Projects - User contributions [en]

Projects:2015s1-45 Analysis and Visualisation of Packet Data for Cyber-Security Purposes

2015-10-23T09:14:53Z

A1628308:

== '''About''' ==
===Aim===
The aim of this project was to investigate the usefulness of packet data from internet connected networks in the field of Cyber-Security. The use of Hybrid IPv4/IPv6 communication for the purpose of data exfiltration was the main focus for this project.

===Motivation===
In the modern age, there is a continuous push for everything to be made available online. The need for advanced cyber-security techniques that can quickly adapt to new types of attacks continues to grow. The collaboration with Estonia stems from the fact that it is highly regarded as a technologically advanced nation; it was the first country to allow nationwide online voting in 2005 [1]. Together with its geographical location and heavy investment in the digital age, Estonia has been the target of instances of cyber-crime. In 2007, Estonia was victim to one of the largest instances of state-sponsored cyber warfare, affecting many national websites including those of the government, banks, ministries and broadcasters [2]. The motivation for this project is to work closely with academics at TTU to investigate these forms of malicious activities and develop techniques, through research and analysis, for real-time detection of cyber-attacks. The project is expected to provide new ideas and proposed solutions to the research questions that arise.

===Background===
Due to a rapid expansion in demand for Internet connected devices, the original 32-bit source and destination IPv4 address header fields were insufficient for accommodating this growth. Internet Protocol Version 6 (IPv6) was soon standardised in RFC 2460 [3] by the IETF and featured “Expanded Addressing Capabilities”. IPv6 allowed for 128-bit addressing, increasing the available address space from approximately 4.3×10^9 to 3.4×10^28 unique addresses. In addition to this, IPv6 also simplified the header format, instead adding the capability for optional extension headers. This allowed for a reduction in processing cost used for common case packets. The use of IPv6 also allowed for flow labeling capability, allowing the sender to label a packet as part of a particular traffic flow so that a request for special handling, such as non-default quality of service, could be applied.

However, as IPv6 was intended to replace IPv4, the two do not have direct communication abilities. This means that a device with only an IPv4 address cannot communicate with a device addressed only via IPv6. This means it is difficult to correlate the addresses of a hybrid IPv4/IPv6 device as there are no protocols to relate them. The exploitation of this property was the motivating factor behind the development and analysis of Hybrid IPv4/IPv6 data exfiltration attacks.

=='''Project Team'''==
===Students===
* Matthew Sclauzero
* Carmela Panuccio
* Pellegrino Coscia
* Benjamin Cosh

===Supervisors===
'''University of Adelaide'''
* Dr Matthew Sorell

'''Tallinn University of Technology'''
* Dr Olaf Maennel

===Advisors===
'''Tallinn University of Technology'''
* Dr Hayretdin Bahsi

'''NATO Cooperative Cyber Defence Centre of Excellence'''
* Mauno Pihelgas
* Bernhards Blumbergs

'''Centre for Defence Communications and Information Networking'''
* Dr Michael Webb
* Dr Hung Nguyen

== '''Attack Development and Analysis'''==
===Exfiltration Attacks===
The model for the exfiltration types required communication between two networked devices. This was achieved through the use of two virtual machines running Ubuntu on a single host system. The virtual machine client used was VirtualBox by Oracle. Ubuntu was chosen as the operating system as it was the Linux distribution familiar to all members of the project team. The implementation of this environment can be seen below.

[[File:Simulation_Environment_Diagram.png]]

====Exfiltration Attack Type 1: Hybrid IPv4/IPv6 Over TCP====
Exfiltration Attack Type 1, referred to as ‘Exfiltration Type 1’, would utilise the inbuilt socket connection library of Python to communicate between hosts using Transmission Control Protocol (TCP). The intention of this implementation was to create the appearance of an innocuous transmission between two devices through the use of a standard library. A TCP Connection was initiated to the Server from the Client. Upon connection the file from the Client was broken up into segments and transferred to the Server over IPv4 and IPv6 simultaneously while also alternating between the two IP protocol connections. When the transfer was completed, the connection was closed and the file reassembled on the Server side. The image below shows an overview of the transfer and the two flowcharts detail the procedure undertaken by both the Client and Server during transmission.

[[File:Client_view_v2.png]]

----

[[File:Client_flow.png]][[File:Server_flow.png]]

====Exfiltration Attack Type 2: Hybrid IPv4/IPv6 Over UDP====

===Analysis of Data===
====Stream Re-association====

=='''Study Tour'''==

== '''References''' ==
* [1] http://www.theatlantic.com/international/archive/2014/01/lessons-from-the-worlds-most-tech-savvy-government/283341/
* [2] http://www.theguardian.com/world/2007/may/17/topstories3.russia
* [3] https://tools.ietf.org/html/rfc2460
* [4]

Projects:2015s1-45 Analysis and Visualisation of Packet Data for Cyber-Security Purposes

2015-10-23T09:05:31Z

A1628308:

== '''About''' ==
===Aim===
The aim of this project was to investigate the usefulness of packet data from internet connected networks in the field of Cyber-Security. The use of Hybrid IPv4/IPv6 communication for the purpose of data exfiltration was the main focus for this project.

