63 results
Search Results
2. Attack Patterns Discovery by Frequent Episodes Mining from Honeypot Systems.
- Author
-
Su, Ming-Yang, Chang, Kai-Chi, and Lin, Chun-Yuen
- Abstract
The type of Probe/Exploit (hacking) intrusion can be regarded as a series of relevant actions that are occurred in some sequence. In frequent episodes mining, data is viewed as a sequence of events, where each event has an associated time of occurrence. So the mining technique has significant effect on discovering sophisticated Probe/Exploit intrusion attacks. Prior to deadly attacks to the victim computers, hackers must gather information about the victims and transfer instructions or files to the victims. The proposed method can be used to discover such abnormal episodes from the log files of honeypot systems. The proposed method can be applied to discover known or unknown attack episodes for any network services. In this paper, we focus on discovering attack episodes for SMB (Server Message Block) protocol, which is the most important one for Microsoft΄s Windows Network. In the experiment, we successfully mined out a sophisticated intrusion episode. The proposed method can easily be modified to protect other network services. [ABSTRACT FROM AUTHOR]
- Published
- 2009
- Full Text
- View/download PDF
3. A Survey on Detection Techniques to Prevent Cross-Site Scripting Attacks on Current Web Applications.
- Author
-
Garcia-Alfaro, Joaquin and Navarro-Arribas, Guillermo
- Abstract
Security is becoming one of the major concerns for web applications and other Internet based services, which are becoming pervasive in all kinds of business models, organizations, and so on. Moreover, critical systems such as those related to health care, banking, or even emergency response, are relying on such applications and services. Web applications must therefore include, in addition to the expected value offered to their users, reliable mechanisms to ensure their security. In this paper, we focus on the specific problem of preventing crosssite scripting attacks against web applications. We present a study of this kind of attacks, and survey current approaches for their prevention. Applicability and limitations of each proposal are also discussed. [ABSTRACT FROM AUTHOR]
- Published
- 2008
- Full Text
- View/download PDF
4. Accelerating the Propagation of Active Worms by Employing Multiple Target Discovery Techniques.
- Author
-
Fan, Xiang and Xiang, Yang
- Abstract
Recently, active worms have done significant damage due to their rapid propagation over the Internet. We studied propagation mechanisms of active worms employing single target discovery technique and various combinations of two or three different target discovery techniques from attackers΄ perspective. We performed a series of simulation experiments to investigate their propagation characteristics under various scenarios. We found uniform scanning to be an indispensable elementary target discovery technique of active worms. Our major contributions in this paper are first, we proposed the discrete time deterministic Compensation Factor Adjusted Propagation (CFAP) model of active worms; and second, we suggested the combination of target discovery techniques that can best accelerate propagation of active worms discovered from results of the comprehensive simulations. The significance of this paper lies in it being very beneficial to understanding of propagation mechanisms of active worms, and thus building effective and efficient defense systems against their propagation. [ABSTRACT FROM AUTHOR]
- Published
- 2008
- Full Text
- View/download PDF
5. Finding TCP Packet Round-Trip Time for Intrusion Detection: Algorithm and Analysis.
- Author
-
Yang, Jianhua, Lee, Byong, and Zhang, Yongzhong
- Abstract
Most network intruders launch their attacks through stepping-stones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to detect a long interactive connection chain. TCP packet round-trip time (RTT) can be used to estimate the length of a connection chain. In this paper, we propose a Standard Deviation-Based Clustering (SDC) Algorithm to find RTTs. SDC takes advantage of the fact that the distribution of RTTs is concentrated on a small range to find RTTs. It outperforms other approaches in terms of packet matching-rate and matching-accuracy. We derive an upper-bound of the probability of making an incorrect selection of RTT through SDC. This paper includes some experimental results to compare SDC with other algorithms and discusses its restrictions as well. [ABSTRACT FROM AUTHOR]
- Published
- 2006
- Full Text
- View/download PDF
6. A Self-Organized Multiagent System for Intrusion Detection.
- Author
-
Palomo, Esteban J., Domínguez, Enrique, Luque, Rafael M., and Muñoz, Jose
- Abstract
This paper describes a multiagent system with capabilities to analyze and discover knowledge gathered from distributed agents. These enhanced capabilities are obtained through a dynamic self-organizing map and a multiagent communication system. The central administrator agent dynamically obtains information about the attacks or intrusions from the distributed agents and maintains a knowledge pool using a proposed growing self-organizing map. The approach integrates traditional mathematical and data mining techniques with a multiagent system. The proposed system is used to build an intrusion detection system (IDS) as a network security application. Finally, experimental results are presented to confirm the good performance of the proposed system. [ABSTRACT FROM AUTHOR]
- Published
- 2009
- Full Text
- View/download PDF
7. Detection and Defense of Identity Attacks in P2P Network.
- Author
-
Lu, Chuiwei
- Abstract
Opening property of P2P network allows nodes to freely join P2P network and to create identity at no cost. Utilizing the loopholes, malicious nodes can create a number of identities in a short time, which will exhaust the identifiers resources and damage the operation of P2P network. The paper proposes a conundrum verification scheme which enables the node to join P2P network and creates identity more difficult. Moreover, it also puts forward a detection and elimination scheme, which can help P2P network to detect identity attackers promptly and eliminate them. Simulation experiments demonstrate that with the combination of the two schemes, P2P network can prevent identity attack effectively. [ABSTRACT FROM AUTHOR]
- Published
- 2009
- Full Text
- View/download PDF
8. Storage-Based Intrusion Detection Using Artificial Immune Technique.
- Author
-
Chen, Yunliang, Huang, Jianzhong, Xie, Changsheng, and Fang, Yunfu
- Abstract
Storage-based intrusion detection systems (SIDS) allow storage systems to watch for suspicious activity. This paper presents a novel storage- based intrusion detection scheme to monitor the user΄s activities with the artificial immune technique. Compared with the previous SIDS prototype, the SIDS using artificial immune technique can recognize a strange suspicious behavior. Before simulation, a set of appropriate parameters of algorithm are fitted according to the mean convergence speed and detection efficiency. The simulation shows the proposed scheme can reach higher detection rate and lower false alarm rate than the previous ones. [ABSTRACT FROM AUTHOR]
