The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Alerts correlation techniques have been widely used to provide intelligent and stateful detection methodologies. This is to understand attack steps and predict the expected sequence of events. However, most of the proposed systems are based on rule - based mechanisms which are tedious and error prone. Other methods are based on statistical modeling, these are unable to identify causal relationships...
Log event correlation is an effective means of detecting system faults and security breaches encountered in information technology environments. Centralized, database-driven log event correlation is common, but suffers from flaws such as high network bandwidth utilization, significant requirements for system resources, and difficulty in detecting certain suspicious behaviors. Distributed event correlation...
In today's automated world, it is always a great challenge to secure individuals personal information. Palmprint has come out to be one of the most secure and effective biometric methods to automatically identify a person's identity. It contains so many features like geometry features, principal line features, wrinkles, ridges, delta point features, texture features and points. Here, Phase Congruency...
Intrusion detection system (IDS) is a security layer that is used to discover ongoing intrusive attacks and anomaly activities in information systems and is usually working in a dynamically changing environment. Although increasing IDSs are developed in the literature, network security administrators are faced with the task of analyzing enormous alerts produced from the analysis of different event...
Intrusion Detection Systems (IDS) have been used widely to detect malicious behavior in network communication and hosts. IDS management is an important capability for distributed IDS solutions, which makes it possible to integrate and handle different types of sensors or collect and synthesize alerts generated from multiple hosts located in the distributed environment. Sophisticated attacks are difficult...
Network Intrusion Detection Systems (NIDS) are considered as essential mechanisms to ensure reliable security. Intrusive model is used in signature-based NIDS by defining attack patterns and applying signature-matching on incoming traffic packets. Thousands of signatures and rules are created to specify different attacks and variations of a single attack. As a result, enormous data with less efficiency...
Firewalls are essential components in network security solutions. In order to implement correct security policy, the anomalies in firewall rules should be analyzed carefully, especially in enterprise network. In this paper, we present a new formal framework for analysis and resolution of anomalies in firewall rules. First of all, a formal model based on propositional logic is presented to specify...
Content fingerprints are widely employed for identifying multimedia in various applications. A ??fingerprint?? of a video or audio is a short signature that captures unique characteristics of the signal and can be used to perform robust identification. Several fingerprinting techniques have been proposed in the literature and are often evaluated using benchmark databases. To complement these experimental...
Anomaly-based techniques were exploited successfully to implement protection mechanisms for various systems. Recently, these approaches have been ported to the web domain under the name of "web application anomaly detectors" (or firewalls) with promising results. In particular, those capable of automatically building specifications, or models, of the protected application by observing its...
Database auditing can help strengthen the security of database. In this paper, we present a framework of database auditing, which log the database activities through analyzing network traffic, execute audit analysis through event correlation and generate alarms if an anomaly or a violation of security regulations is detected. Compared with native auditing mechanism in database, our approach has an...
The goal of cyber security visualization is to help analysts increase the safety and soundness of our digital infrastructures by providing effective tools and workspaces. Visualization researchers must make visual tools more usable and compelling than the text-based tools that currently dominate cyber analysts' tool chests. A cyber analytics work environment should enable multiple, simultaneous investigations...
In order to provide a transaction environment of more security for e-commerce system, a novel intrusion detection system (IDS) based on the system call sequences is proposed in this paper. Firstly, this system improves the basic short sequence matching model combined with consistency principle of process initialization to emphasize on detecting system call sequences when process is initializing. Secondly,...
With the growing deployment of host and network intrusion detection systems, managing alerts from these systems becomes critically important. A promising approach is to develop a cooperation module between several IDS to achieve alerts correlation and generate more global and synthetic alerts. Some approaches (e.g. TIAA) have developed an available solution to correlate intrusion alerts using prerequisites...
Researchers have been using intrusion scenarios tore present complicated attack procedures at a high abstract level, while, to our best knowledge, none is able to produce the scenarios online. An automatic intrusion scenario construction method is proposed in the paper. According to the source and destination IP pair, and priority of the raw alerts, the method firstly clusters them into different...
We propose an adaptive cyber security monitoring system that integrates a number of component techniques to collect time-series situation information, perform intrusion detection, keep track of event evolution, and characterize and identify security events so corresponding defense actions can be taken in a timely and effective manner. Particularly, we employ a decision fusion algorithm with analytically...
Intrusion detection systems (IDS) often provide a large number and poor quality alerts, which are insufficient to support rapid identification of ongoing attacks or predict an intruderpsilas next likely goal. Several alert correlation techniques have been proposed to facilitate the analysis of intrusion alerts. However, many works directly upon the alerts, they do not distinguish between alerts and...
IDS may result in many intrusion alerts. A general approach for solving this problem is to do some correlation analysis with these alerts and build attack scenario. Author presents a method for alert correlation through results tracing back to reasons. According to hacker attacks linked to a certain sequence characteristics, we correlate the alerts through results tracing back to reasons and gain...
Intrusion detection forms an indispensable component of cyber security. To keep pace with the growing trends of blackhat community, there is an urgent need to replace single layer detection technology with multi layer detection. Our practical experiences depicted the retrieval of attack evidences from system traces. This paper signifies the integration of host-based intrusion detection system (HIDS)...
The network intrusion detection (NIDS) is faced with the question to detect many kinds of intrusion. In order to detect the complex attack, network intrusion detection system need to analysis massive data captured form different network safety equipments. So a new multi relational mining algorithm MRA2 is proposed. MRA2 depend on the association rules mining technology and the probability function...
Recommender systems use various types of information to help customers find products of personalized interest. To increase the usefulness of recommender systems in certain circumstances, it could be desirable to merge recommender system databases between companies, thus expanding the data pool. This can lead to privacy disclosure hazards that this paper addresses by constructing an efficient privacy-preserving...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.