The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The exchange of security alerts is a current trend in network security and incident response. Alerts from network intrusion detection systems are shared among organizations so that it is possible to see the “big picture” of current security situation. However, the quality and redundancy of the input data seem to be underrated. We present four use cases of aggregation of the alerts from network intrusion...
Traditional multi-step attack correlation approaches based on intrusion alerts face the challenge of recognizing attack scenarios because these approaches require complex pre-defined association rules as well as a high dependency on expert knowledge. Meanwhile, they barely consider the privacy issues. Under such circumstance, a novel algorithm is proposed to construct multi-step attack scenarios based...
With the tremendous growth of usage of internet and development in web applications running on various platforms are becoming the major targets of attack. New threats are create everyday by individuals and organizations that attack network systems. Intrusion is a malicious, externally induced operational fault. Intrusion is used as a key to compromise the integrity, availability and confidentiality...
This paper presents an alert correlation system for mitigating the false positives problem on network-based intrusion detection, when anomalous detection techniques are applied. The system allows the quantitative assessment of the likelihood that an alert issued because an anomaly becomes a real threat. To do this the differences between the characteristics of the model representing the habitual and...
Certification of cloud services aims at increasing the trust of customers towards cloud services and providing comparability between cloud services. Applying the concept of certification to cloud services requires systems which continuously detect ongoing changes of the service and assess their impact on customer requirements. In this paper, we propose eight language classes for cloud service certification...
Coordinated Attacks are large scale attacks that have been intruding various networks and harming several hosts at the same time. These attacks are posing malicious activities being performed at the host site and result in compromising several hosts. In order to capture the evidence of such type of attacks, a cooperative approach i.e. Collaborative Intrusion Detection System is been considered. The...
Advanced Persistent Threat (APT) poses a serious threat to cyber security, and its unique high unpredictability, deep concealment and grave harmfulness make the traditional network monitoring technology facing unprecedented challenges in the background of massive and complicated network traffic. This paper aimed for the urgent demand of APT network monitoring. Relying on the rapid development of big...
Due to a growing number of Host's intrusions and since the Internet have become so ubiquitous, implementing various systems that monitor system security breaches is inevitable. In this way, Host Intrusion Detection Systems (abbreviated as HIDS) have recently gained a noticeable amount of interest. These defensive systems detect malicious activities on host-based applications. This paper reviews types...
Alert correlation analyzes the alerts from one or more Collaborative Intrusion Detection Systems (CIDSs) to produce a concise overview of security-related activity on the network. The correlation process consists of multiple components, each responsible for a different aspect of the overall correlation goal. The sequential order of the correlation components affects the correlation process performance...
In this paper, we propose an Anomaly Detection (AD) approach for medical Wireless Sensor Networks (WSNs). This approach is able to detect abnormal changes and to cope with unreliable or maliciously injected measurements in the network, without prior knowledge of anomalous events or normal data pattern. The main objective is to reduce the false alarms triggered by abnormal measurements. In our proposed...
Software-defined networking provides abstractions and a flexible architecture for the easy configuration of network devices, based on the decoupling of the data and control planes. This separation has the potential to considerably simplify the implementation of resilience functionality (e.g., traffic classification, anomaly detection, traffic shaping) in future networks. Although software-defined...
Wireless Sensor Networks run critical applications and need to be protected against malicious attacks and faults. In this paper we propose Adaptive Trust Management Protocol, a protocol that adjusts trust and reputation based on node behavior. The protocol includes three phases: the Learning phase, in which experience is computed based on these alerts received from TinyAFD, the Exchanging phase, in...
The availability of network communications may be affected or even disrupted by malicious actions or by unexpected usage conditions. The good health of systems connected to the network (or lack thereof) may also reflect on network usage patterns. In order to maintain proper functionality for a significantly large network domain, automated or semi-automated methods of anomaly detection are required...
The goal of co st-sensitive response system is to ensure that response cost does not outweigh the intrusion cost. In order to ensure this, some cost-sensitive response models have been developed. Some of these models do not consider the effectiveness of previous actions and lack standard approach for estimating associated cost. In this work, we present a model for assessing cost of responses based...
Power Fingerprinting (PFP) provides an innovative, powerful integrity assessment tool that is particularly well suited for critical embedded systems, including resource-constrained and legacy platforms such as those still being used by energy providers. One of the main applications of PFP is cyber security monitoring of critical systems and the detection of malicious intrusions, tampering, and attacks...
The growing demand for processing and storage capabilities has led to the deployment of high-performance computing infrastructures. Users log into the computing infrastructure remotely, by providing their credentials (e.g., username and password), through the public network and using well-established authentication protocols, e.g., SSH. However, user credentials can be stolen and an attacker (using...
Generally, rule-based systems work to make sense of a large volume of alerts generated by the intrusion detection systems (IDSs) every minute. Hence, it is very significant to verify that these systems are error-free and that the rules are suitable for the current network. This topic is addressed by Rule Adjustment, which automatically adjusts the rules based on the current network environment. The...
Anomaly detection is very important for modern network service. Yet it is still a big challenge to conduct effective anomaly detection due to the high rate of service data and the complex correlations among them. Owing to the powerful query language and performance potential, complex event processing (CEP) is very suitable for this situation. In this paper, we present NEPnet, a high-performance and...
Intrusion Detection Systems (IDS) are necessary for the system monitoring. However they produce a huge quantity of alerts. Alert correlation is a process applied to the IDS alerts in order to reduce their number. In this paper we propose a new approach for alert correlation which enables the integration of new information to the alert correlation process: Security operator's knowledge and preferences...
Digital control systems are essential to the safe and efficient operation of a variety of industrial processes in sectors such as electric power, oil and gas, water treatment, and manufacturing. Modern control systems are increasingly connected to other control systems as well as to corporate systems. They are also increasingly adopting networking technology and system and application software from...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.