- Published
- 2009
- Full Text
- View/download PDF
9. Application of Data Mining to Network Intrusion Detection: Classifier Selection Model.
- Author
-
Nguyen, Huy Anh and Choi, Deokjai
- Abstract
As network attacks have increased in number and severity over the past few years, intrusion detection system (IDS) is increasingly becoming a critical component to secure the network. Due to large volumes of security audit data as well as complex and dynamic properties of intrusion behaviors, optimizing performance of IDS becomes an important open problem that is receiving more and more attention from the research community. The uncertainty to explore if certain algorithms perform better for certain attack classes constitutes the motivation for the reported herein. In this paper, we evaluate performance of a comprehensive set of classifier algorithms using KDD99 dataset. Based on evaluation results, best algorithms for each attack category is chosen and two classifier algorithm selection models are proposed. The simulation result comparison indicates that noticeable performance improvement and real-time intrusion detection can be achieved as we apply the proposed models to detect different kinds of network attacks. [ABSTRACT FROM AUTHOR]
- Published
- 2008
- Full Text
- View/download PDF
10. Non-stationary Data Mining: The Network Security Issue.
- Author
-
Decherchi, Sergio, Gastaldo, Paolo, Redi, Judith, and Zunino, Rodolfo
- Abstract
Data mining applications explore large amounts of heterogeneous data in search of consistent information. In such a challenging context, empirical learning methods aim to optimize prediction on unseen data, and an accurate estimate of the generalization error is of paramount importance. The paper shows that the theoretical formulation based on the Vapnik-Chervonenkis dimension (d
vc ) can be of practical interest when applied to clustering methods for data-mining applications. The presented research adopts the K-Winner Machine (KWM) as a clustering-based, semi-supervised classifier; in addition to fruitful theoretical properties, the model provides a general criterion for evaluating the applicability of Vapnik΄s generalization predictions in data mining. The general approach is verified experimentally in the practical problem of detecting intrusions in computer networks. Empirical results prove that the KWM model can effectively support such a difficult classification task and combine unsupervised and supervised. [ABSTRACT FROM AUTHOR]- Published
- 2008
- Full Text
- View/download PDF
11. Packet Marking Based Cooperative Attack Response Service for Effectively Handling Suspicious Traffic.
- Author
-
An, Gaeil and Park, Joon S.
- Abstract
The security vulnerabilities in a network environment and their corresponding countermeasures have become more critical issues than ever. Although many researchers and vendors have introduced powerful mechanisms such as Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) for network security, the packet-based decision is not always correct, especially when those systems are involved in network traffics across multiple organizations under different security policies. In fact, some legitimate (normal) network traffics produce a similar pattern to that of malicious traffics such as Distributed Denial of Service (DDoS), and vice versa. We call those traffics suspicious. Suspicious traffic cannot be clearly designated as malicious or normal traffic. Since traditional IDS or IPS approaches make a simple binary decision (i.e., allow or reject) based on pre-defined rules, there is a high possibility that suspicious/legitimate packets are rejected or suspicious/malicious packets are allowed. To enhance the quality of service in a network environment, we propose in this paper a Packet Marking-Based Cooperative Attack Response Service (pm-CARS) that is able to effectively deal with suspicious network traffic. pm-CARS nodes cooperate with each other by using packet-marking. These pm-CARS nodes mark suspicious packets instead of dropping them. All the marked packets are forwarded to the next node using a low priority of service designation, which indicates the drop probability is very high. Our pm-CARS includes two schemes: abnormal IP address detection and abnormal excess traffic detection schemes. Our pm-CARS can reduce the false-positive rate and can protect the quality of service for innocent traffic from attacks. Finally, we simulate our ideas in a network environment and discuss the evaluation results. [ABSTRACT FROM AUTHOR]
- Published
- 2006
- Full Text
- View/download PDF
12. Digital Health Transformation, Smart Ageing, and Managing Disability
- Author
-
Jongbae, Kim, Mokhtari, Mounir, Aloulou, Hamdi, Abdulrazak, Bessam, and Seungbok, Lee
- Subjects
architechture types ,Information systems ,Security and privacy ,Human-centered computing ,Applied computing ,Emerging technologies ,Network protocols ,Network algorithms ,Data management systems ,Information storage systems ,Information retrieval ,Information systems applications ,system security ,Network security ,Software and application security ,Data base and storage security ,Human computer interaction ,Ubiquitous and mobile computing ,Life and medical sciences ,bic Book Industry Communication::U Computing & information technology::UK Computer hardware::UKN Network hardware ,bic Book Industry Communication::U Computing & information technology::UM Computer programming / software development::UMZ Software Engineering ,bic Book Industry Communication::U Computing & information technology::UB Information technology: general issues ,bic Book Industry Communication::U Computing & information technology::UY Computer science::UYZ Human-computer interaction::UYZG User interface design & usability ,bic Book Industry Communication::U Computing & information technology::UY Computer science::UYQ Artificial intelligence::UYQV Computer vision ,bic Book Industry Communication::U Computing & information technology::UY Computer science::UYD Systems analysis & design - Abstract
This open access book constitutes the refereed proceedings of the 20th International Conference on Digital Health Transformation and Smart Ageing, ICOST 2023, held in Wonju, South Korea, during July 7–8, 2023. The 18 full papers and 16 short papers included in this book were carefully reviewed and selected from 41 submissions. They were organized in topical sections as follows: IoT and AI Solutions for E-health, Biomedical and Health Informatics, Wellbeing Technologies, Short Contributions: Medical Systems and E-health Solutions and Short Contributions: Wellbeing Technologies.
- Published
- 2023
- Full Text
- View/download PDF
13. TRIDNT: Isolating Dropper Nodes with Some Degree of Selfishness in MANET.
- Author
-
Abd El-Haleem, Ahmed M., Ali, Ihab A., Ibrahim, Ibrahim I., and El-Sawy, Abdel Rahman H.
- Abstract
In Mobile ad-hoc network, nodes must cooperate to achieve the routing purposes. Therefore, some network nodes may decide against cooperating with others; selfish nodes; to save their resources. Also these networks are extremely under threat to insider; malicious nodes; especially through packet dropping attacks. In this paper, we design a novel monitoring and searching scheme to detect and isolate the dropper nodes in ad-hoc networks, called TRIDNT (Two node-disjoint Routes scheme for Isolating Dropper Node in MANET). TRIDNT allows some degree of selfishness to give an incentive to the selfish nodes to declare itself to its neighbors, which reduce the misbehaving nodes searching time. In TRIDNT two node-disjoint routes between the source and destination are selected based on their trust values. We use both DLL-ACK and end-to-end TCP-ACK to monitor the behavior of routing path nodes: if a malicious behavior is detected then the path searching tool starts to identify the malicious nodes and isolate them. Finally our scheme reduces the searching time of malicious nodes, and avoids the isolated misbehaving node from sharing in all future routes, which improve the overall network throughput. [ABSTRACT FROM AUTHOR]
