Network Security with the Penetration Testing Execution Standard (PTES)

The use of computer networks in an agency aims to facilitate communication and data transfer between devices. The network that can be applied can be using wireless media or LAN cable. At SMP XYZ, most of the computers still use wireless networks. Based on the findings in the field, it was found that there was no user management problem. Therefore, an analysis and audit of the network security system is needed to ensure that the network security system at SMP XYZ is safe and running well. In conducting this analysis, a tool is needed which will be used as a benchmark to determine the security of the wireless network. The tools used are Penetration Testing Execution Standard (PTES) which is one of the tools to become a standard in analyzing or auditing network security systems in a company in this case, namely analyzing and auditing wireless network security systems. After conducting an analysis based on these tools, there are still many security holes in the XYZ wireless SMP that allow outsiders to illegally access and obtain vulnerabilities in terms of WPA2 cracking, DoS, wireless router password cracking, and access point isolation so that it can be said that network security at SMP XYZ is still not safe

A Sensing Method of Network Security Situation Based on Markov Game Model

The sensing of network security situation (NSS) has become a hot issue. This paper first describes the basic principle of Markov model and then the necessary and sufficient conditions for the application of Markov game model. And finally, taking fuzzy comprehensive evaluation model as the theoretical basis, this paper analyzes the application fields of the sensing method of NSS with Markov game model from the aspects of network randomness, non-cooperative and dynamic evolution. Evaluation results show that the sensing method of NSS with Markov game model is best for financial field, followed by educational field. In addition, the model can also be used in the applicability evaluation of the sensing methods of different industries’ network security situation. Certainly, in different categories, and under the premise of different sensing methods of network security situation, the proportions of various influencing factors are different, and once the proportion is unreasonable, it will cause false calculation process and thus affect the results.

The Compound Prediction Analysis of Information Network Security Situation based on Support Vector Combined with BP Neural Network Learning Algorithm

In order to solve the problem of low security of data in network transmission and inaccurate prediction of future security situation, an improved neural network learning algorithm is proposed in this paper. The algorithm makes up for the shortcomings of the standard neural network learning algorithm, eliminates the redundant data by vector support, and realizes the effective clustering of information data. In addition, the improved neural network learning algorithm uses the order of data to optimize the "end" data in the standard neural network learning algorithm, so as to improve the accuracy and computational efficiency of network security situation prediction.MATLAB simulation results show that the data processing capacity of support vector combined BP neural network is consistent with the actual security situation data requirements, the consistency can reach 98%. the consistency of the security situation results can reach 99%, the composite prediction time of the whole security situation is less than 25s, the line segment slope change can reach 2.3% ,and the slope change range can reach 1.2%,, which is better than BP neural network algorithm.

Network intrusion detection using oversampling technique and machine learning algorithms

The expeditious growth of the World Wide Web and the rampant flow of network traffic have resulted in a continuous increase of network security threats. Cyber attackers seek to exploit vulnerabilities in network architecture to steal valuable information or disrupt computer resources. Network Intrusion Detection System (NIDS) is used to effectively detect various attacks, thus providing timely protection to network resources from these attacks. To implement NIDS, a stream of supervised and unsupervised machine learning approaches is applied to detect irregularities in network traffic and to address network security issues. Such NIDSs are trained using various datasets that include attack traces. However, due to the advancement in modern-day attacks, these systems are unable to detect the emerging threats. Therefore, NIDS needs to be trained and developed with a modern comprehensive dataset which contains contemporary common and attack activities. This paper presents a framework in which different machine learning classification schemes are employed to detect various types of network attack categories. Five machine learning algorithms: Random Forest, Decision Tree, Logistic Regression, K-Nearest Neighbors and Artificial Neural Networks, are used for attack detection. This study uses a dataset published by the University of New South Wales (UNSW-NB15), a relatively new dataset that contains a large amount of network traffic data with nine categories of network attacks. The results show that the classification models achieved the highest accuracy of 89.29% by applying the Random Forest algorithm. Further improvement in the accuracy of classification models is observed when Synthetic Minority Oversampling Technique (SMOTE) is applied to address the class imbalance problem. After applying the SMOTE, the Random Forest classifier showed an accuracy of 95.1% with 24 selected features from the Principal Component Analysis method.

