发布求助
文献互助 智能选刊 最新文献

Proceedings of the 2015 Symposium and Bootcamp on the Science of Security最新文献

筛选
英文 中文
Preemptive intrusion detection: theoretical framework and real-world measurements 先发制人的入侵检测:理论框架和实际测量
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security Pub Date : 2015-04-21 DOI: 10.1145/2746194.2746199
Phuong Cao, Eric C. Badger, Z. Kalbarczyk, R. Iyer, A. Slagell
{"title":"Preemptive intrusion detection: theoretical framework and real-world measurements","authors":"Phuong Cao, Eric C. Badger, Z. Kalbarczyk, R. Iyer, A. Slagell","doi":"10.1145/2746194.2746199","DOIUrl":"https://doi.org/10.1145/2746194.2746199","url":null,"abstract":"This paper presents a Factor Graph based framework called AttackTagger for highly accurate and preemptive detection of attacks, i.e., before the system misuse. We use security logs on real incidents that occurred over a six-year period at the National Center for Supercomputing Applications (NCSA) to evaluate AttackTagger. Our data consist of security incidents that led to compromise of the target system, i.e., the attacks in the incidents were only identified after the fact by security analysts. AttackTagger detected 74 percent of attacks, and the majority them were detected before the system misuse. Finally, AttackTagger uncovered six hidden attacks that were not detected by intrusion detection systems during the incidents or by security analysts in post-incident forensic analysis.","PeriodicalId":134331,"journal":{"name":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126663235","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
An integrated computer-aided cognitive task analysis method for tracing cyber-attack analysis processes 跟踪网络攻击分析过程的集成计算机辅助认知任务分析方法
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security Pub Date : 2015-04-21 DOI: 10.1145/2746194.2746203
Chen Zhong, J. Yen, Peng Liu, R. Erbacher, Renee Etoty, C. Garneau
{"title":"An integrated computer-aided cognitive task analysis method for tracing cyber-attack analysis processes","authors":"Chen Zhong, J. Yen, Peng Liu, R. Erbacher, Renee Etoty, C. Garneau","doi":"10.1145/2746194.2746203","DOIUrl":"https://doi.org/10.1145/2746194.2746203","url":null,"abstract":"As cyber-attacks become more sophisticated, cyber-attack analysts are required to process large amounts of network data and to reason under uncertainty with the aim of detecting cyber-attacks. Capturing and studying the fine-grained analysts' cognitive processes helps researchers gain deep understanding of how they conduct analytical reasoning and elicit their procedure knowledge and experience to further improve their performance. However, it's very challenging to conduct cognitive task analysis studies in cyber-attack analysis. To address the problem, we propose an integrated computer-aided data collection method for cognitive task analysis (CTA) which has three building blocks: a trace representation of the fine-grained cyber-attack analysis process, a computer tool supporting process tracing and a laboratory experiment for collecting traces of analysts' cognitive processes in conducting a cyber-attack analysis task. This CTA method integrates automatic capture and situated self-reports in a novel way to avoiding distracting analysts from their work and adding much extra work load. With IRB approval, we recruited thirteen full-time professional analysts and seventeen doctoral students specialized in cyber security in our experiment. We mainly employ the qualitative data analysis method to analyze the collected traces and analysts' comments. The results of the preliminary trace analysis turn out highly promising.","PeriodicalId":134331,"journal":{"name":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130205604","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Understanding sanction under variable observability in a secure, collaborative environment 在一个安全、协作的环境中,理解在可变可观察性下的制裁
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security Pub Date : 2015-04-21 DOI: 10.1145/2746194.2746206
Hongying Du, Bennett Narron, Nirav Ajmeri, E. Berglund, J. Doyle, Munindar P. Singh
{"title":"Understanding sanction under variable observability in a secure, collaborative environment","authors":"Hongying Du, Bennett Narron, Nirav Ajmeri, E. Berglund, J. Doyle, Munindar P. Singh","doi":"10.1145/2746194.2746206","DOIUrl":"https://doi.org/10.1145/2746194.2746206","url":null,"abstract":"Norms are a promising basis for governance in secure, collaborative environments---systems in which multiple principals interact. Yet, many aspects of norm-governance remain poorly understood, inhibiting adoption in real-life collaborative systems. This work focuses on the combined effects of sanction and the observability of the sanctioner in a secure, collaborative environment. We present CARLOS, a multiagent simulation of graduate students performing research within a university lab setting, to explore these phenomena. The simulation consists of agents maintaining \"compliance\" to enforced security norms while remaining \"motivated\" as researchers. We hypothesize that (1) delayed observability of the environment would lead to greater motivation of agents to complete research tasks than immediate observability and (2) sanctioning a group for a violation would lead to greater compliance to security norms than sanctioning an individual. We find that only the latter hypothesis is supported. Group sanction is an interesting topic for future research regarding a means for norm-governance which yields significant compliance with enforced security policy at a lower cost. Our ultimate contribution is to apply social simulation as a way to explore environmental properties and policies to evaluate key transitions in outcome, as a basis for guiding further and more demanding empirical research.","PeriodicalId":134331,"journal":{"name":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122708259","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
Optimisation of data collection strategies for model-based evaluation and decision-making: poster 基于模型的评估和决策的数据收集策略的优化:海报
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security Pub Date : 2015-04-21 DOI: 10.1145/2746194.2746224
