发布求助
文献互助 智能选刊 最新文献

2016 4th International Symposium on Digital Forensic and Security (ISDFS)最新文献

筛选
英文 中文
A design review: Concepts for mitigating SQL injection attacks 设计回顾:减轻SQL注入攻击的概念
2016 4th International Symposium on Digital Forensic and Security (ISDFS) Pub Date : 2016-04-25 DOI: 10.1109/ISDFS.2016.7473537
Ed Pearson, Cindy L. Bethel
{"title":"A design review: Concepts for mitigating SQL injection attacks","authors":"Ed Pearson, Cindy L. Bethel","doi":"10.1109/ISDFS.2016.7473537","DOIUrl":"https://doi.org/10.1109/ISDFS.2016.7473537","url":null,"abstract":"Recently, it is not unusual to notice media coverage of some major breach in some large organization's cyber security. A large number of said breaches are due to vulnerabilities in their software or system. Once an in-depth analysis of these vulnerabilities was performed, it came to light that a large number of these vulnerabilities were the result of development issues. To be more specific, either the developers or the design process was the cause of the vulnerabilities. A particular vulnerability initiated by developers or a subpar design process is injection attacks. In particular SQL injection attacks (SQLIA) have been the culprit of most organizational cyber security breaches. This form of attack could have a detrimental impact on a business or organization. These impacts could range from monetary loss, exposure of confidential business information, exposure of customer data, a decrease in company stock value, or some combination of these four. SQL injection attacks are relatively common in interactive web applications. Not only are SQL injection attacks common they are easily detectable and are reasonably simple to mitigate. There is a plethora of literature on defending against SQL injection attacks once a system or software is functional. The goal of this work is to address the issue of SQL injection attacks starting in the design process. The contribution of this paper is a proposed design review methodology that allows designers to examine the user interface (UI) and user experience (UX) in the design phase to expose any attack surfaces that allow for an injection attack to occur. In particular, the method proposed in this work combines human computer interaction concepts along with cyber security principles and software security techniques to design a user interface that is not subject to SQL injection attacks. Because injection attacks occur from malicious user input, this method concentrates on the design of the interface to eliminate all entry points that allow for injection attacks.","PeriodicalId":136977,"journal":{"name":"2016 4th International Symposium on Digital Forensic and Security (ISDFS)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116228155","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
The role of digital forensics in combating cybercrimes 数字取证在打击网络犯罪中的作用
2016 4th International Symposium on Digital Forensic and Security (ISDFS) Pub Date : 2016-04-25 DOI: 10.1109/ISDFS.2016.7473532
Malek Harbawi, A. Varol
{"title":"The role of digital forensics in combating cybercrimes","authors":"Malek Harbawi, A. Varol","doi":"10.1109/ISDFS.2016.7473532","DOIUrl":"https://doi.org/10.1109/ISDFS.2016.7473532","url":null,"abstract":"The recent development in Information Communication Technology (ICT) has made changes in every aspect in our life. These changes are clearly reflected in cyberspace-related areas. The positive influence of cyberspace on knowledge, trade and business, and communication is undoubtable. However, there is a dark side of cyberspace deteriorates its peaceful usage that is cybercrimes. Cybercrimes are defined as any illegal activities practiced by or done via cyberspace and its electronic environment. Unlike \"traditional\" crimes, cybercrimes present a real dilemma due to the fact that criminals' identity may be hidden or fraud in virtual domain. The concept of digital forensics have come to the existence in an attempt of formulating possible ways for cybercrimes investigation and analysis process. In this paper, we deplore the concept of digital forensics in the context of cybercrimes. An investigation of the positive impact of digital forensics in combating cybercrimes is discussed and useful remarks on open research issues are provided for further investigation activities.","PeriodicalId":136977,"journal":{"name":"2016 4th International Symposium on Digital Forensic and Security (ISDFS)","volume":"60 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123818851","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