Cyber Attacks Visualization and Prediction in Complex Multi-Stage Network

In network security, various protocols exist, but these cannot be said to be secure. Moreover, is not easy to train the end-users, and this process is time-consuming as well. It can be said this way, that it takes much time for an individual to become a good cybersecurity professional. Many hackers and illegal agents try to take advantage of the vulnerabilities through various incremental penetrations that can compromise the critical systems. The conventional tools available for this purpose are not enough to handle things as desired. Risks are always present, and with dynamically evolving networks, they are very likely to lead to serious incidents. This research work has proposed a model to visualize and predict cyber-attacks in complex, multilayered networks. The calculation will correspond to the cyber software vulnerabilities in the networks within the specific domain. All the available network security conditions and the possible places where an attacker can exploit the system are summarized.

Network Security Policy Automation

Network security policy automation enables enterprise security teams to keep pace with increasingly dynamic changes in on-premises and public/hybrid cloud environments. This chapter discusses the most common use cases for policy automation in the enterprise, and new automation methodologies to address them by taking the reader step-by-step through sample use cases. It also looks into how emerging automation solutions are using big data, artificial intelligence, and machine learning technologies to further accelerate network security policy automation and improve application and network security in the process.

Rule-Based Anomaly Detection Model with Stateful Correlation Enhancing Mobile Network Security

Research on network security technology of industrial control system.

The relationship between industrial control system and Internet is becoming closer and closer, and its network security has attracted much attention. Penetration testing is an active network intrusion detection technology, which plays an indispensable role in protecting the security of the system. This paper mainly introduces the principle of penetration testing, summarizes the current cutting-edge penetration testing technology, and looks forward to its development.

Detection and Prevention of Malicious Activities in Vulnerable Network Security Using Deep Learning

Export citation format, share document.

  • Create Account

Main navigation dropdown

Recent advances in network security management, publication date, manuscript submission deadline, 16 november 2021, call for papers.

As the backbone of communications amongst objects, humans, companies, and administrations, the Internet has become a great integration platform capable of efficiently interconnecting billions of entities, from RFID chips to data centers. This platform provides access to multiple hardware and virtualized resources (servers, networking, storage, applications, connected objects) ranging from cloud computing to Internet-of-Things infrastructures. From these resources that may be hosted and distributed amongst different providers and tenants, the building and operation of complex and value-added networked systems is enabled.

These networked systems are, however, subject to a large variety of security attacks, such as distributed denial-of-service, man-in-the-middle, web-injection and malicious software attacks, orchestrated in a more or less stealthy manner through the Internet. While they are gaining in sophistication and coordination (i.e. advanced persistent threats), these attacks may affect the fundamental security goals of confidentiality, integrity, availability and non-repudiation of resources. The accessibility, distribution, and increased complexity of networked systems make them particularly vulnerable targets. In that context, cybersecurity techniques offer new perspectives for protecting these networked systems, through the elaboration of intelligent and efficient management methods for detecting, analyzing and mitigating such attacks.

IEEE Transactions on Network and Service Management (IEEE TNSM) is a premier journal for timely publication of archival research on the management of networks, systems, services and applications. Following the success of the recent TNSM Special Issues on cybersecurity techniques for managing networked systems in 2020 and 2021, this Special Issue will focus on recent advances in network security management. We welcome submissions addressing the important challenges (see the non-exhaustive list of topics below) and presenting novel research or experimentation results. Survey papers that offer an insightful perspective on related work and identify key challenges for future research will be considered as well. We look forward to your submissions!

About the Special Issue

Topics of interest for this Special Issue, include, but are not limited to the following:

  • Network and service management for security
  • Security of network and service management
  • Security management architecture, protocols and APIs
  • Secure and resilient design and deployment of networked systems
  • Monitoring and detection of threats and attacks
  • Artificial intelligence, machine learning for cyber-security
  • Analytics and big data for security management
  • Modeling for security management
  • Configuration and orchestration of security mechanisms
  • Algorithms for security management
  • Security automation, policy-based management
  • NFV-based security functions and services
  • Security of programmable components
  • Chaining and orchestration of security functions
  • Distributed security management
  • Intrusion detection, tolerance, prevention, and response
  • Resilience against large-scale distributed attacks
  • Trust and identity management
  • Verification and enforcement of security properties
  • Vulnerability prevention and remediation
  • Performance of security management
  • Security of cloud applications and services
  • Security of data-center infrastructures
  • Security of 5G networks and services
  • Security of smart environments
  • Security of Internet of Things
  • Security of SCADA, industrial and health networks
  • Security of SDN- and NFV-based systems
  • Network forensics, auditing and responses to incidents
  • Privacy-preserving solutions for cybersecurity
  • Detailed experience reports from experimental testbeds
  • Security-related business, regulation, and legal aspects

