发布求助
文献互助 智能选刊 最新文献

2009 Cybersecurity Applications & Technology Conference for Homeland Security最新文献

筛选
英文 中文
A High Performance Software Architecture for a Secure Internet Routing PKI 安全Internet路由PKI的高性能软件体系结构
2009 Cybersecurity Applications & Technology Conference for Homeland Security Pub Date : 2009-03-03 DOI: 10.1109/CATCH.2009.17
M. Reynolds, S. Kent
{"title":"A High Performance Software Architecture for a Secure Internet Routing PKI","authors":"M. Reynolds, S. Kent","doi":"10.1109/CATCH.2009.17","DOIUrl":"https://doi.org/10.1109/CATCH.2009.17","url":null,"abstract":"A PKI in support of secure Internet routing was first proposed in [1] and refined in later papers, e.g., [2]. In this “Resource” PKI (RPKI) the resources managed are IP address allocations and Autonomous System number (AS #) assignments. The RPKI presents a very different implementation challenge from a typical PKI,in that in the RPKI every relying party needs to validate every certificate and CRL at fairly frequent intervals (e.g., daily). In a fully deployed RPKI there will be several hundred thousand digital objects that require validation, so performance is a critical issue for any software implementation. This paper describes the software developed by BBN for use by relying parties in the RPKI, with a special focus on the means and methods used to realize a high performance design. Theoretical discussions are augmented with actual performance data. Highly favorable performance statistics for the BBN approach are concretely demonstrated.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117112480","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Uses and Challenges for Network Datasets 网络数据集的使用和挑战
2009 Cybersecurity Applications & Technology Conference for Homeland Security Pub Date : 2009-03-03 DOI: 10.1109/CATCH.2009.29
J. Heidemann, C. Papdopoulos
{"title":"Uses and Challenges for Network Datasets","authors":"J. Heidemann, C. Papdopoulos","doi":"10.1109/CATCH.2009.29","DOIUrl":"https://doi.org/10.1109/CATCH.2009.29","url":null,"abstract":"Network datasets are necessary for many types of network research. While there has been significant discussion about specific datasets, there has been less about the overall state of network data collection. The goal of this paper is to explore the research questions facing the Internet today, the datasets needed to answer those questions, and the challenges to using those datasets. We suggest several practices that have proven important in use of current data sets, and open challenges to improve use of network data.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132551055","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Insider Threat Detection Using Graph-Based Approaches 使用基于图的方法进行内部威胁检测
2009 Cybersecurity Applications & Technology Conference for Homeland Security Pub Date : 2009-03-03 DOI: 10.1109/CATCH.2009.7
W. Eberle, L. Holder
{"title":"Insider Threat Detection Using Graph-Based Approaches","authors":"W. Eberle, L. Holder","doi":"10.1109/CATCH.2009.7","DOIUrl":"https://doi.org/10.1109/CATCH.2009.7","url":null,"abstract":"Protecting our nation's cyber infrastructure and securing sensitive information are critical challenges for homeland security and require the research, development and deployment of new technologies that can be transitioned into the field for combating cyber security risks. Particular areas of concern are the deliberate and intended actions associated with malicious exploitation, theft or destruction of data, or the compromise of networks, communications or other IT resources, of which the most harmful and difficult to detect threats are those propagated by an insider. However, current efforts to identify unauthorized access to information, such as what is found in document control and management systems, are limited in scope and capabilities. In order to address this issue, this effort involves performing further research and development on the existing graph-based anomaly detection (GBAD) system. GBAD discovers anomalous instances of structural patterns in data that represent entities, relationships and actions. Input to GBAD is a labeled graph in which entities are represented by labeled vertices and relationships or actions are represented by labeled edges between entities. Using the minimum description length (MDL) principle to identify the normative pattern that minimizes the number of bits needed to describe the input graph after being compressed by the pattern, GBAD implements algorithms for identifying the three possible changes to a graph: modifications, insertions and deletions. Each algorithm discovers those substructures that match the closest to the normative pattern without matching exactly.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132464467","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 31
A Secure IEC-61850 Toolkit for Utility Automation 用于公用事业自动化的安全IEC-61850工具包
2009 Cybersecurity Applications & Technology Conference for Homeland Security Pub Date : 2009-03-03 DOI: 10.1109/CATCH.2009.39
S. A. Klein