R. Cain, A. Moorsel
{"title":"Optimisation of data collection strategies for model-based evaluation and decision-making: poster","authors":"R. Cain, A. Moorsel","doi":"10.1145/2746194.2746224","DOIUrl":"https://doi.org/10.1145/2746194.2746224","url":null,"abstract":"Probabilistic and stochastic models are routinely used in performance, dependability and, more recently, security evaluation. Determining appropriate values for model parameters is a long-standing problem in the practical use of such models. With the increasing emphasis on human aspects and business considerations, data collection to estimate parameter values often gets prohibitively expensive, since it may involve questionnaires, costly audits or additional monitoring and processing. This work aims to facilitate the design of optimal data collection strategies for such models, looking especially at application in security decision-making. We discuss related literature and illustrate the main idea behind out approach for optimising data collection for model-based system evaluation.","PeriodicalId":134331,"journal":{"name":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","volume":"299 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131672183","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Building a security practices evaluation framework 构建安全实践评估框架
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security Pub Date : 2015-04-21 DOI: 10.1145/2746194.2746217
P. Morrison
{"title":"Building a security practices evaluation framework","authors":"P. Morrison","doi":"10.1145/2746194.2746217","DOIUrl":"https://doi.org/10.1145/2746194.2746217","url":null,"abstract":"Software development teams need guidance on choosing security practices so they can develop code securely. The academic and practitioner literature on software development security practices is large, and expanding. However, published empirical evidence for security practice use in software development is limited and fragmented, making choosing appropriate practices difficult. Measurement frameworks offer a tool for collecting and comparing software engineering data. The goal of this work is to aid software practitioners in evaluating security practice use in the development process by defining and validating a measurement framework for software development security practice use and outcomes. We define the Security Practices Evaluation Framework (SP-EF), a measurement framework for software development security practices. We plan to evaluate the framework and ontology on historical data and industrial projects.","PeriodicalId":134331,"journal":{"name":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132131850","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Characterizing complexity of highly-configurable systems with variational call graphs: analyzing configuration options interactions complexity in function calls 用变分调用图描述高度可配置系统的复杂性:分析函数调用中的配置选项交互复杂性
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security Pub Date : 2015-04-21 DOI: 10.1145/2746194.2746211
G. Ferreira, Christian Kästner, J. Pfeffer, S. Apel
{"title":"Characterizing complexity of highly-configurable systems with variational call graphs: analyzing configuration options interactions complexity in function calls","authors":"G. Ferreira, Christian Kästner, J. Pfeffer, S. Apel","doi":"10.1145/2746194.2746211","DOIUrl":"https://doi.org/10.1145/2746194.2746211","url":null,"abstract":"Security has consistently been the focus of attention in many highly-configurable software systems. Several vulnerabilities on widely-used systems, such as the Linux kernel and OpenSSL, are reported every day in the National Vulnerability Database (NVD). The configurability of these systems enables the rapid generation of customized products, but also creates security challenges in the development and maintenance processes. For instance, interactions caused by configurations may create serious security threats and make generated products more susceptible to attacks [6], but the causes of these problems may be harder to detect because they occur only in specific configurations.","PeriodicalId":134331,"journal":{"name":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","volume":"112 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132411252","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Towards a science of trust 走向信任的科学
Proceedings of the 2015 Symposium and Bootcamp on the Science of Security Pub Date : 2015-03-10 DOI: 10.1145/2746194.2746197
Dusko Pavlovic
{"title":"Towards a science of trust","authors":"Dusko Pavlovic","doi":"10.1145/2746194.2746197","DOIUrl":"https://doi.org/10.1145/2746194.2746197","url":null,"abstract":"The diverse views of science of security have opened up several alleys towards applying the methods of science to security. We pursue a different kind of connection between science and security. This paper explores the idea that security is not just a suitable subject for science,. but that the process of security is also similar to the process of science. This similarity arises from the fact that both science and security depend on the methods of inductive inference. Because of this dependency, a scientific theory can never be definitely proved, but can only be disproved by new evidence, and improved into a better theory. Because of the same dependency, every security claim and method has a lifetime, and always eventually needs to be improved. In this general framework of security-as-science, we explore the ways to apply the methods of scientific induction in the process of trust. The process of trust building and updating is viewed as hypothesis testing. We propose to formulate the trust hypotheses by the methods of algorithmic learning, and to build more robust trust testing and vetting methodologies on the solid foundations of statistical inference.","PeriodicalId":134331,"journal":{"name":"Proceedings of the 2015 Symposium and Bootcamp on the Science of Security","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-03-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114931672","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信