===Motivation===
In the modern age, there is a continuous push for everything to be made available online. The need for advanced cyber-security techniques that can quickly adapt to new types of attacks continues to grow. The collaboration with Estonia stems from the fact that it is highly regarded as a technologically advanced nation; it was the first country to allow nationwide online voting in 2005 [1]. Together with its geographical location and heavy investment in the digital age, Estonia has been the target of instances of cyber-crime. In 2007, Estonia was victim to one of the largest instances of state-sponsored cyber warfare, affecting many national websites including those of the government, banks, ministries and broadcasters [2]. The motivation for this project is to work closely with academics at TTU to investigate these forms of malicious activities and develop techniques, through research and analysis, for real-time detection of cyber-attacks. The project is expected to provide new ideas and proposed solutions to the research questions that arise.

===Background===
Due to a rapid expansion in demand for Internet connected devices, the original 32-bit source and destination IPv4 address header fields were insufficient for accommodating this growth. Internet Protocol Version 6 (IPv6) was soon standardised in RFC 2460 [3] by the IETF and featured “Expanded Addressing Capabilities”. IPv6 allowed for 128-bit addressing, increasing the available address space from approximately 4.3×10^9 to 3.4×10^28 unique addresses. In addition to this, IPv6 also simplified the header format, instead adding the capability for optional extension headers. This allowed for a reduction in processing cost used for common case packets. The use of IPv6 also allowed for flow labeling capability, allowing the sender to label a packet as part of a particular traffic flow so that a request for special handling, such as non-default quality of service, could be applied.

However, as IPv6 was intended to replace IPv4, the two do not have direct communication abilities. This means that a device with only an IPv4 address cannot communicate with a device addressed only via IPv6. This means it is difficult to correlate the addresses of a hybrid IPv4/IPv6 device as there are no protocols to relate them. The exploitation of this property was the motivating factor behind the development and analysis of Hybrid IPv4/IPv6 data exfiltration attacks.

=='''Project Team'''==
===Students===
* Matthew Sclauzero
* Carmela Panuccio
* Pellegrino Coscia
* Benjamin Cosh

===Supervisors===
'''University of Adelaide'''
* Dr Matthew Sorell

'''Tallinn University of Technology'''
* Dr Olaf Maennel

===Advisors===
'''Tallinn University of Technology'''
* Dr Hayretdin Bahsi

'''NATO Cooperative Cyber Defence Centre of Excellence'''
* Mauno Pihelgas
* Bernhards Blumbergs

'''Centre for Defence Communications and Information Networking'''
* Dr Michael Webb
* Dr Hung Nguyen

== '''Attack Development and Analysis'''==
===Exfiltration Attacks===
The model for the exfiltration types required communication between two networked devices. This was achieved through the use of two virtual machines running Ubuntu on a single host system. The virtual machine client used was VirtualBox by Oracle. Ubuntu was chosen as the operating system as it was the Linux distribution familiar to all members of the project team. The implementation of this environment can be seen below.

[[File:Simulation_Environment_Diagram.png]]

====Exfiltration Attack Type 1: Hybrid IPv4/IPv6 Over TCP====
Exfiltration Attack Type 1, referred to as ‘Exfiltration Type 1’, would utilise the inbuilt socket connection library of Python to communicate between hosts using Transmission Control Protocol (TCP). The intention of this implementation was to create the appearance of an innocuous transmission between two devices through the use of a standard library. A TCP Connection was initiated to the Server from the Client. Upon connection the file from the Client was broken up into segments and transferred to the Server over IPv4 and IPv6 simultaneously while also alternating between the two IP protocol connections. When the transfer was completed, the connection was closed and the file reassembled on the Server side. The image below shows an overview of the transfer and the two flowcharts detail the procedure undertaken by both the Client and Server during transmission.

[[File:Client_view_v2.png]]

----

[[File:Client_flow.png]][[File:Server_flow.png]]

====Exfiltration Attack Type 2: Hybrid IPv4/IPv6 Over TCP====

===Analysis of Data===
====Stream Re-association====

=='''Study Tour'''==

== '''References''' ==
* [1] http://www.theatlantic.com/international/archive/2014/01/lessons-from-the-worlds-most-tech-savvy-government/283341/
* [2] http://www.theguardian.com/world/2007/may/17/topstories3.russia
* [3] https://tools.ietf.org/html/rfc2460
* [4]

File:Server flow.png

2015-10-23T09:04:23Z

A1628308: A1628308 uploaded a new version of "File:Server flow.png"

File:Client flow.png

2015-10-23T09:03:31Z

A1628308: A1628308 uploaded a new version of "File:Client flow.png"

Projects:2015s1-45 Analysis and Visualisation of Packet Data for Cyber-Security Purposes

2015-10-23T08:59:18Z

A1628308:

== '''About''' ==
===Aim===
The aim of this project was to investigate the usefulness of packet data from internet connected networks in the field of Cyber-Security. The use of Hybrid IPv4/IPv6 communication for the purpose of data exfiltration was the main focus for this project.