A review on mobile threats and machine learning based detection approaches 移动威胁和基于机器学习的检测方法综述
2016 4th International Symposium on Digital Forensic and Security (ISDFS) Pub Date : 2016-04-25 DOI: 10.1109/ISDFS.2016.7473509
Bilgehan Arslan, S. Gunduz, Ş. Sağiroğlu
{"title":"A review on mobile threats and machine learning based detection approaches","authors":"Bilgehan Arslan, S. Gunduz, Ş. Sağiroğlu","doi":"10.1109/ISDFS.2016.7473509","DOIUrl":"https://doi.org/10.1109/ISDFS.2016.7473509","url":null,"abstract":"The research of mobile threats detection using machine learning algorithms have got much attention in recent years due to increase of attacks. In this paper, mobile vulnerabilities were examined based on attack types. In order to prevent or detect these attacks machine learning methods used were analyzed and papers published in between 2009 and 2014 have been evaluated. Most important mobile vulnerabilities implementation format for these threats, detection methods and prevention approaches with the help of machine learning algorithms are presented. The obtained results are compared from their achievements were summarized. The results have shown that selecting and using datasets play an important role on the success of the system. Additionally, supervised learning techniques produce better results while compared with unsupervised ones in intrusion detection.","PeriodicalId":136977,"journal":{"name":"2016 4th International Symposium on Digital Forensic and Security (ISDFS)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130414719","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Multibiometrics approach on biometric passport pictures by using fingerprint minutiae points 基于指纹特征点的护照生物识别图像多生物识别方法
2016 4th International Symposium on Digital Forensic and Security (ISDFS) Pub Date : 2016-04-25 DOI: 10.1109/ISDFS.2016.7473524
Sercan Aygün, M. Akçay
{"title":"Multibiometrics approach on biometric passport pictures by using fingerprint minutiae points","authors":"Sercan Aygün, M. Akçay","doi":"10.1109/ISDFS.2016.7473524","DOIUrl":"https://doi.org/10.1109/ISDFS.2016.7473524","url":null,"abstract":"Biometrics has its own popularity in recent years especially in engineering field. Biometrics related researches have been increasingly handled by scientists to achieve more secure and high performed systems. In low level or higher level designs, there are two basic criterion initially to be considered: area and speed. Hardware designs like in smart cards require less complex circuits in the sense of area. In this study, there will be system related biometric research and implementations by only considering the high level designs. Module based high level design is implemented which includes feature extraction and decision modules. In the first, biometric feature extraction together with relatively new techniques is handled. Fingerprint identification and face recognition are the first part interests by using new operators to reduce the operation complexity. In the second module, the decision of the authentication will be handled by using multi biometrics. Fingerprint and face are popular biometrics. In the feature extraction phase, new method to obtain features is used both for the finger and for the face. New image processing operator, Relational Bit Operator (RBO) is for the face biometry. Besides, Angle Invariant Fingerprint Features Matching Technique (AIFM) is for fingerprint matching. This paper presents the introduction to biometric systems together with literature review. After the design issues are presented, the test results related to biometric authentication metric is added in the final draw of the paper.","PeriodicalId":136977,"journal":{"name":"2016 4th International Symposium on Digital Forensic and Security (ISDFS)","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123321433","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Toward a new tool to extract the evidence from a memory card of mobile phones 开发一种新的工具从手机的存储卡中提取证据
2016 4th International Symposium on Digital Forensic and Security (ISDFS) Pub Date : 2016-04-25 DOI: 10.1109/ISDFS.2016.7473533
R. Witteman, A. Meijer, Mohand Tahar Kechadi, Nhien-An Le-Khac