Submission Format

Papers will be evaluated based on their originality, presentation, relevance and contribution to the field of security of software-defined virtualized systems, as well as their overall quality and suitability for the special issue. The submitted papers must be written in good English and describe original research which has not been published nor currently under review by other journals or conferences. Previously published conference papers should be clearly identified by the authors at the initial submission stage and an explanation should be provided of how such papers have been extended in order to be considered for this Special Issue.

Author guidelines for the preparation of manuscript (including number of pages and potential extra page costs) can be found on the IEEE TNSM   Submit a Manuscript  page.

For more information, please contact Remi Badonnel .

Submission Guidelines

All manuscripts and any supplementary material should be submitted through the IEEE Manuscript Central service . Authors must indicate in the submission cover letter that their manuscript is intended for the “Recent Advances in Network Security Management ” Special Issue.

Important Dates

Paper Submission Date: 30 October 2021 16 November 2021 (Extended Deadline) Notification of Acceptance: 15 February 2022 Publication Date*: 1 June 2022

(* online published version will be available in IEEE Xplore after the camera ready version has been submitted with final DOI)

Guest Editors

Rémi Badonnel (Lead) Telecom Nancy – LORIA / INRIA, France

Sandra Scott-Hayward Queen's University Belfast, UK

Carol Fung Virginia Commonwealth University, United States

Qi Li Tsinghua University, China

Jie Zhang Nanyang Technological University (NTU), Singapore

Cristian Hesselman SIDN, The Netherlands

Fulvio Valenza Politecnico di Torino, Italy

Subscribe to the PwC Newsletter

Join the community, search results, security and privacy of lightning network payments with uncertain channel balances.

2 code implementations • 15 Mar 2021

Applying negative Bernoulli trials for single- and multi-part payments allows us to compute the expected number of payment attempts for a given amount, sender, and receiver.

Cryptography and Security

MiniCPS: A toolkit for security research on CPS Networks

1 code implementation • 17 Jul 2015

While a great amount of research has been conducted on network security of office and home networks, recently the security of CPS and related systems has gained a lot of attention.

Networking and Internet Architecture Cryptography and Security

Provably Secure Networks: Methodology and Toolset for Configuration Management

1 code implementation • 28 Aug 2017

Network administration is an inherently complex task, in particular with regard to security.

Evaluating Shallow and Deep Neural Networks for Network Intrusion Detection Systems in Cyber Security

5 code implementations • International Conference on Computing, Communication and Networking Technologies (ICCCNT) 2018

In this paper, DNNs have been utilized to predict the attacks on Network Intrusion Detection System (N-IDS).

network security latest research papers

Formal Security Analysis of Neural Networks using Symbolic Intervals

3 code implementations • 28 Apr 2018

In this paper, we present a new direction for formally checking security properties of DNNs without using SMT solvers.

network security latest research papers

SecDD: Efficient and Secure Method for Remotely Training Neural Networks

1 code implementation • 19 Sep 2020

We leverage what are typically considered the worst qualities of deep learning algorithms - high computational cost, requirement for large data, no explainability, high dependence on hyper-parameter choice, overfitting, and vulnerability to adversarial perturbations - in order to create a method for the secure and efficient training of remotely deployed neural networks over unsecured channels.

Nitriding: A tool kit for building scalable, networked, secure enclaves

1 code implementation • 8 Jun 2022

Enclave deployments often fail to simultaneously be secure (e. g., resistant to side channel attacks), powerful (i. e., as fast as an off-the-shelf server), and flexible (i. e., unconstrained by development hurdles).

Lifting Network Protocol Implementation to Precise Format Specification with Security Applications

1 code implementation • 19 May 2023

It is well-known that static analysis does not rely on any input packets and can achieve high coverage by scanning every piece of code.

