Serwis Infona wykorzystuje pliki cookies (ciasteczka). Są to wartości tekstowe, zapamiętywane przez przeglądarkę na urządzeniu użytkownika. Nasz serwis ma dostęp do tych wartości oraz wykorzystuje je do zapamiętania danych dotyczących użytkownika, takich jak np. ustawienia (typu widok ekranu, wybór języka interfejsu), zapamiętanie zalogowania. Korzystanie z serwisu Infona oznacza zgodę na zapis informacji i ich wykorzystanie dla celów korzytania z serwisu. Więcej informacji można znaleźć w Polityce prywatności oraz Regulaminie serwisu. Zamknięcie tego okienka potwierdza zapoznanie się z informacją o plikach cookies, akceptację polityki prywatności i regulaminu oraz sposobu wykorzystywania plików cookies w serwisie. Możesz zmienić ustawienia obsługi cookies w swojej przeglądarce.
The number of software vulnerabilities discovered and publicly disclosed is increasing every year; however, only a small fraction of them is exploited in real-world attacks. With limitations on time and skilled resources, organizations often look at ways to identify threatened vulnerabilities for patch prioritization. In this paper, we present an exploit prediction model that predicts whether a vulnerability...
In this paper, we present a novel model and visualization approach for heterogeneous sources of data. We represent our data by using a model inspired by STIX. Then, we use clustering algorithms to select interesting information to explore in a visualization panel. The visualization is based on a 3D graph representation that highlights the link between malicious event and allows to focus on relevant...
The iKaaS platform has been developed as a Horizon 2020 project to construct a multi-cloud environment in order to share data and knowledge. In this paper, we add a framework for knowledge sharing/reuse in the iKaaS platform. Furthermore, we design a revenue-sharing mechanism for knowledge sharing, which uses a blockchain for registration and use of data processing services.
Designing usable and secure software is hard without tool-support. Given the importance of requirements, CAIRIS was designed to illustrate the form tool-support for specifying usable and secure systems might take. While CAIRIS supports a broad range of security and usability engineering activities, its architecture needs to evolve to meet the workflows of these stakeholders. To this end, this paper...
Security Risk Assessments (SRA) play a key role in the Security Development Lifecycle (SDL). At an early stage of the project, the SRA helps allocate security resources and identifies SDL requirements and activities. In this paper, we present key findings from a machine learning approach toward the SRA that seeks to learn from a database of previous product security risk assessments and associated...
With the explosive growth of users in mobile carrier, telecommunication fraud causes a serious loss to both of the users and carriers. The academia has an increasing interest in the issue of detecting and recognizing fraudster, and varies strategies have been proposed to prevent the attack and fraudulent activity. However, fraudsters are always inclined to hide their identity and perform the fraudulent...
A significant milestone is reached when the field of software vulnerability research matures to a point warranting related security patterns represented by intelligent data. A substantial research material of empirical findings, distinctive taxonomy, theoretical models, and a set of novel or adapted detection methods justify a unifying research map. The growth interest in software vulnerability is...
Cloud Security is a major concern for storing and protecting of data, applications and services, accessed as per the user requirements [3]. There is a need to provide guaranteed access control mechanism, so that only approved and permitted users will be able to use the data as on demand basis in the cloud [1]. Provenance is a major entity in cloud security. It includes information that is used to...
We present a novel approach for detecting malicious user activity in databases. Specifically, we propose a new machine learning algorithm for detecting attacks such as a stolen user account or illegal use by a user. Our algorithm relies on two main components that examine the consistency of a user's activity and compare it with activity patterns learned from past access. The first component tests...
In this paper, we propose new techniques for the secure storage of transport data consisting of vehicles, registrations and payments in the e-Services Web Portal of Transport Department. For this purpose, new secure and effective storage techniques are proposed in this paper in order to store the data efficiently and to retrieve them fast. The proposed techniques have been tested, using Tamil Nadu...
As a member of the European Union, Hungary face different challenges, of which the most important are the transformation of the healthcare system, the Social Security and pension system and the system of taxation. These economic and social challenges require long-term governmental strategies, which should be modelled, tested, verified in some way. It is for this challenge that we find an efficient...
Data characteristics stored in the database evolve over the time. Nowadays, it is inevitable to store all states of the objects over the time. Paradigms of conventional database are based on managing actual states, which are inappropriate. Therefore, temporal approach has been developed. In this paper, we deal with our proposed temporal solution based on attribute level architecture, which can be...
Data loss, i.e. the unauthorized/unwanted disclosure of data, is a major threat for modern organizations. Data Loss Protection (DLP) solutions in use nowadays, either employ patterns of known attacks (signature-based) or try to find deviations from normal behavior (anomaly-based). While signature-based solutions provide accurate identification of known attacks and, thus, are suitable for the prevention...
SQL Injection Attack (SQLIA) has been consistently ranked among the top security threats against web applications for more than a decade. Nowadays, attackers use sophisticated tools to launch automated injection attacks. The problem of prevention and detection of SQLIA has been long attended by the research community, but hardly any solution exists for protecting multiple websites in a shared hosting...
Infrastructure as a Service (IaaS) clouds provide users with the ability to easily and quickly provision servers. A recent study found that one in three data center servers continues to consume resources without producing any useful work. A number of techniques have been proposed to identify such unproductive instances. However, those approaches adopt the strategy to identify idle cloud instances...
This paper presents an approach for securing software application chains in cloud environments. We use the concept of workflow management systems to explain the model. Our prototype is based on the Kepler scientific workflow system enhanced with security analytics package.
Most security related research for cloud computing focuses on attacks generated outside the cloud system. However, insider attackers are more challenging and can cause severe impacts on the cloud system stability and quality of service. In this paper, we propose an insider threat model using a knowledgebase approach. Knowledgebase models were used earlier in preventing insider threats in both the...
This article contains a description of a knowledge elicitation effort and representation pertaining to the modeling of conceptual knowledge in the health care field. The project has the goal of building a conceptual model of data in the Military Health System Data Repository, a large DoD/VA aggregation of databases that can be used in the implementation of software. The goal is to create a just-in-time...
Maintaining the resilience of a large-scale system requires an accurate view of the system's cyber and physical state. The ability to collect, organize, and analyze state central to a system's operation is thus important in today's environment, in which the number and sophistication of security attacks are increasing. Although a variety of "sensors" (e.g., Intrusion Detection Systems, log...
Amongst the therapies available to stroke sufferers, one that is gaining attention is the application of video games to encourage therapeutic movement. The Limbs Alive project at Newcastle University has developed a system that gathers therapeutic game data from patients, uses statistical tools to estimate a number of performance metrics and presents the results to patients and clinicians via web...
Podaj zakres dat dla filtrowania wyświetlonych wyników. Możesz podać datę początkową, końcową lub obie daty. Daty możesz wpisać ręcznie lub wybrać za pomocą kalendarza.