The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
The measure of similarity is necessary for the study of several problems such as: the multimedia adaptation, detection of intrusion based behavior, adaptation of web services.... In this article, we propose the definition of a new measure of similarity that deals with the shared objects properties, their values and the weight of each property is proposed.
Recently, there has been a lot of interest in the fields of Steganography and Steganalysis. Steganography is the practice of hiding private or sensitive information within cover media that appears to be nothing out of the usual. Steganalysis is a relatively new branch of research, the mechanism of detecting the presence of hidden information in the stego media and it can lead to the prevention of...
The continuous growth and development of ecommerce around the world is disproportionate to Asianconsumers' adoption of online shopping. The average adoption rate in Asian countries is low compared to that in western countries. The purpose of this paper is to provide an understanding of the current situation regarding online shopping behavior in Asian countries, especially Malaysia. The factors that...
Botnets are considered by specialists, in both industry and academy, as one of the greatest threats to security on the Internet. These networks are composed by a large number of malware-infected hosts acting under a central command. They are usually employed to perform DDoS attacks or phishing scams. The behaviour of these botnets evolves due the adoption of new and sophisticated infection methods,...
Trust, the most fundamental concept in Trusted Computing, is a pervasive notion and, as such, has been studied thoroughly in a variety of different fields. Based on a survey of trust and security, two formal definitions for trust in Trusted Computing are presented in this paper: one for trust between coequal components (the direct trust) and the other for trust in specialization-employed environment...
The number of users of mobile devices has increased enormously over the past five years. Along with this, the public concern about how to make sure personal information remains private and safe has also grown, and it has become a high priority standard for mobile device producers to fulfill. Programming languages, by themselves, offer a limited safely, unfortunately. A common example is the use of...
CVSS is a framework which provides a method for rating the severity level of IT vulnerabilities. It takes into account not only the intrinsic characteristics of the vulnerability, but also its evolution over time and the user environment in which it is detected. A severity, or CVSS, score, is evaluated using several metrics : base / temporal / environmental. Base metrics assessments are achieved through...
The correctness of mission-critical software is an important part of information security, but oracle problem and test data generation are constraints for some programs. Although metamorphic testing (MT) is practical for programs with oracle problem and evolutionary testing (ET) is a good application of genetic algorithm (GA) for automatic test data generation, fitness functions used in ET are not...
The new paradigm of cloud computing poses severe security risks to its adopters. In order to cope with these risks, appropriate taxonomies and classification criteria for attacks on cloud computing are required. In this work-in-progress paper we present one such taxonomy based on the notion of attack surfaces of the cloud computing scenario participants.
Peer-to-Peer (P2P) networking is beneficial when removing a centralized server. On the other hand, new mechanisms are required to compensate for the central authority, especially for network security and dependability. In this paper, we propose a new fuzzy reputation (Fuzzy-Rep) model to improve security and dependability of P2P e-commerce. The model employs fuzzy logic inference rules to assess transactions...
Today's approach to security is based on perimeter defense and relies heavily on firewalls, Intrusion detection systems (IDS) and Intrusion prevention systems. Despite years of research and investment in developing such reactive security methodologies, our critical systems remain vulnerable to cyber attacks. In our approach we assume that intrusions are inevitable and our effort is focused on minimizing...
Most software systems developed nowadays are highly complex and subject to strict time constraints, and are often deployed with critical software faults. In many cases, software faults are responsible for security vulnerabilities which are exploited by hackers. Automatic web vulnerability scanners can help to locate these vulnerabilities. Trustworthiness of the results that these tools provide is...
We consider a simplest Markov decision process model for intrusion tolerance, assuming that (i) each attack proceeds through one or more steps before the system's security fails and (ii) defensive responses targeting these intermediate steps may only sometimes thwart the attack. Our analysis shows that, even in the ideal case of perfect detectors, it can be sub-optimal in the long run to employ defensive...
Botnets have become a serious threat to Internet and are often deployed to control a large pool of zombies and perform notorious activities such as DDoS, information theft and spam sending. In this paper, a new method is developed for detecting IRC botnets by analyzing the characteristic of packet size sequence of the TCP conversation between IRC zombies and their command and control (C&C) servers...
Interest in policy-based approaches to multi-agent and distributed systems has grown considerably in recent years. Policy-based management (PBM) has been proposed in multi-agent systems to deal with coordination and security issues of multi-agent systems according to well-defined system guidelines. Based on the policy-based management mechanism and autonomous intelligent agents, we present a framework...
In the environment which supports access control, the behaviors of an application not only depend on the logic of its code, also depend on the security policy enforced in the system. So, while verifying the trustworthy of a remote application, related security policy should be verified besides the application itself. However, the security policies to restrict different applications are commonly mixed...
The pervasive systems are weaving themselves in our daily life, making it possible to collect user information invisibly, in an unobtrusive manner by even unknown parties. So run time trustworthiness calculation would be a major issue in these environments. The huge number of interactions between users and pervasive devices necessitate a comprehensive trust model which unifies different trust factors...
Traditional methods for evaluating network security neglect the correlation of network vulnerabilities. To solve this problem, a method based on Colored Petri Net (CPN) modeling is presented. Potential attack sequences are built according to the correlation of network vulnerabilities. The weakness and key paths can be found through analyzing the attack sequences. Simulation results show that the proposed...
In this paper a generalized trust calculation mechanism is proposed which could be used to And out the trust values of various entities involved in a pervasive environment globally. The trust values calculated between the entities are stored in a global data store. This trust value can be used as a basis for future transactions of the entity concerned. The global data store can be maintained by a...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.