- Published
- 2011
- Full Text
- View/download PDF
14. Framework Design and Performance Analysis on Pairwise Key Establishment.
- Author
-
Lee, Younho and Park, Yongsu
- Abstract
Pairwise key establishment provides an effective way to build secure communication links among sensor nodes using cryptographic techniques. Up till now, researchers have devised numerous schemes that employ diverse cryptographic or combinatoric methods in order to provide high security, high connectivity and low storage overheads on the sensors. In this paper, we present a new framework on pairwise key establishment. We show that it can encompass most of the major previous schemes. Furthermore, we analyze the performance of the previous schemes using the proposed framework. When 100% connectivity is provided, under the same storage overhead on the sensor nodes, Blundo scheme and Blum scheme provide the highest security against intelligent adversaries while YG-L scheme is the best against random adversaries. When connectivity is under 100%, for random adversaries, location-aware schemes provide better security than non-location based schemes whereas for intelligent adversaries, all location based schemes΄ security is less than that of other schemes. [ABSTRACT FROM AUTHOR]
- Published
- 2009
- Full Text
- View/download PDF
15. Queueing Analysis for Networks Under DoS Attack.
- Author
-
Aissani, Amar
- Abstract
In this paper, we considera queueing model of computer network under DoS attacks. The arrival of SYN packets contains two types: the regular request packets and the attack packets that request for connections. We assume that the connection requests arrive according to a Poisson processes and the service times are general but different for the two types of requests. A maximum number of connections can be served at the same time. Each half-open connection is held for at most a deterministic or random period of time (timeout). We obtain the steady-state probability distribution of the stochastic process describing the evolution of such a system. Next, we show how to compute some security metrics such as the loss-probability or the buffer occupancy percentage of half-open connections for attack packets. [ABSTRACT FROM AUTHOR]
- Published
- 2008
- Full Text
- View/download PDF
16. Peeking Through the Cloud: DNS-Based Estimation and Its Applications.
- Author
-
Rajab, Moheeb Abu, Monrose, Fabian, Terzis, Andreas, and Provos, Niels
- Abstract
Reliable network demographics are quickly becoming a much sought-after digital commodity. However, as the need for more refined Internet demographics has grown, so too has the tension between privacy and utility. Unfortunately, current techniques lean too much in favor of functional requirements over protecting the privacy of users. For example, the most prominent proposals for measuring the relative popularity of a website depend on the deployment of client-side measurement agents that are generally perceived as infringing on users΄ privacy, thereby limiting their wide scale adoption. Moreover, the client-side nature of these techniques also makes them susceptible to various manipulation tactics that undermine the integrity of their results. In this paper, we propose a new estimation technique that uses DNS cache probing to infer the density of clients accessing a given service. Compared to earlier techniques, our scheme is less invasive as it does not reveal user-specific traits, and is more robust against manipulation. We demonstrate the flexibility of our approach through two important security applications. First, we illustrate how our scheme can be used as a lightweight technique for measuring and verifying the relative popularity rank of different websites. Second, using data from several hundred botnets, we apply our technique to indirectly measure the infected population of this increasing Internet phenomenon. [ABSTRACT FROM AUTHOR]
- Published
- 2008
- Full Text
- View/download PDF
17. A Graph-Theoretic Visualization Approach to Network Risk Analysis.
- Author
-
O΄Hare, Scott, Noel, Steven, and Prole, Kenneth
- Abstract
This paper describes a software system that provides significant new capabilities for visualization and analysis of network attack graphs produced through Topological Vulnerability Analysis (TVA). The TVA approach draws on a database of known exploits and system vulnerabilities to provide a connected graph representing possible cyber-attack paths within a given network. Our visualization approach builds on the extensive functionality of the yWorks suite of graphing tools, providing customized new capabilities for importing, displaying, and interacting with large scale attack graphs, to facilitate comprehensive network security analysis. These visualization capabilities include clustering of attack graph elements for reducing visual complexity, a hierarchical dictionary of attack graph elements, high-level overview with detail drilldown, interactive on-graph hardening of attacker exploits, and interactive graph layouts. This new visualization system is an integrated component of the CAULDRON attack graph tool developed at George Mason University. [ABSTRACT FROM AUTHOR]
- Published
- 2008
- Full Text
- View/download PDF
18. Workload Characterization of a Lightweight SSL Implementation Resistant to Side-Channel Attacks.
- Author
-
Koschuch, Manuel, Groβschädl, Johann, Payer, Udo, Hudler, Matthias, and Krüger, Michael
- Abstract
Ever-growing mobility and ubiquitous wireless Internet access raise the need for secure communication with devices that may be severely constrained in terms of processing power, memory capacity and network speed. In this paper we describe a lightweight implementation of the Secure Sockets Layer (SSL) protocol with a focus on small code size and low memory usage. We integrated a generic public-key crypto library into this SSL stack to support elliptic curve cryptography over arbitrary prime and binary fields. Furthermore, we aimed to secure the SSL handshake against side-channel attacks (in particular simple power analysis) by eliminating all data-dependent or key-dependent branches and memory accesses from the arithmetic operations and compare the resulting performance with an unprotected implementation. Our lightweight SSL stack has only 6% of the code size and RAM requirements of OpenSSL, but outperforms it in point multiplication over prime fields when no appropriate countermeasures against side-channel attacks are implemented. With such countermeasures, however, the execution time of a typical SSL handshake increases by roughly 50%, but still completes in less than 160 msec on a 200 MHz iPAQ PDA when using an elliptic curve over a 192-bit prime field. [ABSTRACT FROM AUTHOR]
- Published
- 2008
- Full Text
- View/download PDF
19. Key Management Using Certificateless Public Key Cryptography in Ad Hoc Networks.
- Author
-
Li, Fagen, Shirase, Masaaki, and Takagi, Tsuyoshi
- Abstract
As various applications of wireless ad hoc network have been proposed, security has become one of the big research challenges and is receiving increasing attention. In this paper, we propose a distributed key management approach by using the recently developed concepts of certificateless public key cryptography and threshold secret sharing schemes. Without any assumption of prefixed trust relationship between nodes, the ad hoc network works in a self-organizing way to provide the key generation and key management services using threshold secret sharing schemes, which effectively solves the problem of single point of failure. Certificateless public key cryptography is applied here not only to eliminate the need for certificates, but also to retain the desirable properties of identity-based key management approaches without the inherent key escrow problem. [ABSTRACT FROM AUTHOR]