{"title":"Toward a new tool to extract the evidence from a memory card of mobile phones","authors":"R. Witteman, A. Meijer, Mohand Tahar Kechadi, Nhien-An Le-Khac","doi":"10.1109/ISDFS.2016.7473533","DOIUrl":"https://doi.org/10.1109/ISDFS.2016.7473533","url":null,"abstract":"Today, a mobile phone is not just a \"phone\" but it is a computer that you can also use for calling someone. Besides, in criminal investigations the importance of evidence from the mobile phone is increasing as more and more phones are seized at the Digital Forensic Department of the police. Indeed, the amount of memory cards of these mobile phones that need to be investigated separately is also increasing. Possible reasons are that the mobile phone investigation software does not support the specific mobile phone or the specific, for that investigation, artefacts. Sometimes the software investigates just the internal memory of the mobile phone and not the data which is written on the memory card. Fact is also that although the mobile phone was investigated by the dedicated software, the possibility that the associated memory card contains additional important information is evident. The current procedure to get all of the usable information from a memory card of a mobile phone is very time-consuming process and not user friendly. In this paper, we present a new single tool to simplify the investigation of a memory card from a mobile phone. We also test our tool with WhatsApp application installed on the memory card from different mobile phones.","PeriodicalId":136977,"journal":{"name":"2016 4th International Symposium on Digital Forensic and Security (ISDFS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131270059","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Client-initiated HTTP covert channels using relays 使用中继的客户端发起的HTTP隐蔽通道
2016 4th International Symposium on Digital Forensic and Security (ISDFS) Pub Date : 2016-04-25 DOI: 10.1109/ISDFS.2016.7473513
Gregory Daneault, Daryl Johnson
{"title":"Client-initiated HTTP covert channels using relays","authors":"Gregory Daneault, Daryl Johnson","doi":"10.1109/ISDFS.2016.7473513","DOIUrl":"https://doi.org/10.1109/ISDFS.2016.7473513","url":null,"abstract":"This paper proposes a new covert channel utilizing open web relays. While the channel described is very straightforward, the addition of a trusted relay dramatically increases the anonymity and efficacy of this channel. Indirect, relayed communications disguise the actual endpoints of the communication making analysis, detection, and prevention more difficult.","PeriodicalId":136977,"journal":{"name":"2016 4th International Symposium on Digital Forensic and Security (ISDFS)","volume":"194 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126746555","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Detecting unprotected SIP-based voice over IP traffic 检测未受保护的基于sip的IP语音流量
2016 4th International Symposium on Digital Forensic and Security (ISDFS) Pub Date : 2016-04-25 DOI: 10.1109/ISDFS.2016.7473515
Leonardo Carvajal, Lei Chen, C. Varol, D. Rawat
{"title":"Detecting unprotected SIP-based voice over IP traffic","authors":"Leonardo Carvajal, Lei Chen, C. Varol, D. Rawat","doi":"10.1109/ISDFS.2016.7473515","DOIUrl":"https://doi.org/10.1109/ISDFS.2016.7473515","url":null,"abstract":"The use of Voice over IP (VoIP) applications has dramatically increased in recent years. Large, medium, and small organizations, as well as individuals, are reducing the cost of their phone calls using their data infrastructure or a broadband Internet service to transmit phone calls over IP networks. Like data networks, VoIP networks are also vulnerable to security threats such as Denial-of-Service (DoS) attacks, interception of private communications, registration hijacking, spam, and message tampering. Security mechanisms, such as encryption and authentication, may be used to reduce the potential impact of some of these security threats. However, in reality, VoIP providers may not supply adequate security, or otherwise they are adopting and implementing these countermeasures at very slow rates without informing users whether their phone calls are protected. Given the fact that the interception of private communications is one of the most commonly seen attacks in VoIP, we present a solution to detect unprotected SIP-based VoIP packets. Upon positive detection, alerts may be sent to users informing them about the unprotected VoIP calls, thus potentially preventing identity theft and improving security awareness. Our testing results show that our solution provides accurate detection with zero false detection rate of unprotected SIP-based VoIP traffic.","PeriodicalId":136977,"journal":{"name":"2016 4th International Symposium on Digital Forensic and Security (ISDFS)","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116956872","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Mobil cihaz kullanıcı davranışlarının modellenmesi için yeni bir yaklaşım