===Motivation===
In the modern age, there is a continuous push for everything to be made available online. The need for advanced cyber-security techniques that can quickly adapt to new types of attacks continues to grow. The collaboration with Estonia stems from the fact that it is highly regarded as a technologically advanced nation; it was the first country to allow nationwide online voting in 2005 [1]. Together with its geographical location and heavy investment in the digital age, Estonia has been the target of instances of cyber-crime. In 2007, Estonia was victim to one of the largest instances of state-sponsored cyber warfare, affecting many national websites including those of the government, banks, ministries and broadcasters [2]. The motivation for this project is to work closely with academics at TTU to investigate these forms of malicious activities and develop techniques, through research and analysis, for real-time detection of cyber-attacks. The project is expected to provide new ideas and proposed solutions to the research questions that arise.

===Background===
Due to a rapid expansion in demand for Internet connected devices, the original 32-bit source and destination IPv4 address header fields were insufficient for accommodating this growth. Internet Protocol Version 6 (IPv6) was soon standardised in RFC 2460 [3] by the IETF and featured “Expanded Addressing Capabilities”. IPv6 allowed for 128-bit addressing, increasing the available address space from approximately 4.3×10^9 to 3.4×10^28 unique addresses. In addition to this, IPv6 also simplified the header format, instead adding the capability for optional extension headers. This allowed for a reduction in processing cost used for common case packets. The use of IPv6 also allowed for flow labeling capability, allowing the sender to label a packet as part of a particular traffic flow so that a request for special handling, such as non-default quality of service, could be applied.

However, as IPv6 was intended to replace IPv4, the two do not have direct communication abilities. This means that a device with only an IPv4 address cannot communicate with a device addressed only via IPv6. This means it is difficult to correlate the addresses of a hybrid IPv4/IPv6 device as there are no protocols to relate them. The exploitation of this property was the motivating factor behind the development and analysis of Hybrid IPv4/IPv6 data exfiltration attacks.

=='''Project Team'''==
===Students===
* Matthew Sclauzero
* Carmela Panuccio
* Pellegrino Coscia
* Benjamin Cosh

===Supervisors===
'''University of Adelaide'''
* Dr Matthew Sorell

'''Tallinn University of Technology'''
* Dr Olaf Maennel

===Advisors===
'''Tallinn University of Technology'''
* Dr Hayretdin Bahsi

'''NATO Cooperative Cyber Defence Centre of Excellence'''
* Mauno Pihelgas
* Bernhards Blumbergs

'''Centre for Defence Communications and Information Networking'''
* Dr Michael Webb
* Dr Hung Nguyen

== '''Attack Development and Analysis'''==
===Exfiltration Attacks===
The model for the exfiltration types required communication between two networked devices. This was achieved through the use of two virtual machines running Ubuntu on a single host system. The virtual machine client used was VirtualBox by Oracle. Ubuntu was chosen as the operating system as it was the Linux distribution familiar to all members of the project team. The implementation of this environment can be seen below.

[[File:Simulation_Environment_Diagram.png]]

====Exfiltration Attack Type 1: Hybrid IPv4/IPv6 Over TCP====
Exfiltration Attack Type 1, referred to as ‘Exfiltration Type 1’, would utilise the inbuilt socket connection library of Python to communicate between hosts using Transmission Control Protocol (TCP). The intention of this implementation was to create the appearance of an innocuous transmission between two devices through the use of a standard library. A TCP Connection was initiated to the Server from the Client. Upon connection the file from the Client was broken up into segments and transferred to the Server over IPv4 and IPv6 simultaneously while also alternating between the two IP protocol connections. When the transfer was completed, the connection was closed and the file reassembled on the Server side. The image below shows an overview of the transfer and the two flowcharts detail the procedure undertaken by both the Client and Server during transmission.

[[File:Client_view_v2.png]]

----

[[File:Client_flow.png]]

----

[[File:Server_flow.png]]

====Exfiltration Attack Type 2: Hybrid IPv4/IPv6 Over TCP====

===Analysis of Data===
====Stream Re-association====

=='''Study Tour'''==

== '''References''' ==
* [1] http://www.theatlantic.com/international/archive/2014/01/lessons-from-the-worlds-most-tech-savvy-government/283341/
* [2] http://www.theguardian.com/world/2007/may/17/topstories3.russia
* [3] https://tools.ietf.org/html/rfc2460
* [4]

File:Client view v2.png

2015-10-23T08:58:25Z

A1628308:

Projects:2015s1-45 Analysis and Visualisation of Packet Data for Cyber-Security Purposes

2015-10-23T08:57:31Z

A1628308:

== '''About''' ==
===Aim===
The aim of this project was to investigate the usefulness of packet data from internet connected networks in the field of Cyber-Security. The use of Hybrid IPv4/IPv6 communication for the purpose of data exfiltration was the main focus for this project.