- Published
- 2008
- Full Text
- View/download PDF
20. Gnort: High Performance Network Intrusion Detection Using Graphics Processors.
- Author
-
Vasiliadis, Giorgos, Antonatos, Spiros, Polychronakis, Michalis, Markatos, Evangelos P., and Ioannidis, Sotiris
- Abstract
The constant increase in link speeds and number of threats poses challenges to network intrusion detection systems (NIDS), which must cope with higher traffic throughput and perform even more complex per-packet processing. In this paper, we present an intrusion detection system based on the Snort open-source NIDS that exploits the underutilized computational power of modern graphics cards to offload the costly pattern matching operations from the CPU, and thus increase the overall processing throughput. Our prototype system, called Gnort, achieved a maximum traffic processing throughput of 2.3 Gbit/s using synthetic network traces, while when monitoring real traffic using a commodity Ethernet interface, it outperformed unmodified Snort by a factor of two. The results suggest that modern graphics cards can be used effectively to speed up intrusion detection systems, as well as other systems that involve pattern matching operations. [ABSTRACT FROM AUTHOR]
- Published
- 2008
- Full Text
- View/download PDF
21. Distinguishing between FE and DDoS Using Randomness Check.
- Author
-
Park, Hyundo, Li, Peng, Gao, Debin, Lee, Heejo, and Deng, Robert H.
- Abstract
Threads posed by Distributed Denial of Service (DDoS) attacks are becoming more serious day by day. Accurately detecting DDoS becomes an important and necessary step in securing a computer network. However, Flash Event (FE), which is created by legitimate requests, shares very similar characteristics with DDoS in many aspects and makes it hard to be distinguished from DDoS attacks. In this paper, we propose a simple yet effective mechanism called FDD (FE and DDoS Distinguisher) to distinguish FE and DDoS. To the best of our knowledge, this is the first effective and practical mechanism that distinguishes FE and DDoS attacks. Our trace-driven evaluation shows that FDD distinguishes between FE and DDoS attacks accurately and efficiently by utilizing only memory of a very small size, making it possible to be implemented on high-speed networking devices. [ABSTRACT FROM AUTHOR]
- Published
- 2008
- Full Text
- View/download PDF
22. Efficient User Authentication and Key Agreement in Wireless Sensor Networks.
- Author
-
Juang, Wen-Shenq
- Abstract
In wireless sensor networks, many sensor nodes form self-organizing wireless networks. The sensor nodes in these networks only have limited computation and communication capacity, storage and energy. In this paper, we propose a novel user authentication and key agreement scheme suitable for wireless sensor network environments. The main merits include: (1) the shared keys generation and management between all participants is flexible and simplified; (2) a sensor node only needs to register in a key center and can generate shared keys and exchange session keys with the other participants in the corresponding domain of the base station; (3) an installer can freely choose and change the password installed in a sensor node for protecting this node when it is installed or the battery of the node must be replaced; (4) the communication and computation cost is very low; (5) any two participants can authenticate each other; (6) it can generate a session key agreed by any two participants; (7) an installer can freely add new nodes to a sensor network after some nodes have already been installed in it; (8) our scheme is a nonce-based scheme which does not have a serious time-synchronization problem. [ABSTRACT FROM AUTHOR]
- Published
- 2007
- Full Text
- View/download PDF
23. Network Monitoring for Security and Forensics.
- Author
-
Shanmugasundaram, Kulesh and Memon, Nasir
- Abstract
Networked environment has grown hostile over the years. In order to guarantee the security of networks and the resources attached to networks it is necessary to constantly monitor and analyze network traffic. Increasing network bandwidth, however, prohibits the recording and analysis of raw network traffic. In this paper we discuss some challenges facing network monitoring and present monitoring strategies to alleviate the challenges. [ABSTRACT FROM AUTHOR]
- Published
- 2006
- Full Text
- View/download PDF
24. An Authenticated Key Agreement Protocol for Mobile Ad Hoc Networks.
- Author
-
Zou, Xukai, Thukral, Amandeep, and Ramamurthy, Byrav
- Abstract
The growing popularity of wireless ad hoc networks has brought increasing attention to many security issues for such networks. A lot of research has been carried out in the areas of authentication and key management for such networks. However, due to lack of existing standards for such networks, most of the proposed schemes are based on different assumptions and are applicable only in specific environments. Recently Balachandran et al. proposed CRTDH [1], a novel key agreement scheme for group communications in wireless ad hoc networks. The protocol has many desirable properties such as efficient computation of group key and support for high dynamics. However, the protocol does not discuss mutual authentication among the nodes and hence, suffers from two kinds of attacks: man-in-the-middle attack and Least Common Multiple (LCM) attack. This paper identifies the problems with the current CRTDH scheme and discusses these attacks. AUTH-CRTDH, a modified key agreement protocol with authentication capability, is also presented. Results from extensive experiments that were run on the proposed protocol and some other key agreement protocols including CRTDH are also discussed. It can be observed from the experiments that the new scheme is comparable with the CRTDH scheme and better than many other non-authenticated schemes in terms of performance. [ABSTRACT FROM AUTHOR]
- Published
- 2006
- Full Text
- View/download PDF
25. A Multi-agent Cooperative Model and System for Integrated Security Monitoring.
- Author
-
Li, Xianxian and Liu, Lijun
- Abstract
The increasing complexity of various network threats has made the integration and cooperation of multiple security monitoring technologies necessary in network security defense. However, most existing works have focused on certain special monitoring technologies such as intrusion detection, and studies on integrated security monitoring system are quite insufficient. In this paper, a novel formal model called MCSM (Multi-agent Cooperation model for Security Monitoring based on knowledge) is proposed. In MCSM, the integrated security monitoring is modeled as a FSA (Finite State Automata) with multiple agents, and a general knowledge structure for multiple agents is constructed. We have successfully developed an IMS (Integrated Monitoring System) called ACT-BroSA (Broad-spectrum security Scan and Analysis system) based on MCSM. Results of experiments show that the integrated monitoring capability is significantly improved. [ABSTRACT FROM AUTHOR]