2016 4th International Symposium on Digital Forensic and Security (ISDFS) Pub Date : 2016-04-25 DOI: 10.1109/ISDFS.2016.7473539
Duygu Sinanc Terzi, Şeref Sağıroğlu
{"title":"Mobil cihaz kullanıcı davranışlarının modellenmesi için yeni bir yaklaşım","authors":"Duygu Sinanc Terzi, Şeref Sağıroğlu","doi":"10.1109/ISDFS.2016.7473539","DOIUrl":"https://doi.org/10.1109/ISDFS.2016.7473539","url":null,"abstract":"The widespread use of mobile devices and the development of their sensors and applications cause the increase of mobile data for researches and academic studies. These studies are aimed to examine; the effects of technological development to human life, the prediction of mobile phone users' real life behavior, performing advanced mobile experience, detecting unusual behavior, and proposal of new models or innovations. In this paper, the studies to determine the user behavior have been examined and a model has been proposed to identify mobile user habits for a better understanding of individual or community. In addition, the importance of data anonymization or sanitization has been emphasized to prevent breaches of privacy during the implementation of model and data enrichment process. In order to determine the applicability of the model, it is tested in a telecommunication company, and the process is caused to changes the company's infrastructure.","PeriodicalId":136977,"journal":{"name":"2016 4th International Symposium on Digital Forensic and Security (ISDFS)","volume":"24 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116705593","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Integrating ethics and risk management 整合道德和风险管理
2016 4th International Symposium on Digital Forensic and Security (ISDFS) Pub Date : 2016-04-25 DOI: 10.1109/ISDFS.2016.7473522
S. Lincke
{"title":"Integrating ethics and risk management","authors":"S. Lincke","doi":"10.1109/ISDFS.2016.7473522","DOIUrl":"https://doi.org/10.1109/ISDFS.2016.7473522","url":null,"abstract":"Traditional business and risk analysis is designed to protect the organization, and thus is self-focused. Ethics is concerned with appropriate behavior towards the `other'. Is risk management ethical if it protects itself (the organization) but may leave its customers, neighbors, society and/or our environment in distress? This paper evaluates ethical and risk management papers from business, engineering and IT against a proposed ethical maturity model for the risk management process, defined towards an ideal. It also proposes an enhanced quantitative risk analysis method to implement a higher ethical level, by considering the `other'.","PeriodicalId":136977,"journal":{"name":"2016 4th International Symposium on Digital Forensic and Security (ISDFS)","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128124273","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
A reputation based trust center model for cyber security 基于声誉的网络安全信任中心模型
2016 4th International Symposium on Digital Forensic and Security (ISDFS) Pub Date : 2016-04-25 DOI: 10.1109/ISDFS.2016.7473508
H. Kilinç, Ugur Cagal
{"title":"A reputation based trust center model for cyber security","authors":"H. Kilinç, Ugur Cagal","doi":"10.1109/ISDFS.2016.7473508","DOIUrl":"https://doi.org/10.1109/ISDFS.2016.7473508","url":null,"abstract":"One of the most effective defense mechanisms against threats is to establish threat intelligence platform and early warning systems and to understand the adversary's behavior, capability, and intent. Threat intelligence and early warning systems require collaboration among legitimate participants which have cyber security solutions and trustworthy cyber security services. The cyber security service is a part of information driven cyber security management and is a result of information shared from cyber security solutions such as NGFW, VoIP and web firewalls. It provides timely and accurate information about known malicious sources such as an application, a web address, an IP address or a file. This study proposes a reputation based trust center model as a threat intelligence platform for legitimate participants and also it offers cloud-based cyber security services to report malicious or deficient data resources. Proposed model has a deterrent structure that uses simple mathematical methods.","PeriodicalId":136977,"journal":{"name":"2016 4th International Symposium on Digital Forensic and Security (ISDFS)","volume":"57 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2016-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121051264","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信