The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In this paper, we describe penetration testing, as a methodology for information security. Pentesting is used for proactive defence and information systems protection. Special operational systems on UNIX core, developed scripts, utilities and applications are suggested. Most pros and cons of manual and automated pentest are given.
Business Continuity Planning entails the policies and procedures that ensures the continuity of the business in an enterprise in case of an unplanned outage. Disaster Recovery is a subset of Business Continuity Planning and it focusses on the continuity of Information Technology systems. Disaster Recovery Planning process involves detailed study of business processes, risk analysis, determination...
Sybil (fake) accounts penetrate the OSN security by hosting multiple threats. Multiple social-graph-based defence schemes have been proposed till date which can effectively detect and isolate the sybils based on the ground truth of limited social connections between non-sybil (honest) and sybil users. In real world scenario, sybils may elude these defenses by imploring many social connections to real...
Cluster analysis is a widely used data mining technique for extracting biological knowledge from gene expression data. In this paper, we modified one of the graph-theoretic approach CAST by using fuzzy graph concept. Our algorithm FGBCAST (Fuzzy Graph Based Cluster Affinity Search Technique) is tested over three real life datasets Yeast Cell Cycle, Yeast Sporulation and Escheria Coli. The performance...
The Information technology has become an important part of life to perform various daily activities. The web site is one of the important technologies both within the enterprise, government, and education. The web site is currently a media both as a source of information, communication, data search, create, process and publication of information, in addition to the web site be a source of great information...
Graphical User Interface (GUI) testing which is done manually requires great effort, because it needs high precision and bunch of time to do the all scenarios repeatedly. In addition, it can be prone to errors and most of testing scenarios are not all done. To solve that problems, it is proposed automated GUI testing. The latest techniques of automated GUI testing (the 3rd generation) is through a...
Modern cyber-physical systems place ever-increasing reliance on high-assurance software. Recent high-profile safety and security incidents directly attributable to software point to a failure to develop sufficient assurance of software correctness through verification and validation. While formal methods provide techniques for proving that critical safety and security properties hold for all inputs...
This paper presents a dynamic detection method based on simulating browser behavior, and designs a web crawler based on a headless browser, which can interpret the JavaScript code and retrieve Ajax content to find the hidden injection points in pages, with full consideration of the web pages containing complex scripts under Web 2.0 environment. In implementation, this paper uses dynamic analysis in...
Web applications dependent on back-end databases are currently not immune to SQL injection attacks despite huge investment in security artefacts and defensive software mechanisms deployed by organizations. These forms of attacks involve the insertion of malformed strings or specially crafted input encoded as SQL query into web forms or http header requests to web servers. While many techniques have...
In order to solve the problems of test message being rejected by the network server running the network protocol, a novel method is proposed by introducing the genetic algorithm into the test message generation process. Firstly, under the calculation of distance matrix, alignment of protocol sequence and identification of packet format are accomplished. Secondly, the genetic algorithm is introduced,...
As the attacks on the website and domain names are increasing day by day it becomes very important for various verticals in the country to be secured against the deadly attacks which can hamper the operations of the web traffic in the country and its verticals. XSS is one such attack which is more frequently tried on the websites to gain information and data which is relevant to the attacker from...
This paper proposes a method which utilizing taint analysis to reduce the unnecessary analysis routine, concentrating on the control-flow altering input using concolic (concrete and symbolic) execution procedure. A prototype, Concolic Fuzz is implemented based on this method, which is built on Pin platform at x86 binary level and using Z3 as the SMT (Satisfiability Modulo Theories) solver. The results...
To ensure the protection of computer networks, an intrusion detection system (IDS) should be integrated in the security infrastructure. However, IDSs generate a high amount of false alerts exceeding the administrator ability for analysis and omit several attacks which can threaten the network security. In this paper, a two-stage process based on data mining and optimization is proposed having as input...
Let AS (2v, Fq) be a 2-dimensional affine symplectic space over finite fields Fq. In this paper, we construct a family of error-tolerant pooling designs with the incidence matrix of two types of flats (i.e., (m, s)-flats and (r, 0)-flats) over affine symplectic space AS (2v, Fq). We also discuss the error-tolerant and error-correcting properties of our designs.
The Suspects polygraph technology based on ICMT (Intelligent Computer and Medical Technology) has been used in the investigation and judicial inquiry in more extensive applications. In order to better regulate the use of polygraph technology, the criminal psychological test must be constructed should be based on the technological request, refer to the relevant legal norms on evidence, build up the...
The Service Level Management [SLM] is the process of managing the cloud resources and services. Also, it is the process of managing and deploying the recourses, providing the services based on demand, control the service, monitor the service and report the service. The Service Level Management defines the process of allocating the resources, managing the resources, SLA negation, controlling the service,...
Researchers have previously attempted to apply machine learning techniques to network anomaly detection problems. Due to the staggering amount of variety that can occur in normal networks, as well as the difficulty in capturing realistic data sets for supervised learning or testing, the results have often been underwhelming. These challenges are far less pronounced when considering industrial control...
With the rapid growth of Internet traffic, new emerging network architectures are under deployment. Those architectures will substitute the current IP/TCP network only if they can ensure better security. Currently, the most advanced proposal for future Internet architecture is Named Data Networking (NDN). However, new computer network architectures bring new types of attacks. This paper focuses on...
Soft keyboard is perhaps the most common human input device on smartphone. This study designed and implemented a proof-of-concept soft keyboard keylogger in Android. The soft keyboard app was designed to have the capability to capture keystrokes from user and save it. It also can record the GPS location of user at the time of typing and sent it to a remote server. From our testing, the app was capable...
C-SEC (Cyber-SCADA Evaluation Capability) is a new technology developed to secure our nation's critical infrastructures. C-SEC provides an evaluation software tool, laboratory testing and a framework that enables the proper and efficient evaluation of Cyber Security technologies for SCADA networks and its industrial components.
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.