- Published
- 2006
- Full Text
- View/download PDF
26. Freshness assurance of authentication protocols.
- Author
-
Lam, Kwok-yan and Gollmann, Dieter
- Abstract
This paper describes various ways of providing freshness assurance of authentication protocols. It approaches the issue by discussing the notion of time in distributed authentication. In the context of authentication, we identify the places where the concept of time is needed, and describe the ways that timeliness of authentication protocols can be achieved. [ABSTRACT FROM AUTHOR]
- Published
- 1992
- Full Text
- View/download PDF
27. Cyber Security
- Author
-
Lu, Wei, Zhang, Yuqing, Wen, Weiping, Yan, Hanbing, and Li, Chao
- Subjects
artificial intelligence ,authentication ,computer hardware ,computer networks ,computer security ,computer systems ,cryptography ,data communication systems ,data mining ,data security ,databases ,information retrieval ,network protocols ,network security ,privacy ,signal processing ,telecommunication networks ,telecommunication systems ,bic Book Industry Communication::U Computing & information technology::UR Computer security ,bic Book Industry Communication::U Computing & information technology::UT Computer networking & communications ,bic Book Industry Communication::G Reference, information & interdisciplinary subjects::GP Research & information: general::GPJ Coding theory & cryptology ,bic Book Industry Communication::U Computing & information technology::UT Computer networking & communications::UTN Network security ,bic Book Industry Communication::U Computing & information technology::UY Computer science::UYQ Artificial intelligence ,bic Book Industry Communication::U Computing & information technology::UM Computer programming / software development::UMZ Software Engineering - Abstract
This open access book constitutes the refereed proceedings of the 17th International Annual Conference on Cyber Security, CNCERT 2021, held in Beijing, China, in AJuly 2021. The 14 papers presented were carefully reviewed and selected from 51 submissions. The papers are organized according to the following topical sections: data security; privacy protection; anomaly detection; traffic analysis; social network security; vulnerability detection; text classification.
- Published
- 2022
- Full Text
- View/download PDF
28. Security in Computer and Information Sciences
- Author
-
Gelenbe, Erol, Jankovic, Marija, Kehagias, Dionysios, Marton, Anna, and Vilmos, Andras
- Subjects
architecture types ,artificial intelligence ,communication systems ,computer crime ,computer hardware ,computer networks ,computer security ,computer systems ,cryptography ,data security ,Internet of Things (IoT) ,network protocols ,network security ,signal processing ,software architecture ,software design ,software engineering ,telecommunication networks ,telecommunication systems ,bic Book Industry Communication::U Computing & information technology::UR Computer security ,bic Book Industry Communication::U Computing & information technology::UN Databases::UNH Information retrieval ,bic Book Industry Communication::U Computing & information technology::UK Computer hardware::UKN Network hardware ,bic Book Industry Communication::U Computing & information technology::UM Computer programming / software development::UMZ Software Engineering ,bic Book Industry Communication::U Computing & information technology::UB Information technology: general issues::UBL Legal aspects of IT ,bic Book Industry Communication::G Reference, information & interdisciplinary subjects::GP Research & information: general::GPJ Coding theory & cryptology - Abstract
This open access book constitutes the thoroughly refereed proceedings of the Second International Symposium on Computer and Information Sciences, EuroCybersec 2021, held in Nice, France, in October 2021. The 9 papers presented together with 1 invited paper were carefully reviewed and selected from 21 submissions. The papers focus on topics of security of distributed interconnected systems, software systems, Internet of Things, health informatics systems, energy systems, digital cities, digital economy, mobile networks, and the underlying physical and network infrastructures. This is an open access book.
- Published
- 2022
- Full Text
- View/download PDF
29. Cyber Security
- Author
-
Lu, Wei, Wen, Qiaoyan, Zhang, Yuqing, Lang, Bo, Wen, Weiping, Yan, Hanbing, Li, Chao, Ding, Li, Li, Ruiguang, and Zhou, Yu
- Subjects
Systems and Data Security ,Computer Communication Networks ,Information Systems Applications (incl. Internet) ,Computer System Implementation ,Cryptology ,Mobile and Network Security ,Data and Information Security ,Computer and Information Systems Applications ,communication channels (information theory) ,communication systems ,computer crime ,computer hardware ,computer networks ,computer security ,computer systems ,cryptography ,data communication systems ,data security ,databases ,network protocols ,network security ,sensors ,signal processing ,telecommunication networks ,telecommunication systems ,telecommunication traffic ,wireless telecommunication systems ,Network hardware ,Information retrieval ,Internet searching ,Systems analysis & design ,Coding theory & cryptology ,Data encryption ,bic Book Industry Communication::U Computing & information technology::UR Computer security ,bic Book Industry Communication::U Computing & information technology::UK Computer hardware::UKN Network hardware ,bic Book Industry Communication::U Computing & information technology::UN Databases::UNH Information retrieval ,bic Book Industry Communication::U Computing & information technology::UY Computer science::UYD Systems analysis & design ,bic Book Industry Communication::G Reference, information & interdisciplinary subjects::GP Research & information: general::GPJ Coding theory & cryptology ,bic Book Industry Communication::U Computing & information technology::UT Computer networking & communications::UTN Network security - Abstract
This open access book constitutes the refereed proceedings of the 16th International Annual Conference on Cyber Security, CNCERT 2020, held in Beijing, China, in August 2020. The 17 papers presented were carefully reviewed and selected from 58 submissions. The papers are organized according to the following topical sections: access control; cryptography; denial-of-service attacks; hardware security implementation; intrusion/anomaly detection and malware mitigation; social network security and privacy; systems security.
- Published
- 2020
- Full Text
- View/download PDF
30. Discovering Collaborative Cyber Attack Patterns Using Social Network Analysis.
- Author
-
Du, Haitao and Yang, Shanchieh Jay
- Abstract
This paper investigates collaborative cyber attacks based on social network analysis. An Attack Social Graph (ASG) is defined to represent cyber attacks on the Internet. Features are extracted from ASGs to analyze collaborative patterns. We use principle component analysis to reduce the feature space, and hierarchical clustering to group attack sources that exhibit similar behavior. Experiments with real world data illustrate that our framework can effectively reduce from large dataset to clusters of attack sources exhibiting critical collaborative patterns. [ABSTRACT FROM AUTHOR]
- Published
- 2011
- Full Text
- View/download PDF
31. A Low-Rate DoS Detection Based on Rate Anomalies.
- Author
-
Wu, Libing, Cheng, Jing, He, Yanxiang, Xu, Ao, and Wen, Peng
- Abstract
Low-rate Denial-of-Service attacks are stealthier and trickier than traditional DDoS attacks. According to the characteristic of periodicity and short burst in LDoS flows, a detection measure against LDoS attacks based on rate anomalies has been proposed. In the period when the router packet loss-rate is abnormal caused by the attack pulse, the rate of attack flow is large, while in other time the rate of attack flow is close to 0. In the view point of the periods that the packet loss is abnormal, we can find that the attack flow rate is far higher in these periods than the average rate, while the normal flow is lower to the average rate. In this paper, we proposed a measure that observes the flow rate in the periods that the packet loss rate is abnormal, computing the difference of the rate in these periods and the average rate. If it is beyond a certain threshold, treats the flow as a malicious flow and filters the flow with corresponding method. [ABSTRACT FROM AUTHOR]
