2009 Cybersecurity Applications & Technology Conference for Homeland Security最新文献

筛选
英文 中文
Progress Toward Securing the Routing Infrastructure 安全路由基础设施的进展
S. Murphy, Samuel Weiler
{"title":"Progress Toward Securing the Routing Infrastructure","authors":"S. Murphy, Samuel Weiler","doi":"10.1109/CATCH.2009.41","DOIUrl":"https://doi.org/10.1109/CATCH.2009.41","url":null,"abstract":"After more than a decade of proposals to secure inter-domain routing, the Internet Engineering Task Force (IETF) has undertaken work in the last two years to secure the origination of a route to a block of IP addresses, which is the foundation of inter-domain routing. This paper discusses the decisions taken in that work, as well as discussion of incremental deployment and remaining issues still under debate.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115507106","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Static Analysis of Software Executables 软件可执行文件的静态分析
David Melski, T. Teitelbaum, T. Reps
{"title":"Static Analysis of Software Executables","authors":"David Melski, T. Teitelbaum, T. Reps","doi":"10.1109/CATCH.2009.42","DOIUrl":"https://doi.org/10.1109/CATCH.2009.42","url":null,"abstract":"In recent years, there has been a growing need for tools that an analyst can use to understand the workings of COTS software as well as malicious code. Static analysis provides techniques that can help with such problems; however, there are several obstacles that must be overcome, including the absence of source code and the difficulty of analyzing machine code. We have created CodeSurfer/x86, a prototype tool for browsing, inspecting, and analyzing x86 executables. From an x86 executable, CodeSurfer/x86 recovers intermediate representations that are similar to what would be created by a compiler for a program written in a high-level language. These facilities provide a platform for the development of additional tools for analyzing the security properties of executables. CodeSurfer/x86 analyses are automatically generated from a formal specification of the x86 instruction semantics. This makes the analyses more accurate and robust, and makes it easier to retarget the tool to analyze executables for other platforms besides x86.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129208315","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Trusted Distributed Repository of Internet Usage Data for Use in Cyber Security Research 用于网络安全研究的可信分布式互联网使用数据存储库
C. Scheper, S. Cantor, Renee Karlsen
{"title":"Trusted Distributed Repository of Internet Usage Data for Use in Cyber Security Research","authors":"C. Scheper, S. Cantor, Renee Karlsen","doi":"10.1109/CATCH.2009.13","DOIUrl":"https://doi.org/10.1109/CATCH.2009.13","url":null,"abstract":"This paper discussed about the protected repository for the defense of infrastructure against cyber threats (PREDICT) that has been established to create a trusted framework for sharing data for research and testing. By facilitating data sharing within the research community, PREDICT seeks to accelerate the creation of cyber security solutions that support effective threat assessment and increase cyber security capabilities.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"137 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124666863","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
A Combined Fusion and Data Mining Framework for the Detection of Botnets 基于融合和数据挖掘的僵尸网络检测框架
A. Kiayias, Justin Neumann, D. Walluck, Owen McCusker
{"title":"A Combined Fusion and Data Mining Framework for the Detection of Botnets","authors":"A. Kiayias, Justin Neumann, D. Walluck, Owen McCusker","doi":"10.1109/CATCH.2009.9","DOIUrl":"https://doi.org/10.1109/CATCH.2009.9","url":null,"abstract":"This paper describes a combined fusion and miningframework applied to the detection of stealthy botnets.The framework leverages a fusion engine thattracks hosts through the use of feature-based profilesgenerated from multiple network sensor types. Theseprofiles are classified and correlated based on a setof known host profiles, e.g., web servers, mail servers,and bot behavioral characteristics. A mining enginediscovers emergent threat profiles and delivers themto the fusion engine for processing. We describe thedistributed nature of botnets and how they are createdand managed. We then describe a combined fusion andmining model that builds on recent work in the cybersecurity domain. The framework we present employsan adaptive fusion system driven by a mining systemfocused on the discovery of new threats. We concludewith a discussion of experimental results, deploymentissues, and a summary of our arguments.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130797025","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
BGP Routing Integrity Checker and Prefix-List Filter Generation Tool BGP路由完整性检查和前缀列表过滤器生成工具
R. Stapleton-Gray
{"title":"BGP Routing Integrity Checker and Prefix-List Filter Generation Tool","authors":"R. Stapleton-Gray","doi":"10.1109/CATCH.2009.15","DOIUrl":"https://doi.org/10.1109/CATCH.2009.15","url":null,"abstract":"ISPs receive requests from their customers to advertise BGP prefixes on behalf of those customers; analyzing requests to flag incorrect prefixes imposes a significant burden on ISPs, who require a tool to perform “sanity checks” on such requests. Packet Clearing House was asked to develop such a tool, and the initial implementation, released in January 2007,is now being re-engineered to add capabilities and capacity.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114194966","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