Cryptography and Security Programming Languages

Security Analysis of Deep Neural Networks Operating in the Presence of Cache Side-Channel Attacks

1 code implementation • ICLR 2019

Based on the extracted architecture attributes, we also demonstrate that an attacker can build a meta-model that accurately fingerprints the architecture and family of the pre-trained model in a transfer learning setting.

network security latest research papers

Feature-Based Transfer Learning for Network Security

1 code implementation • MILCOM 2017

We evaluated the technique on publicly available datasets, and the results demonstrate the effectiveness of transfer learning to detect new network attacks.

  • Search Menu
  • Editor's Choice
  • Author Guidelines
  • Submission Site
  • Open Access
  • About Journal of Cybersecurity
  • Editorial Board
  • Advertising and Corporate Services
  • Journals Career Network
  • Self-Archiving Policy
  • Journals on Oxford Academic
  • Books on Oxford Academic

Issue Cover

Editors-in-Chief

Tyler Moore

About the journal

Journal of Cybersecurity publishes accessible articles describing original research in the inherently interdisciplinary world of computer, systems, and information security …

Latest articles

Cybersecurity Month

Call for Papers

Journal of Cybersecurity is soliciting papers for a special collection on the philosophy of information security. This collection will explore research at the intersection of philosophy, information security, and philosophy of science.

Find out more

CYBERS High Impact 480x270.png

High-Impact Research Collection

Explore a collection of freely available high-impact research from 2020 and 2021 published in the Journal of Cybersecurity .

Browse the collection here

submit

Submit your paper

Join the conversation moving the science of security forward. Visit our Instructions to Authors for more information about how to submit your manuscript.

Read and publish

Read and Publish deals

Authors interested in publishing in Journal of Cybersecurity may be able to publish their paper Open Access using funds available through their institution’s agreement with OUP.

Find out if your institution is participating

Related Titles

cybersecurityandcyberwar

Affiliations

  • Online ISSN 2057-2093
  • Print ISSN 2057-2085
  • Copyright © 2024 Oxford University Press
  • About Oxford Academic
  • Publish journals with us
  • University press partners
  • What we publish
  • New features  
  • Open access
  • Institutional account management
  • Rights and permissions
  • Get help with access
  • Accessibility
  • Advertising
  • Media enquiries
  • Oxford University Press
  • Oxford Languages
  • University of Oxford

Oxford University Press is a department of the University of Oxford. It furthers the University's objective of excellence in research, scholarship, and education by publishing worldwide

  • Copyright © 2024 Oxford University Press
  • Cookie settings
  • Cookie policy
  • Privacy policy
  • Legal notice

This Feature Is Available To Subscribers Only

Sign In or Create an Account

This PDF is available to Subscribers Only

For full access to this pdf, sign in to an existing account, or purchase an annual subscription.

Prototype pollution

Prototype pollution project yields another Parse Server RCE

Prototype-pollution

Bug Bounty Radar

The latest programs for February 2023

Bug bounties

All Day DevOps

AppSec engineer keynote says Log4j revealed lessons were not learned from the Equifax breach

DevOps

Infosec beginner?

A rough guide to launching a career in cybersecurity

cyber-career

Cybersecurity conferences

A schedule of events in 2022 and beyond

More topics

Latest cybersecurity research news

Computer Network Security and Technology Research

Ieee account.

  • Change Username/Password
  • Update Address

Purchase Details

  • Payment Options
  • Order History
  • View Purchased Documents

Profile Information

  • Communications Preferences
  • Profession and Education
  • Technical Interests
  • US & Canada: +1 800 678 4333
  • Worldwide: +1 732 981 0060
  • Contact & Support
  • About IEEE Xplore
  • Accessibility
  • Terms of Use
  • Nondiscrimination Policy
  • Privacy & Opting Out of Cookies

A not-for-profit organization, IEEE is the world's largest technical professional organization dedicated to advancing technology for the benefit of humanity. © Copyright 2024 IEEE - All rights reserved. Use of this web site signifies your agreement to the terms and conditions.

Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customize your settings, hit “Customize Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences

These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.

These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.

These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

network security latest research papers

Special Features

Vendor voice.

network security latest research papers

Just one bad packet can bring down a vulnerable DNS server thanks to DNSSEC

'you don't have to do more than that to disconnect an entire network' el reg told as patches emerge.

Updated A single packet can exhaust the processing capacity of a vulnerable DNS server, effectively disabling the machine, by exploiting a 20-plus-year-old design flaw in the DNSSEC specification.

That would make it trivial to take down a DNSSEC-validating DNS resolver that has yet to be patched, upsetting all the clients relying on that service and make it seem as though websites and apps were offline.