===Motivation===
In the modern age, there is a continuous push for everything to be made available online. The need for advanced cyber-security techniques that can quickly adapt to new types of attacks continues to grow. The collaboration with Estonia stems from the fact that it is highly regarded as a technologically advanced nation; it was the first country to allow nationwide online voting in 2005 [1]. Together with its geographical location and heavy investment in the digital age, Estonia has been the target of instances of cyber-crime. In 2007, Estonia was victim to one of the largest instances of state-sponsored cyber warfare, affecting many national websites including those of the government, banks, ministries and broadcasters [2]. The motivation for this project is to work closely with academics at TTU to investigate these forms of malicious activities and develop techniques, through research and analysis, for real-time detection of cyber-attacks. The project is expected to provide new ideas and proposed solutions to the research questions that arise.

===Background===
Due to a rapid expansion in demand for Internet connected devices, the original 32-bit source and destination IPv4 address header fields were insufficient for accommodating this growth. Internet Protocol Version 6 (IPv6) was soon standardised in RFC 2460 [3] by the IETF and featured “Expanded Addressing Capabilities”. IPv6 allowed for 128-bit addressing, increasing the available address space from approximately 4.3×10^9 to 3.4×10^28 unique addresses. In addition to this, IPv6 also simplified the header format, instead adding the capability for optional extension headers. This allowed for a reduction in processing cost used for common case packets. The use of IPv6 also allowed for flow labeling capability, allowing the sender to label a packet as part of a particular traffic flow so that a request for special handling, such as non-default quality of service, could be applied.

However, as IPv6 was intended to replace IPv4, the two do not have direct communication abilities. This means that a device with only an IPv4 address cannot communicate with a device addressed only via IPv6. This means it is difficult to correlate the addresses of a hybrid IPv4/IPv6 device as there are no protocols to relate them. The exploitation of this property was the motivating factor behind the development and analysis of Hybrid IPv4/IPv6 data exfiltration attacks.

=='''Project Team'''==
===Students===
* Matthew Sclauzero
* Carmela Panuccio
* Pellegrino Coscia
* Benjamin Cosh

===Supervisors===
'''University of Adelaide'''
* Dr Matthew Sorell

'''Tallinn University of Technology'''
* Dr Olaf Maennel

===Advisors===
'''Tallinn University of Technology'''
* Dr Hayretdin Bahsi

'''NATO Cooperative Cyber Defence Centre of Excellence'''
* Mauno Pihelgas
* Bernhards Blumbergs

'''Centre for Defence Communications and Information Networking'''
* Dr Michael Webb
* Dr Hung Nguyen

== '''Attack Development and Analysis'''==
===Exfiltration Attacks===
The model for the exfiltration types required communication between two networked devices. This was achieved through the use of two virtual machines running Ubuntu on a single host system. The virtual machine client used was VirtualBox by Oracle. Ubuntu was chosen as the operating system as it was the Linux distribution familiar to all members of the project team. The implementation of this environment can be seen below.

[[File:Simulation_Environment_Diagram.png]]

====Exfiltration Attack Type 1: Hybrid IPv4/IPv6 Over TCP====
Exfiltration Attack Type 1, referred to as ‘Exfiltration Type 1’, would utilise the inbuilt socket connection library of Python to communicate between hosts using Transmission Control Protocol (TCP). The intention of this implementation was to create the appearance of an innocuous transmission between two devices through the use of a standard library. A TCP Connection was initiated to the Server from the Client. Upon connection the file from the Client was broken up into segments and transferred to the Server over IPv4 and IPv6 simultaneously while also alternating between the two IP protocol connections. When the transfer was completed, the connection was closed and the file reassembled on the Server side. The image below shows an overview of the transfer and the two flowcharts detail the procedure undertaken by both the Client and Server during transmission.

[[File:Client_flow.png]][[File:Server_flow.png]]

====Exfiltration Attack Type 2: Hybrid IPv4/IPv6 Over TCP====

===Analysis of Data===
====Stream Re-association====

=='''Study Tour'''==

== '''References''' ==
* [1] http://www.theatlantic.com/international/archive/2014/01/lessons-from-the-worlds-most-tech-savvy-government/283341/
* [2] http://www.theguardian.com/world/2007/may/17/topstories3.russia
* [3] https://tools.ietf.org/html/rfc2460
* [4]

File:Server flow.png

2015-10-23T08:56:32Z

A1628308:

File:Client flow.png

2015-10-23T08:55:57Z

A1628308:

Projects:2015s1-45 Analysis and Visualisation of Packet Data for Cyber-Security Purposes

2015-10-23T08:55:08Z

A1628308:

== '''About''' ==
===Aim===
The aim of this project was to investigate the usefulness of packet data from internet connected networks in the field of Cyber-Security. The use of Hybrid IPv4/IPv6 communication for the purpose of data exfiltration was the main focus for this project.