- Published
- 2011
- Full Text
- View/download PDF
32. The Evaluation Model of Network Security Based on Fuzzy Rough Sets.
- Author
-
Qi, Yaolong and An, Haining
- Abstract
It is very important to know the security status of computer networks accurately. At present, most computer network security evaluation system doesn΄t analyze the datum thoroughly. Therefore it is difficult to acquire the security status of computer networks at the whole. An algorithm model with fuzzy rough set theory to mine the rules of computer network security evaluation is proposed. A fuzzy rough set knowledge system description of computer network security evaluation is studied. A fuzzy rough set attribute reduction method is given. The decision rules mining method presented in this paper is validated with a simplified network security evaluation data set. The experiment results show that decision rules acquired by the method are in accord with the fact. [ABSTRACT FROM AUTHOR]
- Published
- 2010
- Full Text
- View/download PDF
33. On the Design of SOHO Networks.
- Author
-
Mohammed, Lawan Ahmed
- Abstract
Small networks such as small office/ home office (SOHO) face the same threats as large enterprise networks. However, they also contend with the challenge of limited resources and budgets for IT expenditures. In such networks environment, the role of administering the system often falls on the business owner or on the default setup when the system was installed. In most cases, the owners do not usually have the time, resources or expertise to work on complex security problems. Similarly, most of the default setup use to have some loopholes which were not initially identified. This paper describes the primary security challenges facing SOHO networks today, and suggests simple easy to use security solutions to resolve these challenges. [ABSTRACT FROM AUTHOR]
- Published
- 2010
- Full Text
- View/download PDF
34. Anonymity Leakage Reduction in Network Latency.
- Author
-
Anyanwu, Longy O., Keengwe, Jared, and Arome, Gladys
- Abstract
Each Internet communication leaves trails here or there, that can be followed back to the user. Notably, anonymous communication schemes are purposed to hide users΄ identity as to personal, source and destination location and content information. Previous studies have shown that the average round trip times (RTT) leakage between network host location, X
1 and network destination location, Y1 , can be determined, [12]. Additionally, an attack from a web site with access to a network coordinate system can recover 6.8 bits/hr. of network location from one corrupt Tor router, [12]. Notably, no network capability is in existence to completely negate anonymity leakage in network latency, [12], thus, the minimization of anonymity leakage in network latency becomes critically salient. The purpose of this paper is to investigate network latency anonymity leaks, and propose practical techniques for their reduction. In this direction, we investigate the following technical question: what implementation techniques can be configured to truly reduce anonymity leaks using deployable systems. Here, an extension of the popular Tor security strategies and unique configuration of the popular network anonymity techniques (algorithms) for future implementation are presented. Categories and Subject Descriptors Network security. Network anonymity loss reduction. Secure networks and communication. Anonymous communications. [ABSTRACT FROM AUTHOR]- Published
- 2010
- Full Text
- View/download PDF
35. Wireless Network Security Vulnerabilities and Concerns.
- Author
-
Mushtaq, Ahmad
- Abstract
The dilemma of cyber communications insecurity has existed all the times since the beginning of the network communications. The problems and concerns of unauthorized access and hacking has existed form the time of introduction of world wide web communication and Internet΄s expansion for popular use in 1990s, and has remained till present time as one of the most important issues. The wireless network security is no exception. Serious and continuous efforts of investigation, research and development has been going on for the last several decades to achieve the goal of provision of 100 percent or full proof security for all the protocols of networking architectures including the wireless networking. Some very reliable and robust strategies have been developed and deployed which has made network communications more and more secure. However, the most desired goal of complete security has yet to see the light of the day. The latest Cyber War scenario, reported in the media of intrusion and hacking of each other΄s defense and secret agencies between the two super powers USA and China has further aggravated the situation. This sort of intrusion by hackers between other countries such as India and Pakistan, Israel and Middle East countries has also been going on and reported in the media frequently. The paper reviews and critically examines the strategies already in place, for wired network. Wireless Network Security and also suggests some directions and strategies for more robust aspects to be researched and deployed. [ABSTRACT FROM AUTHOR]
- Published
- 2010
- Full Text
- View/download PDF
36. State of the Art of Network Security Perspectives in Cloud Computing.
- Author
-
Oh, Tae Hwan, Lim, Shinyoung, Choi, Young B., Park, Kwang-Roh, Lee, Heejo, and Choi, Hyunsang
- Abstract
Cloud computing is now regarded as one of social phenomenon that satisfy customers΄ needs. It is possible that the customers΄ needs and the primary principle of economy – gain maximum benefits from minimum investment – reflects realization of cloud computing. We are living in the connected society with flood of information and without connected computers to the Internet, our activities and work of daily living will be impossible. Cloud computing is able to provide customers with custom-tailored features of application software and user΄s environment based on the customer΄s needs by adopting on-demand outsourcing of computing resources through the Internet. It also provides cloud computing users with high-end computing power and expensive application software package, and accordingly the users will access their data and the application software where they are located at the remote system. As the cloud computing system is connected to the Internet, network security issues of cloud computing are considered as mandatory prior to real world service. In this paper, survey and issues on the network security in cloud computing are discussed from the perspective of real world service environments. [ABSTRACT FROM AUTHOR]
- Published
- 2010
- Full Text
- View/download PDF
37. Fuzzy-Based Detection of Injected False Data in Wireless Sensor Networks.
- Author
-
Lee, Hae Young, Cho, Tae Ho, and Kim, Hyung-Jong
- Abstract
Wireless sensor networks are vulnerable to false data injection attacks in which an adversary injects fabricated reports into the network with the goal of deceiving the base station or of draining the energy resources. Several security solutions against the attacks have been proposed by researchers. Most of them, however, make nodes to involve additional computation and communication overhead in the report generation and forwarding processes, which may result in extra energy consumption. This paper presents a false data detection method that exploits a fuzzy rule-based system to verify the authenticity of sensing reports in sensor networks. Three parameters computed based on the collected reports in the base station are used for the verification. Compared to the existing crisp-based detection solutions, the method can reduce errors in the detection, thanks to approximate reasoning provided by fuzzy logic. Compared to the en-route filtering solutions, extra energy can be also conserved since it involves neither complex report generation nor en-route verification. [ABSTRACT FROM AUTHOR]
