The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Data holders need to share the alerts data that they detected for correlation and analysis purpose. In such cases, privacy issues turn out to be a major concern. This paper proposes a model to correlate and analyze intrusion alerts with privacy-preserving capability. The raw intrusion alerts are protected by improved k-anonymity method, which preserves the alert regulation inside disturbed data records...
A cyber attack modifies the behavior of its target application or system such that it is outside of its intended or desired range of behavior. The challenge is that one cannot predict the attack mechanism that will cause the modified behavior or when and how the target's behavior will diverge. Thus, if one restricts one's sensors to a particular aspect of the system or looks for specific malicious...
As complete prevention of computer attacks is not possible, intrusion detection systems (IDS) play a very important role in minimizing the damage caused by different computer attacks. There are two intrusion detection methods: namely misuse- and anomaly-based. A collaborative intelligent intrusion detection system (CIIDS) is proposed to include both methods, since it is concluded from recent research...
It is unfeasible to analyze the security events by the manual way for the security manager, because the number of the events is huge and the information contained in the events is meaningless. After analyzing the existing algorithms of security events correlation, we propose an attack scenario reconstruction technology based on state machine. The processes of attackers intruding into the cyberspace...
Botnet has become a prevalent platform for malicious attacks, which poses a significant threat to Internet security. Recently, botnets are inclined to utilize HTTP to route their command and control (C&C) communication instead of using the protocol Internet Relay Chat (IRC). And these web-based C&C bots try to blend into normal HTTP traffic, which makes them more difficult to be identified...
Kernels defined on vectors have been widely used in host-based intrusion detection. We propose a protocol anomaly detection model based on string kernels including high-order Markov kernel, all-length gap-weighted kernel, all-length-weighted kernel and its variation all-length-weighted once kernel. Experimental results show that these string kernels can hold state information of protocols well. Models...
Intrusion Detection Systems (IDS) deploy various sensors that collect data, process this data and report events. The process of combining these events or superordinate incidences is known as event correlation. The key issues of this process are (1) to find a way how to combine events based on different data types (e. g. log entries, connection statistics or protocol identifiers), (2) to build a model...
In the past few years, IRC bots, malicious programs which are remotely controlled by attackers through IRC servers, have become a major threat to the Internet and for users. These bots can be used in different malicious ways such as issuing distributed denial of services attacks to shut down other networks and services, keystrokes logging, spamming, traffic sniffing cause serious disruption on networks...
This work presents an empirical property-based model to describe Web-based vulnerability. We define a web application using a new descriptive model with pre-condition, behavior, entity and communication property sets. The vulnerable property relationship graph (VPRG) defines a vulnerability as vulnerable properties in application with relations to other properties in cause- and consequence-relationships...
Assessing the risk associated to structured financial products such as collateralized debt obligations, involves processing information about diverse risk factors: some information comes from the different sources directly in aggregated form, therefore it is not possible to estimate the correlation among different risk components. In this paper we address the problem of assessing the credit risk associated...
Database auditing can help strengthen the security of database. In this paper, we present a framework of database auditing, which log the database activities through analyzing network traffic, execute audit analysis through event correlation and generate alarms if an anomaly or a violation of security regulations is detected. Compared with native auditing mechanism in database, our approach has an...
Accurate sensing of the spectrum condition is of crucial importance to the mitigation of the spectrum scarcity problem in dynamic spectrum access (DSA) networks. Specifically, distributed sensing has been recognized as a viable means to enhance the incumbent signal detection by exploiting the diversity of sensors. However, it is challenging to make such distributed sensing secure due mainly to the...
Based on TCP protocol, this paper aims at TCP flows, discusses the effects of multivariate correlation analysis on network traffic, obtains the quantitative relationship between different types of TCP packets in each time unit by correlation coefficient matrix, and finally proposes an anomaly detection and analysis method based on the correlation coefficient matrix. The experimental results show that...
This article attempts to empirically analyze which vulnerabilities attackers tend to target in order to prioritize vulnerability remediation. This analysis focuses on the link between malicious connections and vulnerabilities, where each connection is considered malicious. Attacks requiring multiple connections are counted as multiple attacks. As the number of connections increases, so does the cost...
Technology adoption analysis is one of the key exercises in managing technology innovation and diffusion. In this paper, we present a service platform for technology adoption analysis, with aim tailored to provide service provisioning to potential technology users and providers. With two service models provided in this platform, a practical privacy preserving framework is developed to help relieve...
Nowadays, it becomes more and more important to construct high-level attack scenarios from low-level intrusion alerts reported by intrusion detection systems (IDSs). Some methods have been presented to resolve this problem. These methods have different strengths. However, they also have different limitations. In order to build complicated attack processes accurately, this paper uses cluster and correlation...
This paper investigates loss of self-similarity (LoSS) detection performance using exact and asymptotic second order self-similarity (ESOSS and ASOSS) models. Previous works on LoSS detection have used ESOSS model with fixed sampling that we believe is insufficient to reveal LoSS detection efficiently. In this work, we study two variables known as sampling level and correlation lag in order to improve...
Recommender systems use various types of information to help customers find products of personalized interest. To increase the usefulness of recommender systems in certain circumstances, it could be desirable to merge recommender system databases between companies, thus expanding the data pool. This can lead to privacy disclosure hazards that this paper addresses by constructing an efficient privacy-preserving...
Alert correlation is the method used to analyze the implicit relation among attacks so as to discover real threats. There already have been several proposals on alert correlation, such as the methods based on predefined knowledge and the methods need no predefined knowledge. But they all have their drawbacks. Generally, the predefined knowledge based methods have no ability to recognize unknown attacks,...
For the purpose of reducing redundant alerts and false alerts as well as recognizing complicated attack scenarios, a multilevel model of alert fusion is presented. This model fuses alerts layer upon layer through primary alert reduction, alert verification, alert clustering and alert correlation. In order to construct accurate and complete attack sensors, in the phase of alert clustering, this paper...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.