===Motivation===
In the modern age, there is a continuous push for everything to be made available online. The need for advanced cyber-security techniques that can quickly adapt to new types of attacks continues to grow. The collaboration with Estonia stems from the fact that it is highly regarded as a technologically advanced nation; it was the first country to allow nationwide online voting in 2005 [1]. Together with its geographical location and heavy investment in the digital age, Estonia has been the target of instances of cyber-crime. In 2007, Estonia was victim to one of the largest instances of state-sponsored cyber warfare, affecting many national websites including those of the government, banks, ministries and broadcasters [2]. The motivation for this project is to work closely with academics at TTU to investigate these forms of malicious activities and develop techniques, through research and analysis, for real-time detection of cyber-attacks. The project is expected to provide new ideas and proposed solutions to the research questions that arise.

===Background===
Due to a rapid expansion in demand for Internet connected devices, the original 32-bit source and destination IPv4 address header fields were insufficient for accommodating this growth. Internet Protocol Version 6 (IPv6) was soon standardised in RFC 2460 [3] by the IETF and featured “Expanded Addressing Capabilities”. IPv6 allowed for 128-bit addressing, increasing the available address space from approximately 4.3×10^9 to 3.4×10^28 unique addresses. In addition to this, IPv6 also simplified the header format, instead adding the capability for optional extension headers. This allowed for a reduction in processing cost used for common case packets. The use of IPv6 also allowed for flow labeling capability, allowing the sender to label a packet as part of a particular traffic flow so that a request for special handling, such as non-default quality of service, could be applied.

However, as IPv6 was intended to replace IPv4, the two do not have direct communication abilities. This means that a device with only an IPv4 address cannot communicate with a device addressed only via IPv6. This means it is difficult to correlate the addresses of a hybrid IPv4/IPv6 device as there are no protocols to relate them. The exploitation of this property was the motivating factor behind the development and analysis of Hybrid IPv4/IPv6 data exfiltration attacks.

=='''Project Team'''==
===Students===
* Matthew Sclauzero
* Carmela Panuccio
* Pellegrino Coscia
* Benjamin Cosh

===Supervisors===
'''University of Adelaide'''
* Dr Matthew Sorell

'''Tallinn University of Technology'''
* Dr Olaf Maennel

===Advisors===
'''Tallinn University of Technology'''
* Dr Hayretdin Bahsi

'''NATO Cooperative Cyber Defence Centre of Excellence'''
* Mauno Pihelgas
* Bernhards Blumbergs

'''Centre for Defence Communications and Information Networking'''
* Dr Michael Webb
* Dr Hung Nguyen

== '''Attack Development and Analysis'''==
===Exfiltration Attacks===
The model for the exfiltration types required communication between two networked devices. This was achieved through the use of two virtual machines running Ubuntu on a single host system. The virtual machine client used was VirtualBox by Oracle. Ubuntu was chosen as the operating system as it was the Linux distribution familiar to all members of the project team. The implementation of this environment can be seen below.

[[File:Simulation_Environment_Diagram.png]]

====Exfiltration Attack Type 1: Hybrid IPv4/IPv6 Over TCP====
Exfiltration Attack Type 1, referred to as ‘Exfiltration Type 1’, would utilise the inbuilt socket connection library of Python to communicate between hosts using Transmission Control Protocol (TCP). The intention of this implementation was to create the appearance of an innocuous transmission between two devices through the use of a standard library. A TCP Connection was initiated to the Server from the Client. Upon connection the file from the Client was broken up into segments and transferred to the Server over IPv4 and IPv6 simultaneously while also alternating between the two IP protocol connections. When the transfer was completed, the connection was closed and the file reassembled on the Server side. The image below shows an overview of the transfer and the two flowcharts detail the procedure undertaken by both the Client and Server during transmission.

====Exfiltration Attack Type 2: Hybrid IPv4/IPv6 Over TCP====

===Analysis of Data===
====Stream Re-association====

=='''Study Tour'''==

== '''References''' ==
* [1] http://www.theatlantic.com/international/archive/2014/01/lessons-from-the-worlds-most-tech-savvy-government/283341/
* [2] http://www.theguardian.com/world/2007/may/17/topstories3.russia
* [3] https://tools.ietf.org/html/rfc2460
* [4]

File:Simulation Environment Diagram.png

2015-10-23T08:49:43Z

A1628308:

Projects:2015s1-45 Analysis and Visualisation of Packet Data for Cyber-Security Purposes

2015-10-23T08:47:54Z

A1628308:

== '''About''' ==
===Aim===
The aim of this project was to investigate the usefulness of packet data from internet connected networks in the field of Cyber-Security. The use of Hybrid IPv4/IPv6 communication for the purpose of data exfiltration was the main focus for this project.

