The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Today's fast developing modern information technology not only has a great impact on the social and economic activities but also more importantly has caused the innovation of modern auditing technology. In order to keep pace with the development of modern audit, the author adopted the method of computer data mining to analyze large quantities of data collected from the audited corporate, and work...
This paper proposes a methodology and a tool to evaluate the security risk presented when using software components or systems. The risk is estimated based on known vulnerabilities existing on the software components. An automated tool is used to extract and aggregate information on vulnerabilities reported by users and available on public databases (e.g., OSVDB and NVD). This tool generates comprehensive...
The following topics are dealt with: computational linguistics; data mining; data warehousing; bioinformatics; distributed computing; information security; ad hoc networks; information management; wireless sensor networks; and digital image processing.
Content and its associated information industry are going to become emerging market and content security has attracted more attention of researchers and enterprises. In order to solve these issues, starting with the information definition of Shannon, the paper defines and describes the content security architecture, which proposes a new layering model of information transmission and layering model...
When mining security vulnerabilities in software, a structural intermediate representation of binary code should be obtained first. In this paper, we propose PANDA, a vulnerability-mining-oriented intermediate language and a series of algorithms for assembler understanding based on flow analysis. We implement a lightweight prototype system named BEST for assembler structural representation. The system...
Intrusion Detection Systems (IDS) have been used widely to detect malicious behavior in network communication and hosts. IDS management is an important capability for distributed IDS solutions, which makes it possible to integrate and handle different types of sensors or collect and synthesize alerts generated from multiple hosts located in the distributed environment. Sophisticated attacks are difficult...
A web service security analysis model based on program slicing is proposed, which can be used to find existence of critical information disclosure vulnerabilities and proliferation of such vulnerabilities in a web service net, and eventually improve protection of critical information. Web service protocol is analyzed to obtain external service interfaces; source code is sliced to obtain interface...
Current research on historical project data is rarely touching on the subject of security related information. Learning how security is treated in projects and which parts of a software are historically security relevant or prone to security changes can enhance the security strategy of a software project. We present a mining methodology for security related changes by modifying an existing method...
This research determines the feasibility of using an Exsys Corvid based expert system to detect and respond to network threats and appropriately administrate a Linux-based iptables firewall in real-time. In our implementation, we attempt to replace the human domain expert required for creating the expert system knowledge base with intrusion detection rules created by data-mining on network traffic...
Knowledge-based Fuzzing technology successfully applies in software vulnerability mining, however, current Fuzzing technology mainly focuses on fuzzing target software based on single data sample and thus the vulnerability mining results are not stable, false negatives of vulnerability are high and the selection of data sample depends on people's analysis. To solve these problems, this paper proposes...
Determining dependencies between different components of an application is useful in lots of applications (e.g., architecture reconstruction, reverse engineering, regression test case selection, change impact analysis). However, implementing automated methods to recover dependencies has many challenges, particularly in systems using databases, where dependencies may arise via database access. Furthermore,...
In order to solve the problem of taxonomies overlap in software vulnerability, a method of vulnerability classifying based on text clustering in NVD (National Vulnerability Database) is proposed, and Cluster Overlap Index is used to evaluate Simplekmean, BisectingKMeans and BatchSom clustering algorithms. 45 main vulnerability clusters are selected from approximate 40,000 vulnerability records according...
Organizations face a growing threat of insider attacks. This paper presents a model for detecting insider malicious activities targeted at tampering the contents of files for various purposes. It employs two-dimensional traceability link rule mining to identify intrinsic file dependencies. Traceability links are traditionally used by software practitioners and researchers to uncover the relationships...
Although many aids such as architectural styles and patterns are now available for software architects, making optimal design decisions on appropriate architectural structures still requires significant creativity. In an effort to introduce a more direct link between an architectural decision and its consequences, a finer grained architectural concept called a tactic has emerged. Since its introduction,...
Digital information has become a social infrastructure and with the expansion of the Internet, network infrastructure has become an indispensable part of social life and industrial activity for mankind. In recent years, the demand for online banking has increased and the number of people who rely on online transactions has tremendously increased. Thus, necessity for a reliable security for online...
Trust problems exist in open distributed service oriented computing environments. A lot of research work has been done on the theories and applications of trust and reputation management in service oriented environment. However, the design expertise on trust is not well documented yet. In this paper we propose to use trust patterns for documenting solutions for trust problems. The main benefit of...
The recent years have seen a flurry of research inspired by social and biological models to achieve the software autonomy. This has been prompted by the need to automate laborious administration tasks, recovery from unanticipated systems failure, and provide self-protection from security vulnerabilities, whilst guaranteeing predictable autonomic software behavior. However, runtime assured adaptation...
Trusted computing is an important research field in information security and trust evaluation for trust model is the key issue to be resolved. It is great significance for ensuring security of trust model for trusted computing to analyze normally and verify in design process of application model for trusted computing and analyze its trust in theory. In this paper the problems of security and trust...
Recently, the research on the detection and defense of malicious attacks are becoming the main subject of information security. Various tools and technologies of detecting and defense malicious attacks are proposed in an endless stream, tools detecting vulnerabilities as well. However, there is a lack of method to test and evaluate the correctness and validity of these technologies and tools. In this...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.