{"title":"A Secure IEC-61850 Toolkit for Utility Automation","authors":"S. A. Klein","doi":"10.1109/CATCH.2009.39","DOIUrl":"https://doi.org/10.1109/CATCH.2009.39","url":null,"abstract":"This paper addresses development of an opensource Toolkit for constructing secure IEC-61850-based systems for a variety of utility automation applications. Development of the Toolkit was originally focused on control system cyber security. Subsequently, extension of the Toolkit was explored to address grid integration of wind power. It also became necessary to identify the security and other benefits of 61850 and provide tools to enable their achievement. The paper provides some background, an overview of the Toolkit, an overview of 61850 and its benefits, a description of Toolkit architecture and functionality, and a discussion of its status.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130893803","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
The Challenges of Effectively Anonymizing Network Data 有效匿名化网络数据的挑战
2009 Cybersecurity Applications & Technology Conference for Homeland Security Pub Date : 2009-03-03 DOI: 10.1109/CATCH.2009.27
Scott E. Coull, F. Monrose, M. Reiter, Michael Bailey
{"title":"The Challenges of Effectively Anonymizing Network Data","authors":"Scott E. Coull, F. Monrose, M. Reiter, Michael Bailey","doi":"10.1109/CATCH.2009.27","DOIUrl":"https://doi.org/10.1109/CATCH.2009.27","url":null,"abstract":"The uncertainties that currently exist about the efficacy of network data anonymization, from both technical and policy perspectives, leave the research community in a vulnerable position. Even as the field marches forward, it does so with little understanding of the implications of publishing anonymized network data on the privacy of the networks being monitored and the utility to researchers. Without that understanding, data publishers are left to wonder what fields must be anonymized to avoid legal fallout, while researchers question the confidence of results gained from the data. However, the extensive work done on micro- data anonymity provides the network research community with several useful insights about how to effectively apply anonymization to published data. At the same time, prior wisdom cannot be applied directly without first overcoming several challenges, including the development of appropriate privacy and utility definitions for the more complex case of network data. Addressing these challenges is essential, in our view, to ensure the continued, yet responsible, availability of network trace data to support security research.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"314 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123227576","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 36
FloVis: Flow Visualization System 流动可视化系统
2009 Cybersecurity Applications & Technology Conference for Homeland Security Pub Date : 2009-03-03 DOI: 10.1109/CATCH.2009.18
Teryl Taylor, D. Paterson, J. Glanfield, C. Gates, Stephen Brooks, J. McHugh
{"title":"FloVis: Flow Visualization System","authors":"Teryl Taylor, D. Paterson, J. Glanfield, C. Gates, Stephen Brooks, J. McHugh","doi":"10.1109/CATCH.2009.18","DOIUrl":"https://doi.org/10.1109/CATCH.2009.18","url":null,"abstract":"NetFlow data is routinely captured at the border of many enterprise networks. Although not as rich as full packet–capture data, NetFlow provides a compact record of the interactions between host pairs on either side of the monitored border. Analysis of this data presents a challenge to the security analyst due to its volume. We report preliminary results on the development of a suite of visualization tools that are intended to complement command linetools, such as those from the SiLK Tools, that are currently used by analysts to perform forensic analysis of NetFlow data. The current version of the tool set draws on three visual paradigms: activity diagrams that display various aspects of multiple individual host behaviors as color1 coded time series, connection bundles that show the interactions among hosts and groups of hosts, and the NetBytes viewer that allows detailed examination of the port and volume behaviors of an individual host over a period of time. The system supports drill down for additional detail and pivoting that allows the analyst to examine the relationships among the displays. SiLK data is preprocessed into a relational database to drive the display modes, and the tools can interact with the SiLK system to extract additional data as necessary.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133002806","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 67
Correlation and Collaboration in Anomaly Detection 异常检测中的关联与协作
2009 Cybersecurity Applications & Technology Conference for Homeland Security Pub Date : 2009-03-03 DOI: 10.1109/CATCH.2009.34
R. E. Cullingford