===Motivation===
In the modern age, there is a continuous push for everything to be made available online. The need for advanced cyber-security techniques that can quickly adapt to new types of attacks continues to grow. The collaboration with Estonia stems from the fact that it is highly regarded as a technologically advanced nation; it was the first country to allow nationwide online voting in 2005 [1]. Together with its geographical location and heavy investment in the digital age, Estonia has been the target of instances of cyber-crime. In 2007, Estonia was victim to one of the largest instances of state-sponsored cyber warfare, affecting many national websites including those of the government, banks, ministries and broadcasters [2]. The motivation for this project is to work closely with academics at TTU to investigate these forms of malicious activities and develop techniques, through research and analysis, for real-time detection of cyber-attacks. The project is expected to provide new ideas and proposed solutions to the research questions that arise.

===Background===
Due to a rapid expansion in demand for Internet connected devices, the original 32-bit source and destination IPv4 address header fields were insufficient for accommodating this growth. Internet Protocol Version 6 (IPv6) was soon standardised in RFC 2460 [3] by the IETF and featured “Expanded Addressing Capabilities”. IPv6 allowed for 128-bit addressing, increasing the available address space from approximately 4.3×10^9 to 3.4×10^28 unique addresses. In addition to this, IPv6 also simplified the header format, instead adding the capability for optional extension headers. This allowed for a reduction in processing cost used for common case packets. The use of IPv6 also allowed for flow labeling capability, allowing the sender to label a packet as part of a particular traffic flow so that a request for special handling, such as non-default quality of service, could be applied.

However, as IPv6 was intended to replace IPv4, the two do not have direct communication abilities. This means that a device with only an IPv4 address cannot communicate with a device addressed only via IPv6. This means it is difficult to correlate the addresses of a hybrid IPv4/IPv6 device as there are no protocols to relate them. The exploitation of this property was the motivating factor behind the development and analysis of Hybrid IPv4/IPv6 data exfiltration attacks.

=='''Project Team'''==
===Students===
* Matthew Sclauzero
* Carmela Panuccio
* Pellegrino Coscia
* Benjamin Cosh

===Supervisors===
'''University of Adelaide'''
* Dr Matthew Sorell

'''Tallinn University of Technology'''
* Dr Olaf Maennel

===Advisors===
'''Tallinn University of Technology'''
* Dr Hayretdin Bahsi

'''NATO Cooperative Cyber Defence Centre of Excellence'''
* Mauno Pihelgas
* Bernhards Blumbergs

'''Centre for Defence Communications and Information Networking'''
* Dr Michael Webb
* Dr Hung Nguyen

== '''Attack Development and Analysis'''==
===Exfiltration Attacks===
The model for the exfiltration types required communication between two networked devices. This was achieved through the use of two virtual machines running Ubuntu on a single host system. The virtual machine client used was VirtualBox by Oracle. Ubuntu was chosen as the operating system as it was the Linux distribution familiar to all members of the project team. The implementation of this environment can be seen below.

[[File:Example.jpg]]

====Exfiltration Attack Type 1: Hybrid IPv4/IPv6 Over TCP====
Exfiltration Attack Type 1, referred to as ‘Exfiltration Type 1’, would utilise the inbuilt socket connection library of Python to communicate between hosts using Transmission Control Protocol (TCP).

====Exfiltration Attack Type 2: Hybrid IPv4/IPv6 Over TCP====

===Analysis of Data===
====Stream Re-association====

=='''Study Tour'''==

== '''References''' ==
* [1] http://www.theatlantic.com/international/archive/2014/01/lessons-from-the-worlds-most-tech-savvy-government/283341/
* [2] http://www.theguardian.com/world/2007/may/17/topstories3.russia
* [3] https://tools.ietf.org/html/rfc2460
* [4]

Projects:2015s1-45 Analysis and Visualisation of Packet Data for Cyber-Security Purposes

2015-10-23T08:43:57Z

A1628308:

== '''About''' ==
===Aim===
The aim of this project was to investigate the usefulness of packet data from internet connected networks in the field of Cyber-Security. The use of Hybrid IPv4/IPv6 communication for the purpose of data exfiltration was the main focus for this project.