The academics who found this flaw – associated with the German National Research Center for Applied Cybersecurity (ATHENE) in Darmstadt – claimed DNS server software makers briefed about the vulnerability described it as "the worst attack on DNS ever discovered."

What is DNSSEC?

DNS servers are used by web browsers and other software to turn human-friendly domain names like theregister.com into machine-friendly IP addresses to connect to. DNS servers are run by all sorts of organizations, from IT departments to home ISPs. DNS is insecure because it sends queries and responses over networks in plain text, allowing that data to be potentially altered by snoops to direct people's connections to malicious systems.

DNSSEC, aka Domain Name System Security Extensions, is an upgrade for DNS in that it uses cryptography to help ensure the results of queries aren't tampered with by miscreants. A DNSSEC-validating DNS resolver uses DNSSEC to perform this more secure form of DNS resolution.

Identified by Professor Haya Schulmann and Niklas Vogel of the Goethe University Frankfurt; Elias Heftrig of Fraunhofer SIT; and Professor Michael Waidner at the Technical University of Darmstadt and Fraunhofer SIT, the security hole has been named KeyTrap , designated CVE-2023-50387 , and assigned a CVSS severity rating of 7.5 out of 10.

As of December 2023, approximately 31 percent of web clients worldwide used DNSSEC-validating DNS resolvers and, like other applications relying on those systems, would feel the effects of a KeyTrap attack: With those DNS servers taken out by the flaw, clients relying on them would be unable to resolve domain and host names to IP addresses to use, resulting in a loss of connectivity.

The researchers said lone DNS packets exploiting KeyTrap could stall public DNSSEC-validated DNS services, such as those provided by Google and Cloudflare, by making them do calculations that overtax server CPU cores.

network security latest research papers

This disruption of DNS could not only deny people's access to content but could also interfere with other systems, including spam defenses, cryptographic defenses (PKI), and inter-domain routing security (RPKI), the researchers assert.

"Exploitation of this attack would have severe consequences for any application using the Internet including unavailability of technologies such as web-browsing, e-mail, and instant messaging," they claimed. "With KeyTrap, an attacker could completely disable large parts of the worldwide internet."

A non-public technical paper on the vulnerability provided to The Register , titled, "The KeyTrap Denial-of-Service Algorithmic Complexity Attacks on DNS," describes how an assault would be carried out. It basically involves asking a vulnerable DNSSEC-validating DNS resolver to look up an address that causes the server to contact a malicious nameserver that sends a reply that causes the resolver to consume most or all of its own CPU resources.

With KeyTrap, an attacker could completely disable large parts of the worldwide Internet

"To initiate the attacks our adversary causes the victim resolver to look up a record in its malicious domain," the due-to-be-published paper states. "The attacker’s nameserver responds to the DNS queries with a malicious record set (RRset), according to the specific attack vector and zone configuration."

The attack works, the paper explains, because the DNSSEC spec follows Postel’s Law : "The nameservers should send all the available cryptographic material, and the resolvers should use any of the cryptographic material they receive until the validation is successful."

This requirement, to ensure availability, means DNSSEC-validating DNS resolvers can be forced to do a lot of work if presented with colliding key-tags and colliding keys that must be validated.

"Our complexity attacks are triggered by feeding the DNS resolvers with specially crafted DNSSEC records, which are constructed in a way that exploits validation vulnerabilities in cryptographic validation logic," the paper explains.

"When the DNS resolvers attempt to validate the DNSSEC records they receive from our nameserver, they get stalled. Our attacks are extremely stealthy, being able to stall resolvers between 170 seconds and 16 hours (depending on the resolver software) with a single DNS response packet."

  • If your DNS queries LoOk liKE tHIs, it's not a ransom note, it's a security improvement
  • Internet's safe-keepers forced to postpone crucial DNSSEC root key signing ceremony – no, not a hacker attack, but because they can't open a safe
  • Is DNSSEC causing more problems than it solves?
  • ICANN proposes creating .INTERNAL domain to do the same job as 192.168.x.x

The ATHENE boffins said they worked with all relevant vendors and major public DNS providers to privately disclose the vulnerability so a coordinated patch release would be possible. The last patch was finished today.

"We are aware of this vulnerability and rolled out a fix in coordination with the reporting researchers," a Google spokesperson told The Register . "There is no evidence of exploitation and no action required by users at this time."