- Published
- 2010
- Full Text
- View/download PDF
38. In-depth Evaluation of Content-Based Phishing Detection to Clarify Its Strengths and Limitations.
- Author
-
Komiyama, Koichiro, Seko, Toshinori, Ichinose, Yusuke, Kato, Kei, Kawano, Kohei, and Yoshiura, Hiroshi
- Abstract
Zhang et al. proposed a method for content-based phishing detection (CBD) and reported its high performance in detecting phishing sites written in English. However, the evaluations of the CBD method performed by Zhang et al. and others were small-scale and simply measured the detection and error rates, i.e, they did not analyze the causes of the detection errors. Moreover, the effectiveness of the CBD method with non-English sites, such as Japanese and Chinese language sites, has never been tested. This paper reports our in-depth evaluation and analysis of the CBD method using 843 actual phishing sites (including 475 English and 368 Japanese sites), and explains both the strengths of the CBD method and its limitations. Our work provides a base for using the CBD method in the real world. [ABSTRACT FROM AUTHOR]
- Published
- 2010
- Full Text
- View/download PDF
39. Availability Analysis of an IMS-Based VoIP Network System.
- Author
-
Uemura, Toshikazu, Dohi, Tadashi, and Kaio, Naoto
- Abstract
In multimedia wireless networks, VoIP (voice over internet protocol) technology is commonly used to compress the voice information based on a various type of coding techniques, transform it to the packet data, and transmit with real time on IP network. Since the VoIP network is often faced by external threats, a number of security failures may occur at each level of end-user, server and service provider. In this paper we focus on an intrusion tolerant architecture combined an IMS (IP multimedia subsystem), which is a information management middleware developed by IBM Inc., with the VoIP network system. More specifically, we describe the stochastic behavior of the IMS-based VoIP network systems with/without intrusion tolerant mechanism by semi-Markov processes, and evaluate quantitatively their security effects and robustness in terms of both service availability and mean time to security failure. [ABSTRACT FROM AUTHOR]
- Published
- 2010
- Full Text
- View/download PDF
40. An Automated Worm Containment Scheme.
- Author
-
Song, Lipeng and Jin, Zhen
- Abstract
How to detect and alleviate intelligent worms with the characteristic of both slow scanning rate and high vulnerability density? Here, we present a scheme to solve the problem. Different from previous schemes, which set a limit on instantaneous scanning rate against each host, the scheme considered in this paper counts the number of unique IP addresses contacted by all hosts of a subnet over a period and sets a threshold to determine whether the subnet is suspicious. Specially, we consider the similarity of information required by users belonging to the same subnet. The result shows that our scheme is effective against slow scanning worms and worms with high vulnerability density. [ABSTRACT FROM AUTHOR]
- Published
- 2010
- Full Text
- View/download PDF
41. Secure Distribution of the Device Identity in Mobile Access Network.
- Author
-
Shemyak, Konstantin
- Abstract
The paper presents an innovative way of providing cryptographic authentication credentials to mobile network elements. The proposed approach offers a practical solution to the problem of initial trust establishment between the newly installed hosts in the field and the existing network. It allows for true zero-touch secure start-up of the network elements. [ABSTRACT FROM AUTHOR]
- Published
- 2010
- Full Text
- View/download PDF
42. A New Distributed Intrusion Detection Method Based on Immune Mobile Agent.
- Author
-
Li, Yongzhong, Jing, Chunwei, and Xu, Jing
- Abstract
Intrusion detection system based on mobile agent has overcome the speed-bottleneck problem and reduced network load. Because of the low detection speed and high false positive rate of traditional intrusion detection systems, we have proposed an immune agent by combining immune system with mobile agent. In the distributed intrusion detection systems, the data is collected mostly using distributed component to collect data sent for processing center. Data is often analyzed in the processing center. However, this model has the following problems: bad real time capability, bottleneck, and single point of failure. In order to overcome these shortcomings, a new distributed intrusion detection method based on mobile agent is proposed in this paper by using the intelligent and mobile characteristics of the agent. Analysis shows that the network load can be reduced and the real time capability of the system can be improved with the new method. The system is also robust and fault-tolerant. Since mobile agent only can improve the structure of system, dynamic colonial selection algorithm is adopted for reducing false positive rate. The simulation results on KDD99 data set have shown that the new method can achieve low false positive rate and high detection rate. [ABSTRACT FROM AUTHOR]
- Published
- 2010
- Full Text
- View/download PDF
43. Safe and Efficient Strategies for Updating Firewall Policies.
- Author
-
Ahmed, Zeeshan, Imine, Abdessamad, and Rusinowitch, Michaël
- Abstract
Due to the large size and complex structure of modern networks, firewall policies can contain several thousand rules. The size and complexity of these policies require automated tools providing a user-friendly environment to specify, configure and safely deploy a target policy. When activated in online mode, a firewall policy deployment is a very difficult and error-prone task. Indeed, it may result in self-Denial of Service (self-DoS) and/or temporary security breaches. In this paper, we provide correct, efficient and safe algorithms for two important classes of policy editing. Our experimental results show that these algorithms are fast and can be used safely even for deploying large policies. [ABSTRACT FROM AUTHOR]
- Published
- 2010
- Full Text
- View/download PDF
44. A Hybrid Parallel Signature Matching Model for Network Security Applications Using SIMD GPU.
- Author
-
Wu, Chengkun, Yin, Jianping, Cai, Zhiping, Zhu, En, and Chen, Jieren
- Abstract
High performance signature matching against a large dictionary is of great importance in network security applications. The many-core SIMD GPU is a competitive choice for signature matching. In this paper, a hybrid parallel signature matching model (HPSMM) using SIMD GPU is proposed, which uses pattern set partition and input text partition together. Then the problem of load balancing for multiprocessors in the GPU is discussed carefully, and a balanced pattern set partition method (BPSPM) employed in HPSMM is introduced. Experiments demonstrate that using pattern set partition and input text partition together can help achieve a better performance, and the proposed BPSPM-Length works well in load balancing. [ABSTRACT FROM AUTHOR]
- Published
- 2009
- Full Text
- View/download PDF
45. Hardening Botnet by a Rational Botmaster.
- Author
-
Zhang, Zonghua, Ando, Ruo, and Kadobayashi, Youki
- Abstract
Botnet has gained the most prevalence in today΄s cyber-attacks, resulting in significant threats to our network assets and organization΄s property. A botnet is composed of a group of bots and controlled by a botmaster, serving as a powerful tool to enforce various attacks, e.g., launching massive attacks like spamming and DDoS, stealing sensitive information. While a bunch of anti-bot techniques have been proposed, the evolution trend of botnets show that sophisticated botmasters can always manage to evade the botnet countermeasures. From the standpoint of potential attackers, and by examining the vulnerabilities of the existing botnets, this paper aims at exploring the means for hardening botnets, especially the obfuscation of communication channels between bot and botmaster. In particular, a stronger botnet variant named bot-enclave, is proposed to illustrate how the robustness of C&C (command-and-control) servers can be enhanced, and how the botnet communications can be protected from being tracked and intercepted. More practically, by identifying the trade off between botnet utility metrics, we show that the sophistication level of bot-enclave can be tuned up by a rational botmaster in order to construct more economical, feasible and effective botnet variants. The findings may significantly help us to gain insight into the characteristics of next-generation botnets, to be aware of the evolution trend before their actual occurrence, and ultimately to suggest the development of proactive anti-botnet techniques. [ABSTRACT FROM AUTHOR]