===Motivation===
In the modern age, there is a continuous push for everything to be made available online. The need for advanced cyber-security techniques that can quickly adapt to new types of attacks continues to grow. The collaboration with Estonia stems from the fact that it is highly regarded as a technologically advanced nation; it was the first country to allow nationwide online voting in 2005 [1]. Together with its geographical location and heavy investment in the digital age, Estonia has been the target of instances of cyber-crime. In 2007, Estonia was victim to one of the largest instances of state-sponsored cyber warfare, affecting many national websites including those of the government, banks, ministries and broadcasters [2]. The motivation for this project is to work closely with academics at TTU to investigate these forms of malicious activities and develop techniques, through research and analysis, for real-time detection of cyber-attacks. The project is expected to provide new ideas and proposed solutions to the research questions that arise.

===Background===
Due to a rapid expansion in demand for Internet connected devices, the original 32-bit source and destination IPv4 address header fields were insufficient for accommodating this growth. Internet Protocol Version 6 (IPv6) was soon standardised in RFC 2460 [3] by the IETF and featured “Expanded Addressing Capabilities”. IPv6 allowed for 128-bit addressing, increasing the available address space from approximately 4.3×10^9 to 3.4×10^28 unique addresses. In addition to this, IPv6 also simplified the header format, instead adding the capability for optional extension headers. This allowed for a reduction in processing cost used for common case packets. The use of IPv6 also allowed for flow labeling capability, allowing the sender to label a packet as part of a particular traffic flow so that a request for special handling, such as non-default quality of service, could be applied.

However, as IPv6 was intended to replace IPv4, the two do not have direct communication abilities. This means that a device with only an IPv4 address cannot communicate with a device addressed only via IPv6. This means it is difficult to correlate the addresses of a hybrid IPv4/IPv6 device as there are no protocols to relate them. The exploitation of this property was the motivating factor behind the development and analysis of Hybrid IPv4/IPv6 data exfiltration attacks.

=='''Project Team'''==
===Students===
* Matthew Sclauzero
* Carmela Panuccio
* Pellegrino Coscia
* Benjamin Cosh

===Supervisors===
'''University of Adelaide'''
* Dr Matthew Sorell

'''Tallinn University of Technology'''
* Dr Olaf Maennel

===Advisors===
'''Tallinn University of Technology'''
* Dr Hayretdin Bahsi

'''NATO Cooperative Cyber Defence Centre of Excellence'''
* Mauno Pihelgas
* Bernhards Blumbergs

'''Centre for Defence Communications and Information Networking'''
* Dr Michael Webb
* Dr Hung Nguyen

== '''Attack Development and Analysis'''==
===Exfiltration Attacks===
====Exfiltration Attack Type 1====

====Exfiltration Attack Type 2====

===Analysis of Data===
====Stream Re-association====

=='''Study Tour'''==

== '''References''' ==
* [1] http://www.theatlantic.com/international/archive/2014/01/lessons-from-the-worlds-most-tech-savvy-government/283341/
* [2] http://www.theguardian.com/world/2007/may/17/topstories3.russia
* [3] https://tools.ietf.org/html/rfc2460
* [4]

Projects:2015s1-45 Analysis and Visualisation of Packet Data for Cyber-Security Purposes

2015-10-23T08:39:51Z

A1628308:

Projects:2015s1-45 Analysis and Visualisation of Packet Data for Cyber-Security Purposes

2015-10-23T08:38:40Z

A1628308:

Projects:2015s1-45 Analysis and Visualisation of Packet Data for Cyber-Security Purposes

2015-10-23T08:36:19Z

A1628308:

Projects:2015s1-45 Analysis and Visualisation of Packet Data for Cyber-Security Purposes

2015-10-23T08:35:14Z

A1628308:

Projects:2015s1-45 Analysis and Visualisation of Packet Data for Cyber-Security Purposes

2015-10-23T08:27:58Z

A1628308:

== '''About''' ==
===Aim===
The aim of this project was to investigate the usefulness of packet data from internet connected networks in the field of Cyber-Security.

===Motivation===
In the modern age, there is a continuous push for everything to be made available online. The need for advanced cyber-security techniques that can quickly adapt to new types of attacks continues to grow. The collaboration with Estonia stems from the fact that it is highly regarded as a technologically advanced nation; it was the first country to allow nationwide online voting in 2005 [1]. Together with its geographical location and heavy investment in the digital age, Estonia has been the target of instances of cyber-crime. In 2007, Estonia was victim to one of the largest instances of state-sponsored cyber warfare, affecting many national websites including those of the government, banks, ministries and broadcasters [2]. The motivation for this project is to work closely with academics at TTU to investigate these forms of malicious activities and develop techniques, through research and analysis, for real-time detection of cyber-attacks. The project is expected to provide new ideas and proposed solutions to the research questions that arise.