Network research lab NLnet Labs published a patch for its Unbound DNS software, addressing two vulnerabilities, one of which is KeyTrap. The other bug fixed, CVE-2023-50868 , referred to as the NSEC3 vulnerability, also allows denial of service through CPU exhaustion.

"The KeyTrap vulnerability works by using a combination of keys (also colliding keys), signatures and number of RRSETs on a malicious zone," NLnet Labs wrote . "Answers from that zone can force a DNSSEC validator down a very CPU intensive and time costly validation path."

PowerDNS, meanwhile, has an update here to thwart KeyTrap exploitation.

"An attacker can publish a zone that contains crafted DNSSEC related records. While validating results from queries to that zone using the RFC mandated algorithms, the Recursor’s resource usage can become so high that processing of other queries is impacted, resulting in a denial of service," the team wrote. "Note that any resolver following the RFCs can be impacted, this is not a problem of this particular implementation."

The fix for CVE-2023-50387 is just one of six vulnerabilities addressed in Internet Systems Consortium's BIND 9 DNS software. The others include:

  • CVE-2023-4408 : Parsing large DNS messages may cause excessive CPU load;
  • CVE-2023-5517 : Querying RFC 1918 reverse zones may cause an assertion failure when "nxdomain-redirect" is enabled;
  • CVE-2023-5679 : Enabling both DNS64 and serve-stale may cause an assertion failure during recursive resolution;
  • CVE-2023-6516 : Specific recursive query patterns may lead to an out-of-memory condition;
  • CVE-2023-50868 : Preparing an NSEC3 closest encloser proof can exhaust CPU resources.

The requirements for the KeyTrap vulnerability date all the way back to 1999 from the now obsolete RFC 2535, according to the research team that identified it. And by 2012, these elements appeared in RFC 6781 and RFC 6840 , the implementation requirements for DNSSEC validation.

One packet suffices. You don't have to do more than that to disconnect an entire network

Since at least August 2000 – more than 23 years ago – KeyTrap has been present in the BIND 9 DNS resolver, and it surfaced seven years later in the Unbound DNS resolver.

Dr Haya Shulman, a professor of computer science and one of the academics behind the KeyTrap research, told The Register in a phone interview the attack is simple and can be carried out by encoding it in a zone file .

"The vulnerability is actually something that's recommended in the DNSSEC standard," Prof Shulman explained. "One packet suffices. You don't have to do more than that to disconnect an entire network."

Prof Shulman said the patches that have been issued by various vendors break the standard. "The problem is this attack is not easy to solve," she said. "If we launch it against a patched resolver, we still get 100 percent CPU usage but it can still respond."

The ATHENE team observed that while the flaw remained undetected for decades, its obscurity isn't surprising because DNSSEC validation requirements are so complicated. So too is mitigating the vulnerability and completely eliminating it will require a revision of the DNSSEC standard. ®

Updated to add on February 16

You can now download the technical paper here as a PDF.

Also, Akamai exec Sven Dummer thanked the research team for not only discovering the flaw but also working with DNS providers and software makers to coordinate the patching and redeployment of systems to avoid mass exploitation.

"You might not know it, but the global internet dodged a bullet: KeyTrap is a vulnerability in key infrastructure that is needed for the internet to function — and one of the worst ever discovered," he opined .

"With KeyTrap, an attacker could completely disable large parts of the worldwide internet."

Narrower topics

  • AdBlock Plus
  • Advanced persistent threat
  • Application Delivery Controller
  • Authentication
  • Common Vulnerability Scoring System
  • Cybersecurity
  • Cybersecurity and Infrastructure Security Agency
  • Cybersecurity Information Sharing Act
  • Data Breach
  • Data Protection
  • Digital certificate
  • Graphics Interchange Format
  • Identity Theft
  • Incident response
  • Kenna Security
  • Legacy Technology
  • LibreOffice
  • Microsoft 365
  • Microsoft Office
  • Microsoft Teams
  • Mobile Device Management
  • Palo Alto Networks
  • Programming Language
  • Quantum key distribution
  • Remote Access Trojan
  • Retro computing
  • RSA Conference
  • Search Engine
  • Software bug
  • Software License
  • Surveillance
  • text editor
  • Trusted Platform Module
  • User interface
  • Visual Studio
  • Visual Studio Code
  • Vulnerability
  • WebAssembly
  • Web Browser

