The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Detecting and identifying security events to provide cyber situation awareness has become an increasingly important task within the network research and development community. We propose a graph similarity-based approach to event detection and identification that integrates a number of techniques to collect time-varying situation information, extract correlations between event attributes, and characterize...
Performance problems, which can stem from different system components, such as network, memory, and storage devices, are difficult to diagnose and isolate in a cluster file system. In this paper, we present an online performance anomaly detector which is able to efficiently detect performance anomaly and accurately identify the faulty sources in a system node of a cluster file system. Our method exploits...
Kernels defined on vectors have been widely used in host-based intrusion detection. We propose a protocol anomaly detection model based on string kernels including high-order Markov kernel, all-length gap-weighted kernel, all-length-weighted kernel and its variation all-length-weighted once kernel. Experimental results show that these string kernels can hold state information of protocols well. Models...
Government computer systems and networks are under increasing attack from foreign governments, organized crime, and other malicious attackers. Security best practice checklists are commonly used to ensure the protection of government computer systems. However, experimental validation of the recommended security measures is lacking. Additionally, administrators have no way to compare the effectiveness...
Alerts swamping and intrusion redundancy are two critical problems of intrusion detection technology that often worsen the problems of classification, data reduction, false positives, intrusion correlation and reporting. Consequently, the validity and continuous usage of intrusion detectors are constantly threatened because the system administrators are always helpless while trying to thwart attacks...
Intrusion detection can no longer satisfy security needs of an organization solely. Recently, the attention of security community turned to automatic intrusion response and prevention, as the techniques, to protect network resources as well as to reduce the attack damages. Knowing attack scenarios enables the system administrator to respond to the threats swiftly by either blocking the attacks or...
The goal of cyber security visualization is to help analysts increase the safety and soundness of our digital infrastructures by providing effective tools and workspaces. Visualization researchers must make visual tools more usable and compelling than the text-based tools that currently dominate cyber analysts' tool chests. A cyber analytics work environment should enable multiple, simultaneous investigations...
Based on TCP protocol, this paper aims at TCP flows, discusses the effects of multivariate correlation analysis on network traffic, obtains the quantitative relationship between different types of TCP packets in each time unit by correlation coefficient matrix, and finally proposes an anomaly detection and analysis method based on the correlation coefficient matrix. The experimental results show that...
Most network intruders launch their attacks through stepping-stones to reduce the risks of being discovered. To uncover such intrusions, one prevalent, challenging, and critical way is to compare an incoming connection with outgoing connections to determine if a computer is used as a stepping-stone. In this paper, we present a way by using signal processing technology-correlation coefficient, such...
This article attempts to empirically analyze which vulnerabilities attackers tend to target in order to prioritize vulnerability remediation. This analysis focuses on the link between malicious connections and vulnerabilities, where each connection is considered malicious. Attacks requiring multiple connections are counted as multiple attacks. As the number of connections increases, so does the cost...
This article proposes the use of a collaborative multi-agent approach to develop a toolkit to assist the experts during the forensic examination process: MADIK - a Multi-Agent Digital Investigation ToolKit. The use of a multi-agent approach has been proved adequate, specially regarding the cooperative action of the autonomous specialized agents: HashSetAgent, FilePathAgent, TimelineAgent, FileSignatureAgent...
Intrusion detection forms an indispensable component of cyber security. To keep pace with the growing trends of blackhat community, there is an urgent need to replace single layer detection technology with multi layer detection. Our practical experiences depicted the retrieval of attack evidences from system traces. This paper signifies the integration of host-based intrusion detection system (HIDS)...
Most plagiarism detection systems evaluate the similarity of source codes and detect plagiarized program pairs. If we use the source codes in plagiarism detection, the source code security can be a significant problem. Plagiarism detection based on target code can be used for protecting the security of source codes. In this paper, we propose anew plagiarism detection technique for Java programs using...
There has not been an organized way to efficiently correlate anomaly behaviors in critical infrastructures as information about malicious activities are not gathered from geographically dispersed cyber systems. This paper establishes a systematic approach to identify properties that can be extracted to detect malicious activities in the cyber-based control systems. The malicious detection can be implemented...
Intrusion detection can be defined as the process of identifying malicious behavior that targets a network and its resources. An important problem in the field of intrusion detection is the management of alerts. This paper describes a realtime aggregation and correlation system named Alertclu. With the aid of similarity-based alert clustering analysing technology, Alertclu can improve the aggregation...
This paper investigates and simulates a coloured stochastic Petri nets model for depth evaluation intrusion detection. Network attack behaviors are very complexity sometimes, it is difficult to capture all of them. In this paper, we could realize what them happened with analyzing and simulating an intrusion. The experimental results demonstrated that the CSPN model approach was an efficient and helpful...
Distributed intrusion detection and prevention play an increasingly important role in securing computer networks. In a distributed intrusion detection system, information about the current situation and knowledge about attacks are exchanged, aggregated, fused, and correlated in a cooperative manner to overcome the limitations of conventional centralized intrusion detection systems. However, this distributed...
Enabling situation awareness necessitates working with processes capable of identifying domain specific activities. This paper addresses metrics developed to assess research level systems and to measure their performance in providing those processes. The metrics fall into four dimensions; confidence, purity, cost utility, and timeliness. The bulk of the discussion will provide an overview of each...
Clustered collaborative architecture brings serious security challenges. One of these collaborative solution is a remote desktop that provides a virtual graphical environment through a network displayed on a thin client. As several thin clients access to the same host, conflicts or non interference problems can raise. Although techniques exist for improving security of a host, few papers present how...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.