The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
A common technique hackers use to break into a computer host is to route their traffic through a chain of stepping-stone hosts. There is no valid reason to use a long connection chain for remote login such as SSH connections. One way to protect a host of being attacked is to identify long connection chains connecting into the host. This paper proposes a novel method to identify long connection chains...
One of the main goals of moving to Next Generation Networks (NGN) is an integrated access to multimedia services like VoIP, and IPTV. The primary signaling protocol in these multimedia services is Session Initiation Protocol (SIP). This protocol, however, is vulnerable against attacks, which may reduce the Quality of Service (QoS), an important feature in NGN services. One of the most frequent attacks...
Virtualization is becoming an increasingly popular service hosting platform. Recently, intrusion detection systems (IDSs) which utilize virtualization have been introduced. One particular challenge present in current virtualization-based IDS systems is considered in this paper. IDS systems are commonly faced with high-dimensionality imbalanced data. Improved feature selection methods are needed to...
Complex Event Processing (CEP) has received wider acceptability due to its systematic and multilevel architecture driven concept approach. CEP is an emerging technology in the field of data processing and identifying patterns of interest from multiple streams of events. High levels of integrated self learning applications can be developed. CEP is used in development of applications which have to deal...
This paper puts forward an automatically generated system of attack signature based on virtual honeypots, which adopts an open source software virtual honeypot-Honeyd, uses the plug-in-supporting function of Honeyd, and sets up Signature Generation System (SGS) to generate attack signature for Snort automatically. SGS carries out the intrusion rule extraction of data packets which have entered Honeyd...
Correctional Service Canada (CSC) operates 57 Institutions equipped with a range of mission critical Security, Communications and Access Management systems. These include CCTV assessment, intrusion detection, radio communications and door control systems. User Interfaces range from colour graphic touch screens to knobs, push buttons etc. Operational and technical challenges include the following issues:...
Pattern matching method has been used in this paper, and intrusion detection method based on protocol acknowledgement is proposed. We analyze how to determine the time interval value of ΔT and the threshold value of N, and the existence of direct proportion relationship between ΔT and N is proved. The protocol acknowledgement module includes packet filtering and state protocol analysis techniques...
Security Information Fusion System has recently become one of the major topics in the research area of information security. A great deal of security devices and components have been deployed in network information systems. While improving the systems security performance, they produced lots of redundant or unreliable information. Through the technologies of alert fusion and correlation analysis,...
Dos is an important hacker attack means, DDoS is its further development. Methods for its prevention have been many, but the effect has not been too good. This article describes a combination of honey pot, honey net technologies and new intrusion detection technology defense systems, and gives concrete proved.
With the ever increasing development and expansion of database use, protection of database against hazards, which threaten the integrity, availability and confidentiality of database, is inevitable. However, traditional mechanisms of database security is concentrated on protection or prevention. The main objective of an intrusion tolerant database system is such that even if a number of attacks penetrated...
Traditional network security assessment technologies are usually qualitative analyses from large variation of security factors. It is difficult to guide security managers to configure network security mechanisms. A new network security quantitative analysis method called ACRL is presented in this paper. It assesses attack sequences from credibility, risk and the loss of system and provides the assessment...
Reducing false positives have been one of the toughest challenges and a very practical problem in real life deployments of intrusion detection systems. It leads to decreased confidence in the IDS alerts. The security analyst is faced with the choice between disabling valuable signatures that also generate false positives on one hand, and missing true alerts among the flood of false positives on the...
The Battery-Sensing Intrusion Protection System (B-SIPS) [1] initially took a non-conventional approach to intrusion detection by recognizing attacks based on anomalous Instantaneous Current (IC) drain. An extension of B-SIPS, the Multi-Vector Portable Intrusion Detection System (MVP-IDS) validates the idea of recognizing attacks based on anomalous IC drain by correlating the detected anomalies with...
Digital control systems are essential to the safe and efficient operation of a variety of industrial processes in sectors such as electric power, oil and gas, water treatment, and manufacturing. Modern control systems are increasingly connected to other control systems as well as to corporate systems. They are also increasingly adopting networking technology and system and application software from...
The complexity of modern networked information systems, as well as all the defense-in-depth best practices, require distributed intrusion detection architectures relying on the cooperation of multiple components. Similar solutions cause a multiplication of alerts, thus increasing the time needed for alert management and hiding the few critical alerts as needles in a hay stack. We propose an innovative...
Large-scale IP networks cause special challenges to the security. The network consists of a large number of devices with a vast variety of traffic behavior. Implementation of the intrusion detection and monitoring mechanisms are often ineffective or require a lot of hardware and human resources. In this paper we present a methodology to construct communication profiles by making a time series and...
Innovation is necessary to ride the inevitable tide of change. The buzzword of 2009 seems to be "cloud computing" which is a futuristic platform to provides dynamic resource pools, virtualization, and high availability and enables the sharing, selection and aggregation of geographically distributed heterogeneous resources for solving large-scale problems in science and engineering. But with...
Uncertainty is an innate feature of intrusion analysis due to the limited views provided by system monitoring tools, intrusion detection systems (IDS), and various types of logs. Attackers are essentially invisible in cyber space and monitoring tools can only observe the symptoms or effects of malicious activities. When mingled with similar effects from normal or non-malicious activities they lead...
The major weakness in modern detection methods in the snorts is that the power of snorts is restricted only to the network on which algorithms are applied. This paper presents a new method to solve issues considering locality. We place anomaly detection algorithms that used in snorts in form of services within verified servers. The major advantage of this method is that the former snort strategies...
The methods for intrusion detection systems (IDS) are based on identification and prevention of attacks and threats to computer systems, but there are few studies concerning forecasting approaches. Similarly to other sciences (e.g. seismology, meteorology, and economics) in which extent efforts are done for forecasts, trend analysis could also be employed in information security field. The aim of...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.