The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Anomaly-based Intrusion Prevention Systems have been studied to prevent zero-day attacks. However these existing systems can't prevent mimicry attacks because of the inadequacy of monitoring accuracy. Moreover, they provide no continuity for monitored applications when they have been compromised. In this paper, we propose a novel Intrusion Prevention System named Belem that detects anomaly states...
Buffer overflow is one of the worst program vulnerabilities. Many preventive approaches are applied to mitigate buffer overflow (BOF) vulnerabilities. However, BOF vulnerabilities are still being discovered in programs on a daily basis which might be exploited to crash programs and execute unwanted code at runtime. Monitoring is a popular approach for detecting BOF attacks during program execution...
In this paper, a security architecture is designed based on the artificial immune system by using multi-agents in mobile ad hoc networks. There are two types of immunity-based agents: one is detection agent and the other is counterattack agent. Detection agents take charge of monitoring the nodes in the network, detecting the anomaly activities, and taking response to the invader, which may be viewed...
SQL injection attack (SQLIA) is a prevalent method which makes it possible for the attackers to gain direct access to the database and culminates in extracting sensitive information from the firm's database. In this survey, we have presented and analyzed six different SQL Injection prevention techniques which can be used for securing the data storage over the Internet. The survey starts by presenting...
Anomaly detection of executable program is a security detection solution that examines whether security violation issues exist in programs. The paper presents a novel anomaly detection approach for executable program security (ADEPS), which monitors program executions and detects anomalous program behaviors. Through reverse analysis of executable program, critical behavior monitoring points can be...
Desktop virtualization is a new computing approach to application delivery and management. It leverages OS virtualization and remoting protocols to provide users with remote access to virtual machines running in a centralized data center. It promises significant benefits in terms of improved data security, reduced management complexity, and more efficient and flexible resource usage. However, it brings...
With the rapid development in the field of components based software engineering, there is a need for security testing of third-party components. Components possess characteristics such as strict encapsulation and binary code reuse, making components testing more difficult than traditional testing. In this paper, we introduce a new testing system based on dot net for dynamic monitoring COM components'...
Most of current methodologies for applying security patterns in software development process focus on early stages of the software lifecycle. Although sound and helpful, these approaches must be complemented with the necessary mechanisms to bridge the gap between the abstract solution described in the pattern and the implementations provided in the application. This paper presents our S&D patterns-driven...
Semantics-driven monitoring discovers attacks against a process by evaluating invariants on the process state. We propose an approach that increases the robustness and the transparency of the run-time monitoring system by introducing two virtual machines (VMs) running on the same platform. One VM runs the monitored process, i.e. the process P to be protected, while the other one evaluates invariants...
This paper presents a new application development process for new emerging scenarios such as ambient intelligence, grids, etc, which consider security and dependability issues a score elements. This development process is centred around the use of libraries for precise descriptions of reusable security and dependability solutions (S&D solutions) stored in the form of S&D patterns. One of the...
The system structure of the intrusion detection system based on the mobile agent is proposed and the design of the MAIDS system is detailedly narrated later in the paper. In the process of systematically narrating the MAIDS system, the paper firstly makes a general introduction, briefly summarizes the basic functions of the four major components of the system-intrusion management module, intrusion...
The lifecycle mismatch between vehicles and their IT system poses a problem for the automotive industry. Such systems need to be open and extensible to provide customised functionalities and services. What is less clear is how to achieve this with quality and security guarantees. Recent studies in language-based security - the use of programming language technology to enforce application specific...
The increased availability of mobile broadband connec- tions enables the expansion of software downloads to mobile devices. This leads to greater number of available services and a better utilisation of the computational power of mobile devices. The downside of this increased software availability is an increase in the possible attack vectors. One scenario is the misuse of resources, for example,...
In this paper, we present a novel approach for improving the performance of a large class of CPU and memory intensive passive network monitoring applications, such as intrusion detection systems, traffic characterization applications, and NetFlow export probes. Our approach, called locality buffering, reorders the captured packets by clustering packets with the same destination port, before they are...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.