===Background===

==Project Team==
===Students===
* Matthew Sclauzero
* Carmela Panuccio
* Pellegrino Coscia
* Benjamin Cosh

===Supervisors===
=====University of Adelaide=====
* Dr Matthew Sorell

=====Tallinn University of Technology=====
* Dr Olaf Maenell

===Advisors===
=====Tallinn University of Technology=====
* Dr Hayretdin Bahsi

=====NATO Cooperative Cyber Defence Centre of Excellence=====
* Mauno Pihelgas
* Bernhards Blumbergs

=====Centre for Defence Communications and Information Networking=====
* Dr Michael Webb
* Dr Hung Nguyen

== '''References''' ==
* [1] http://www.theatlantic.com/international/archive/2014/01/lessons-from-the-worlds-most-tech-savvy-government/283341/
* [2] http://www.theguardian.com/world/2007/may/17/topstories3.russia

Projects:2015s1-45 Analysis and Visualisation of Packet Data for Cyber-Security Purposes

2015-10-23T08:27:13Z

A1628308:

== '''About''' ==
===Aim===
The aim of this project was to investigate the usefulness of packet data from internet connected networks in the field of Cyber-Security.

===Motivation===
In the modern age, there is a continuous push for everything to be made available online. The need for advanced cyber-security techniques that can quickly adapt to new types of attacks continues to grow. The collaboration with Estonia stems from the fact that it is highly regarded as a technologically advanced nation; it was the first country to allow nationwide online voting in 2005 [1]. Together with its geographical location and heavy investment in the digital age, Estonia has been the target of instances of cyber-crime. In 2007, Estonia was victim to one of the largest instances of state-sponsored cyber warfare, affecting many national websites including those of the government, banks, ministries and broadcasters2. The motivation for this project is to work closely with academics at TTU to investigate these forms of malicious activities and develop techniques, through research and analysis, for real-time detection of cyber-attacks. The project is expected to provide new ideas and proposed solutions to the research questions that arise.

===Background===

==Project Team==
===Students===
* Matthew Sclauzero
* Carmela Panuccio
* Pellegrino Coscia
* Benjamin Cosh

===Supervisors===
=====University of Adelaide=====
* Dr Matthew Sorell

=====Tallinn University of Technology=====
* Dr Olaf Maenell

===Advisors===
=====Tallinn University of Technology=====
* Dr Hayretdin Bahsi

=====NATO Cooperative Cyber Defence Centre of Excellence=====
* Mauno Pihelgas
* Bernhards Blumbergs

=====Centre for Defence Communications and Information Networking=====
* Dr Michael Webb
* Dr Hung Nguyen

== '''References''' ==
* [1] http://www.theatlantic.com/international/archive/2014/01/lessons-from-the-worlds-most-tech-savvy-government/283341/
* [2] http://www.theguardian.com/world/2007/may/17/topstories3.russia

Projects:2015s1-45 Analysis and Visualisation of Packet Data for Cyber-Security Purposes

2015-10-23T08:21:27Z

A1628308:

== '''About''' ==
===Project Team===
* Matthew Sclauzero
* Carmela Panuccio
* Pellegrino Coscia
* Benjamin Cosh

===Supervisors===
=====University of Adelaide=====
* Dr Matthew Sorell

=====Tallinn University of Technology=====
* Dr Olaf Maenell

===Advisors===
=====NATO Cooperative Cyber Defence Centre of Excellence=====
* Mauno Pihelgas
* Bernhards Blumbergs

=====Centre for Defence Communications and Information Networking=====
* Dr Michael Webb
* Dr Hung Nguyen

=='''Description'''==
===Aim===
The aim of this project was to investigate the usefulness of packet data from internet connected networks in the field of Cyber-Security.

===Motivation===

===Background===

Projects:2015s1-45 Analysis and Visualisation of Packet Data for Cyber-Security Purposes

2015-10-23T08:17:26Z

A1628308:

== '''About''' ==
===Project Team===
- Matthew Sclauzero
- Carmela Panuccio
- Pellegrino Coscia
- Benjamin Cosh

===Supervisors===
'''University of Adelaide'''
- Dr Matthew Sorell

'''Tallinn University of Technology'''
- Dr Olaf Maenell

===Advisors===
'''NATO Cooperative Cyber Defence Centre of Excellence'''
- Mauno Pihelgas
- Bernhards Blumbergs

'''Centre for Defence Communications and Information Networking'''
- Dr Michael Webb
- Dr Hung Nguyen

===Aim===
The aim of this project was to investigate the usefulness of packet data from internet connected networks in the field of Cyber-Security.

===Motivation===

===Background===

Projects:2015s1-45 Analysis and Visualisation of Packet Data for Cyber-Security Purposes

2015-10-23T08:07:54Z

A1628308:

== '''About''' ==

'''Aim'''
The aim of this project was to investigate the usefulness of packet data from internet connected networks in the field of Cyber-Security.

Projects:2015s1-45 Analysis and Visualisation of Packet Data for Cyber-Security Purposes

2015-10-23T08:05:08Z

A1628308: Created page with " == '''About''' =="

== '''About''' ==