Broader topics

Send us news

Other stories you might like

Dems are at it again, trying to break open black-box algorithms, miscreants turn to ad tech to measure malware metrics, how to weaponize llms to auto-hijack websites, employing your cloud data warehouse to scale up ai/ml.

network security latest research papers

Meta says risk of account theft after phone number recycling isn't its problem to solve

Rust can help make software secure – but it's no cure-all, crims found and exploited these two microsoft bugs before redmond fixed 'em, apple promises to protect imessage chats from quantum computers, google open sources file-identifying magika ai for malware hunters and others, mozilla adds paid-for data-deletion tier to monitor, its privacy-breach radar, anz bank test drives github copilot – and finds ai does give a helping hand, google throws $1m at rust foundation to build c++ bridges.

icon

  • Advertise with us

Our Websites

  • The Next Platform
  • Blocks and Files

Your Privacy

  • Cookies Policy
  • Your Consent Options
  • Privacy Policy

Situation Publishing

Copyright. All rights reserved © 1998–2024

no-js

IMAGES

  1. (PDF) Different Type Network Security Threats and Solutions, A Review

    network security latest research papers

  2. (PDF) INTERNET SECURITY AND PRIVACY

    network security latest research papers

  3. (PDF) Research Paper on Cyber Security

    network security latest research papers

  4. 60+ Latest Cyber Security Research Topics for 2023

    network security latest research papers

  5. (PDF) Recent Research in Network Security

    network security latest research papers

  6. (DOC) Analysis And Research of Computer Network Security.docx

    network security latest research papers

VIDEO

  1. Network security Research paper

  2. 1 Network Security Basis

  3. Ecocem Science Symposium

  4. The Future is Data and Cyber Security

  5. 2023 E MAIL SECURITY TRENDS

  6. Progressive Learning from Complex traces of GPT 4

COMMENTS

  1. network security Latest Research Papers

    Recently Published Documents TOTAL DOCUMENTS 4849 (FIVE YEARS 1231) H-INDEX 45 (FIVE YEARS 8) Latest Documents Most Cited Documents Contributed Authors Related Sources Related Keywords A Survey on Ransomware Malware and Ransomware Detection Techniques International Journal for Research in Applied Science and Engineering Technology

  2. Present and Future of Network Security Monitoring

    An NSM system is central for the security of current networks, given the escalation in sophistication of cyberwarfare. In this paper, we review the state-of-the-art in NSM, and derive a new taxonomy of the functionalities and modules in an NSM system.

  3. A comprehensive review study of cyber-attacks and cyber security

    Information technology Cyber-attacks Cyber security Emerging trends Key management 1. Introduction For more than two decades, the Internet has played a significant role in global communication and has become increasingly integrated into the lives of people around the world.

  4. Artificial intelligence for cybersecurity: Literature review and future

    The article is a full research paper (i.e., not a presentation or supplement to a poster). ... Customized optimal allocation and network security configuration: Planning: Bringhenti et al. [22] Automated configuration assessment: ... Saha et al. [38] proposed a new scheme for the identification of vulnerabilities across the system and network ...

  5. Recent Advances in Network Security Management

    16 November 2021 Special Issue Call for Papers As the backbone of communications amongst objects, humans, companies, and administrations, the Internet has become a great integration platform capable of efficiently interconnecting billions of entities, from RFID chips to data centers.

  6. Research Trends in Network-Based Intrusion Detection Systems: A Review

    Based on the published articles in the intrusion detection field for the last 15 years, this article also discusses the state-of-the-arts of NIDS, commonly used NIDS, citation-based analysis of benchmark datasets, and NIDS techniques used for intrusion detection.

  7. Free Full-Text

    Featured Papers on Network Security and Privacy by Jordi Mongay Batalla Institute of Telecommunications and Cybersecurity, Warsaw University of Technology, 00-665 Warsaw, Poland J. Sens. Actuator Netw. 2024, 13 (1), 11; https://doi.org/10.3390/jsan13010011 Submission received: 20 January 2024 / Accepted: 30 January 2024 / Published: 1 February 2024

  8. Search for Network Security

    1,999 Paper Code MiniCPS: A toolkit for security research on CPS Networks 1 code implementation • 17 Jul 2015 While a great amount of research has been conducted on network security of office and home networks, recently the security of CPS and related systems has gained a lot of attention.