- Published
- 2009
- Full Text
- View/download PDF
46. Formal Verification of Security Policy Implementations in Enterprise Networks.
- Author
-
Bera, P., Ghosh, S. K., and Dasgupta, Pallab
- Abstract
In enterprise networks, the management of security policies and their configurations becoming increasingly difficult due to complex security constraints of the organizations. In such networks, the overall organizational security policy (global policy) is defined as a collection of rules for providing service accesses between various network zones. Often, the specification of the global policy is incomplete; where all possible service access paths may not be covered explicitly by the ˵permit″ and ˵deny″ rules. This policy is implemented in a distributed manner through appropriate sets of access control rules (ACL rules) in the network interfaces. However, the implementation must be complete i.e., all service access paths across the network must be implemented as ˵permit″ and ˵deny″ ACL rules. In that case, the unspecified access paths in a given policy must be implemented as either ˵permit″ or ˵deny″ rules; hence there may exist multiple ACL implementations corresponding to that policy. Formally verifying that the ACL rules distributed across the network interfaces guarantees proper enforcement of the global security policy is an important requirement and a major technical challenge. The complexity of the problem is compounded by the fact that some combination of network services may lead to inconsistent hidden access paths in the network. The ACL implementations ignoring these hidden access paths may result in violation of one or more policy rules implicitly. This paper presents a formal verification framework for analyzing security policy implementations in enterprise networks. It stems from boolean modeling of the network topology, network services and security policy where the unspecified access paths are modeled as ˵don΄t-care″ rules. The framework formally models the hidden access rules and incorporates them in the distributed ACL implementations for extracting a security implementation model, and finally formulates a QSAT (satisfiability of quantified boolean formulae) based decision problem to verify whether the ACL implementation conforms to the global policy both in presence and absence of the hidden access paths. [ABSTRACT FROM AUTHOR]
- Published
- 2009
- Full Text
- View/download PDF
47. A Lightweight Buffer Overflow Protection Mechanism with Failure-Oblivious Capability.
- Author
-
Lee, Tz-Rung, Chiu, Kwo-Cheng, and Chang, Da-Wei
- Abstract
Buffer overflow has become a major source of network security vulnerability. Traditional schemes for detecting buffer overflow attacks usually terminate the attacked service, degrading the service availability. In this paper, we propose a lightweight buffer overflow protection mechanism that allows continued network service. The proposed mechanism allows a service program to reconfigure itself to identify and protect the vulnerable functions upon buffer overflow attacks. Protecting only the vulnerable functions, instead of the whole program, keeps the runtime overhead small. Moreover, the mechanism adopts the idea of failure-oblivious computing to allow service programs to execute through memory errors caused by the attacks once the vulnerable functions have been identified, eliminating the need of restarting the service program upon further attacks to the vulnerable functions. We have applied the mechanism on five Internet servers. The experiment results show that the mechanism has little impact on the runtime performance. [ABSTRACT FROM AUTHOR]
- Published
- 2009
- Full Text
- View/download PDF
48. Network Attack Detection Based on Peer-to-Peer Clustering of SNMP Data.
- Author
-
Cerroni, Walter, Monti, Gabriele, Moro, Gianluca, and Ramilli, Marco
- Abstract
Network intrusion detection is a key security issue that can be tackled by means of different approaches. This paper describes a novel methodology for network attack detection based on the use of data mining techniques to process traffic information collected by a monitoring station from a set of hosts using the Simple Network Management Protocol (SNMP). The proposed approach, adopting unsupervised clustering techniques, allows to effectively distinguish normal traffic behavior from malicious network activity and to determine with very good accuracy what kind of attack is being perpetrated. Several monitoring stations are then interconnected according to any peer-to-peer network in order to share the knowledge base acquired with the proposed methodology, thus increasing the detection capabilities. An experimental test-bed has been implemented, which reproduces the case of a real web server under several attack techniques. Results of the experiments show the effectiveness of the proposed solution, with no detection failures of true attacks and very low false-positive rates (i.e. false alarms). [ABSTRACT FROM AUTHOR]
- Published
- 2009
- Full Text
- View/download PDF
49. A Scalable, Vulnerability Modeling and Correlating Method for Network Security.
- Author
-
Liu, Xuejiao, Xiao, Debao, Ma, Nian, and Yu, Jie
- Abstract
Nowadays attacks are becoming increasingly frequent and sophisticated, and they are also becoming increasingly interconnected. Recent works in network security have demostrated the fact that combinations of vulnerability exploits are the typical means by which an attacker can break into a network. It is therefore in great need of performing vulnerability analysis to do security analysis first and take the initiative to find hidden safety problems, then plan effective security measures. In this paper, we propose an analysis model, which derives vulnerability analysis functionality from the interaction of three distinct processes: scanning, modeling and correlating. Scanning is served as a significant issue for identifying vulnerabilities. Modeling provides a concise representation for expressing fact base such as host configuration, vulnerability information, and network topology. Moreover, correlating is used to provide a perspective into correlating isolated vulnerabilities in order to construct layered attack graph. Transition rule is presented in scalable design, which enables highly efficient methods of vulnerability correlation algorithm. Finally, a real case study has been described to demonstrate the capability of our model. [ABSTRACT FROM AUTHOR]
- Published
- 2009
- Full Text
- View/download PDF
50. Honeybee-Based Model to Detect Intrusion.
- Author
-
Ali, Ghassan Ahmed, Jantan, Aman, and Ali, Abdulghani
- Abstract
This paper proposes a novel approach based on the honeybee model to improve the intrusion detection system. The power of defending the intruder from entering the hive, the effectiveness of exchanging information between the bees and the successfulness of other existing AI approaches that honey bee can be efficiently compared to, have lead us towards analyzing a new area in honeybee concerning security. Most existing systems only detect general and known attacks. Therefore a lot of malicious attacks intrude without any detection. We demonstrate the methods that use HoneybeeGuard in filtration and classification; ˵undesirable–absent″ and ˵desirable–present″, to identify a malicious packet, and detect the known and unknown intruders. [ABSTRACT FROM AUTHOR]
- Published
- 2009
- Full Text
- View/download PDF
Discovery Service for Jio Institute Digital Library
For full access to our library's resources, please sign in.