The Cyber Scenario Modeling and Reporting Tool (CyberSMART) 网络场景建模和报告工具(CyberSMART)
J. Marshall
{"title":"The Cyber Scenario Modeling and Reporting Tool (CyberSMART)","authors":"J. Marshall","doi":"10.1109/CATCH.2009.46","DOIUrl":"https://doi.org/10.1109/CATCH.2009.46","url":null,"abstract":"This paper introduces the CyberSMART software tool for use in cyber incident preparedness exercises. CyberSMART provides the cyber exercise community with a web-based tool for gathering data from numerous sources and for effectively using that data to plan complex functional and tabletop exercises. This work was supported by the United States Department of Homeland Security, Science and Technology Directorate under contract number NBCHC060088, in partnership with the National Cyber Security Division.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123370949","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
The PhishBouncer Experience PhishBouncer体验
P. Pal, M. Atighetchi
{"title":"The PhishBouncer Experience","authors":"P. Pal, M. Atighetchi","doi":"10.1109/CATCH.2009.12","DOIUrl":"https://doi.org/10.1109/CATCH.2009.12","url":null,"abstract":"This extended abstract summarizes the technical results developed under the PhishBouncer project (October 2005 to May 2007), where the authors collaborated with researchers from Symantec Research Lab (SRL). The goal of this project was to develop middleware-based technology to defend unsuspecting users against Phishing attacks. More specifically, the project explored mechanisms to intercept and inspect HTTP and HTTPS traffic to detect and block interaction with Phish sites, and mechanisms for quickly disseminating the Phishing URL. A part of the work started in this project has continued at SRL under separate funding, that aspect of the work is kept out scope of this paper. The project started out by conceiving a total anti-Phishing solution package, but made technical advances in a number of its separate aspects, such as smart proxy insertion and rapid update dissemination, which transcend the specific problem space.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127258518","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Incrementally-Deployable Security for Interdomain Routing 域间路由的可增量部署安全性
J. Rexford, J. Feigenbaum
{"title":"Incrementally-Deployable Security for Interdomain Routing","authors":"J. Rexford, J. Feigenbaum","doi":"10.1109/CATCH.2009.35","DOIUrl":"https://doi.org/10.1109/CATCH.2009.35","url":null,"abstract":"The Internet’s interdomain-routing system is extremely vulnerable to accidental failure, configuration errors, and malicious attack. Any successful approach to improving interdomain-routing security must satisfy two requirements for incremental deployability: backwards compatibility with the existing routing protocol and installed base of routers and incentive compatibility with the desire of each domain to improve its part of the routing system even if other domains have not taken similar steps. We propose an incrementally deployable approach based on a Routing Control Platform (RCP) that makes routing decisions on behalf of the routers in a domain, without requiring changes to the routers or protocols. The RCP runs anomaly-detection algorithms that identify, and avoid, suspicious routes, allowing a domain (or a small group of cooperating domains) to significantly improve interdomain routing security.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128101633","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
How to Test DoS Defenses 如何测试DoS防御
J. Mirkovic, S. Fahmy, P. Reiher, Roshan K. Thomas
{"title":"How to Test DoS Defenses","authors":"J. Mirkovic, S. Fahmy, P. Reiher, Roshan K. Thomas","doi":"10.1109/CATCH.2009.23","DOIUrl":"https://doi.org/10.1109/CATCH.2009.23","url":null,"abstract":"DoS defense evaluation methods influence how well test results predict performance in real deployment. This paper surveys existing approaches and criticizes their simplicity and the lack of realism. We summarize our work on improving DoS evaluation via development of standardized benchmarks and performance metrics. We end with guidelines on efficiently improving DoS evaluation, in the short and in the long term.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"453 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115833233","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 43
Effective Flow Filtering for Botnet Search Space Reduction 减少僵尸网络搜索空间的有效流过滤
R. Walsh, D. Lapsley, W. Strayer
{"title":"Effective Flow Filtering for Botnet Search Space Reduction","authors":"R. Walsh, D. Lapsley, W. Strayer","doi":"10.1109/CATCH.2009.22","DOIUrl":"https://doi.org/10.1109/CATCH.2009.22","url":null,"abstract":"The use of sophisticated techniques is essential to detect and identify the presence of botnet flows, but these techniques can be expensive in computational and memory resources. A critical first pass is to filter out all traffic that is highly unlikely to be part of a botnet, allowing the more complex algorithms to run over a much smaller set of flows. This paper presents our studies and experience in filtering flows to reduce the botnet search space, and shows that a series of simple filters can provide as much as a 37-fold reduction in the flow set.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"155 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127576350","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信