The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Log event correlation is an effective means of detecting system faults and security breaches encountered in information technology environments. Centralized, database-driven log event correlation is common, but suffers from flaws such as high network bandwidth utilization, significant requirements for system resources, and difficulty in detecting certain suspicious behaviors. Distributed event correlation...
Detecting and identifying security events to provide cyber situation awareness has become an increasingly important task within the network research and development community. We propose a graph similarity-based approach to event detection and identification that integrates a number of techniques to collect time-varying situation information, extract correlations between event attributes, and characterize...
Intrusion Detection Systems (IDS) are necessary for the system monitoring. However they produce a huge quantity of alerts. Alert correlation is a process applied to the IDS alerts in order to reduce their number. In this paper we propose a new approach for alert correlation which enables the integration of new information to the alert correlation process: Security operator's knowledge and preferences...
Digital control systems are essential to the safe and efficient operation of a variety of industrial processes in sectors such as electric power, oil and gas, water treatment, and manufacturing. Modern control systems are increasingly connected to other control systems as well as to corporate systems. They are also increasingly adopting networking technology and system and application software from...
Performance management and dependability are two of the fundamental issues in business-critical applications. The ability to detect the occurrence of performance failures and anomalies has raised the attention of researchers in the last years. It is in fact a difficult problem, since a visible change in the performance can result from some natural cause (e.g., workload variations, upgrades) or by...
Large-scale IP networks present special challenges to security. Such networks consist of a large number of devices with a vast variety of traffic behavior. Finding a suitable line-up for the intrusion detection and monitoring mechanism is challenging. In this paper, we study the Snort and Bro-IDS systems. We have built a test platform, where we put those two detection systems side by side and compare...
Database auditing can help strengthen the security of database. In this paper, we present a framework of database auditing, which log the database activities through analyzing network traffic, execute audit analysis through event correlation and generate alarms if an anomaly or a violation of security regulations is detected. Compared with native auditing mechanism in database, our approach has an...
Current best practices for identifying malicious activity in a network are to deploy network intrusion detection systems. Anomaly detection approaches hold out more promise, as they can detect new types of intrusions because these new intrusions, by assumption, will deviate from ldquonormalrdquo behavior. But these methods generally suffer from several major drawbacks: computing the anomaly model...
Once the computer system is intruded, the change from normal to abnormal is a gradual procedure. Setting up a calculating model based on danger theory for danger signal during the procedure will improve the accuracy and efficiency of artificial immune system (AIS) greatly. In this paper, the method of classified danger sensed (MCDS) for windows process intrusion detection based on danger theory is...
Web applications are vulnerable to a variety of new security threats. SQL injection attacks (SQLIAs) are one of the most significant of such threats. Researchers have proposed a wide variety of anomaly detection techniques to address SQLIAs, but all existing solutions have limitations in terms of effectiveness and practicality. %In particular, We claim that the main cause of such limitations is reliance...
Analyzed here is a fault localization approach based on directed graph in view point of business software. The fault propagation model solved the problem of obtaining the dependency relationship of faults and symptoms semi-automatically. The main idea includes: get the deployment graph of managed business from the topography of network and software environment; generate the adjacency matrix of the...
Most network intruders launch their attacks through stepping-stones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an incoming connection with outgoing connections to determine if a computer is used as a stepping-stone. In this paper, we present a way by using signal processing technology-correlation coefficient, such...
The timely and reliable data transfer required by many networked applications necessitates the development of comprehensive security solutions to monitor and protect against an increasing number of malicious attacks. However, providing complete cyber space situation awareness is extremely challenging because of the lack of effective translation mechanisms from low-level situation information to high-level...
Application features such as port numbers are used by network-based intrusion detection systems (NIDSs) to detect attacks coming from networks. System calls and the operating system related information are used by host-based intrusion detection systems (HIDSs) to detect intrusions towards a host. However, the relationship between hardware architecture events and denial-of-service (DoS) attacks has...
Computer systems and networks are subject to electronic attacks with increasing number and severity. Intrusion detection is an important technology in the contemporary world as well as an active area of research. The present paper introduces an adaptive approach of data mining techniques and string metrics in anomaly based intrusion detection systems. The conducted simulation experiments and represented...
We describe in this paper a six step methodology can help to gain security assurance of communication services in a continuous way. The preparatory steps model the service and select relevant metrics to measure the basic assurance on infrastructure objects. During the operational steps, measures are gathered, aggregated along the model, evaluated and displayed in real-time. A five-level assurance...
Most network intruders launch their attacks through stepping-stones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an incoming connection with an outgoing connection to determine if a computer is used as stepping-stone. In this paper, we present four models to describe stepping-stone intrusion. We also propose the idea...
The objective of this paper is to describe a new distributed intrusion detection system (IDS) based on CVSS framework. This new platform uses a wide set of classical IDS and detection entities. This distributed IDS aims to improve the discovery of anomalies by reducing the rate of false positives and false negatives. Entities correlate the different alerts emitted by local probes. The severity of...
The quality and the timeliness of the detection of massive attacks significantly limit their great danger. In this paper, we describe an existing solution based on a centralized treatment of threat reports generated by probes deployed at the edges of a national Cyber-space. We also propose a more reliable architecture based on a consensus algorithm that solves the interactive consistency problem under...
This paper investigates and simulates a coloured stochastic Petri nets model for depth evaluation intrusion detection. Network attack behaviors are very complexity sometimes, it is difficult to capture all of them. In this paper, we could realize what them happened with analyzing and simulating an intrusion. The experimental results demonstrated that the CSPN model approach was an efficient and helpful...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.