{"title":"Correlation and Collaboration in Anomaly Detection","authors":"R. E. Cullingford","doi":"10.1109/CATCH.2009.34","DOIUrl":"https://doi.org/10.1109/CATCH.2009.34","url":null,"abstract":"This abstract describes research into improving the capabilities of Intrusion Detection Systems (IDSs) based on probabilistic Anomaly Detection (AD). One technique involves correlating evidence obtained from two or more detection engines to generate wellfounded alarms. A second technique combines evidence from engines running on different sensors to achieve the same goal. In both cases, the aim is to reduce the False-Positive (FP) problem that is characteristic of detection schemes that use AD. We illustrate use of the techniques to augment the capabilities of an existing AD IDS (CounterStorm-1) to allow it to create high-quality alarms in the presence of attempted malicious Data Exfiltration.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129867978","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Towards Fool-Proof Configuration Assessments 迈向万无一失的配置评估
2009 Cybersecurity Applications & Technology Conference for Homeland Security Pub Date : 2009-03-03 DOI: 10.1109/CATCH.2009.37
R. Talpade
{"title":"Towards Fool-Proof Configuration Assessments","authors":"R. Talpade","doi":"10.1109/CATCH.2009.37","DOIUrl":"https://doi.org/10.1109/CATCH.2009.37","url":null,"abstract":"IP networks have come of age. They are increasingly replacing leased-line data infrastructure and traditional phone service, and are expected to offer Public Switched Telephone Network (PSTN)-quality service at a much lower cost. As a result, there is an urgent interest in assuring IP network security, reliability, and Quality of Service (QoS). In fact, regulators are now requiring compliance with IP related mandates. This paper discusses the complex nature of IP networks, and how that complexity makes them particularly vulnerable to faults and intrusions. It describes regulatory efforts to mandate assessment, explains why many current approaches to IP assessment fall short, and describes the requirements for an effective solution to satisfy business, government, and regulatory requirements.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116566823","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Quickdraw: Generating Security Log Events for Legacy SCADA and Control System Devices Quickdraw:为传统SCADA和控制系统设备生成安全日志事件
2009 Cybersecurity Applications & Technology Conference for Homeland Security Pub Date : 2009-03-03 DOI: 10.1109/CATCH.2009.33
D. Peterson
{"title":"Quickdraw: Generating Security Log Events for Legacy SCADA and Control System Devices","authors":"D. Peterson","doi":"10.1109/CATCH.2009.33","DOIUrl":"https://doi.org/10.1109/CATCH.2009.33","url":null,"abstract":"Security event logs play a role in the early detection of attacks and in after incident investigations. Controllers used in SCADA, DCS and other control systems log almost no security events. This deficiency is addressed by the Quickdraw application, which is a passive security log generator for controllers. Quickdraw monitors communication like a network IDS, detects events that should be logged in a controller, creates the security events, and then sends the event to a historian, SEM or other log aggregator.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"46 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124009621","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
BGPmon: A Real-Time, Scalable, Extensible Monitoring System 一个实时的,可扩展的,可扩展的监控系统
2009 Cybersecurity Applications & Technology Conference for Homeland Security Pub Date : 2009-03-03 DOI: 10.1109/CATCH.2009.28
He Yan, R. Oliveira, Kevin Burnett, Dave Matthews, Lixia Zhang, D. Massey
{"title":"BGPmon: A Real-Time, Scalable, Extensible Monitoring System","authors":"He Yan, R. Oliveira, Kevin Burnett, Dave Matthews, Lixia Zhang, D. Massey","doi":"10.1109/CATCH.2009.28","DOIUrl":"https://doi.org/10.1109/CATCH.2009.28","url":null,"abstract":"This paper presents a new system, called BGPmon, for monitoring the Border Gateway Protocol (BGP). BGP is the routing protocol for the global Internet. Monitoring BGP is important for both operations and research; a number of public and private BGP monitors are deployed and widely used. These existing monitors typically collect data using a full implementation of a BGP router. In contrast, BGPmon eliminates the unnecessary functions of route selection and data forwarding to focus solely on the monitoring function. BGPmon uses a publish/subscribe overlay network to provide real-time access to vast numbers of peers and clients. All routing events are consolidated into a single XML stream. XML allows us to add additional features such as labeling updates to allow easy identification of useful data by clients. Clients subscribe to BGPmon and receive the XML stream, performing tasks such as archiving, filtering, or real-time data analysis. BGPmon enables scalable real-time monitoring data distribution by allowing monitors to peer with each other and form an overlay network to provide new services and features without modifying the monitors. We illustrate the effectiveness of the BGPmon data using the Cyclops route monitoring system.","PeriodicalId":130933,"journal":{"name":"2009 Cybersecurity Applications & Technology Conference for Homeland Security","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114231000","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 70
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信