  9. Recent Advances in Cryptography and Network Security

    Theoretical and practical developments in the implementation and operation of neural networks in network security, the latest technical reviews, and surveys on network security are welcomed.

  10. Network Security

    Page 20. View PDF. Read the latest articles of Network Security at ScienceDirect.com, Elsevier's leading platform of peer-reviewed scholarly literature.

  11. Sensors

    A revolution in network technology has been ushered in by software defined networking (SDN), which makes it possible to control the network from a central location and provides an overview of the network's security. Despite this, SDN has a single point of failure that increases the risk of potential threats. Network intrusion detection systems (NIDS) prevent intrusions into a network and ...

  12. (PDF) ADVANCES IN NETWORK SECURITY: A COMPREHENSIVE ...

    This paper discusses network security for secure data communication. Discover the world's research 2.3+ billion citations Content uploaded by Manish Kumar Author content Content may be...

  13. Research on the Key Technology of Network Security Based on Machine

    Research on network security based on machine learning has achieved many results, showing strong capabilities in processing massive data, automatic learning, detection and identification, and broadening the development of ideas in the field of network security.

  14. Wireless sensor network security: A recent review based on state-of-the

    Wireless sensor networks (WSNs) is an increasingly valuable foundational technology for the Internet of Things (IoT). 1 WSN is considered an increasingly important fundamental component of the IoT. The WSN market was worth the US $46.76 billion in 2020 and is predicted to be worth US $126.93 billion by 2026, growing at a CAGR of 17.64% between 2021 and 2026. 2-5 As a result, the use of WSNs ...

  15. 349293 PDFs

    Network security consists of the provisions and policies adopted by a network administrator to prevent and monitor unauthorized access, misuse,... | Explore the latest full-text research...

  16. Journal of Cybersecurity

    Call for Papers. Journal of Cybersecurity is soliciting papers for a special collection on the philosophy of information security. This collection will explore research at the intersection of philosophy, information security, and philosophy of science. Find out more.

  17. Full article: Network security

    Network security is a specialized field consisting of the provisions and policies to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources as well as ensuring their availability through proper procedures.

  18. The Current Research Status of AI-Based Network Security Situational

    Network security situational awareness is based on the extraction and analysis of big data, and by understanding these data to evaluate the current network security status and predict future development trends, provide feedback to decision-makers to make corresponding countermeasures, and achieve security protection for the network environment.

  19. Network Security

    beta. Read the latest articles of Network Security at ScienceDirect.com, Elsevier's leading platform of peer-reviewed scholarly literature.

  20. Research on the Key Technologies of Network Security-Oriented ...

    In today's increasingly severe network security situation, network security situational awareness provides a more comprehensive and feasible new idea for the inadequacy of various single solutions and is currently a research hotspot in the field of network security.

  21. PDF Network Security Threats and Protection Models

    This paper discusses the possible exploits on typical network components, it will cite real life scenarios, and propose practical ... it describes some of the key efforts done by the research community to prevent such attacks, mainly by using Firewall and Intrusion Detection Systems. 2. NETWORK SECURITY THREAT MODELS Network security refers to ...

  22. Latest cybersecurity research news

    Read the latest cybersecurity research news from The Daily Swig. Latest threats Bug bounty For devs Deep dives More About. Web security vulnerabilities Network security vulnerabilities Cloud security Zero-day news Supply chain attacks. View all web security news. Prototype pollution.

  23. Computer Network Security and Technology Research

    The rapid development of computer network system brings both a great convenience and new security threats for users. Network security problem generally includes network system security and data security. Specifically, it refers to the reliability of network system, confidentiality, integrity and availability of data information in the system. Network security problem exists through all the ...

  24. The Future of Network Security Technology: A SANS Survey

    New Cyber Trends & Training in 2023. ... This survey looks at how organizations are updating and adapting their network security strategies and design models to fit into cloud infrastructure. By. ... 22, 2024. Login to download . I consent that SANS may provide my contact information to a third-party sponsor of this white paper, and that the ...

  25. DNSSEC vulnerability puts big chunk of the internet at risk

    A non-public technical paper on the vulnerability provided to The Register, titled, "The KeyTrap Denial-of-Service Algorithmic Complexity Attacks on DNS," describes how an assault would be carried out. It basically involves asking a vulnerable DNSSEC-validating DNS resolver to look up an address that causes the server to contact a malicious ...