发布求助
文献互助 智能选刊 最新文献

2011 7th International Conference on Information Assurance and Security (IAS)最新文献

筛选
英文 中文
A fast eavesdropping attack against touchscreens 针对触摸屏的快速窃听攻击
2011 7th International Conference on Information Assurance and Security (IAS) Pub Date : 2011-12-01 DOI: 10.1109/ISIAS.2011.6122840
F. Maggi, Simone Gasparini, G. Boracchi
{"title":"A fast eavesdropping attack against touchscreens","authors":"F. Maggi, Simone Gasparini, G. Boracchi","doi":"10.1109/ISIAS.2011.6122840","DOIUrl":"https://doi.org/10.1109/ISIAS.2011.6122840","url":null,"abstract":"The pervasiveness of mobile devices increases the risk of exposing sensitive information on the go. In this paper, we arise this concern by presenting an automatic attack against modern touchscreen keyboards. We demonstrate the attack against the Apple iPhone — 2010's most popular touchscreen device — although it can be adapted to other devices (e.g., Android) that employ similar key-magnifying keyboards. Our attack processes the stream of frames from a video camera (e.g., surveillance or portable camera) and recognizes keystrokes online, in a fraction of the time needed to perform the same task by direct observation or offline analysis of a recorded video, which can be unfeasible for large amount of data. Our attack detects, tracks, and rectifies the target touchscreen, thus following the device or camera's movements and eliminating possible perspective distortions and rotations In real-world settings, our attack can automatically recognize up to 97.07 percent of the keystrokes (91.03 on average), with 1.15 percent of errors (3.16 on average) at a speed ranging from 37 to 51 keystrokes per minute.","PeriodicalId":139268,"journal":{"name":"2011 7th International Conference on Information Assurance and Security (IAS)","volume":"67 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127242195","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 81
Understanding vulnerabilities by refining taxonomy 通过细化分类法来理解漏洞
2011 7th International Conference on Information Assurance and Security (IAS) Pub Date : 2011-12-01 DOI: 10.1109/ISIAS.2011.6122789
Nurul Haszeli Ahmad, S. A. Aljunid, J. Manan
{"title":"Understanding vulnerabilities by refining taxonomy","authors":"Nurul Haszeli Ahmad, S. A. Aljunid, J. Manan","doi":"10.1109/ISIAS.2011.6122789","DOIUrl":"https://doi.org/10.1109/ISIAS.2011.6122789","url":null,"abstract":"Since early 90s, experts have proposed various ways to prevent exploitations and avoid releasing software with vulnerabilities. One way is through educating developers with information on known vulnerabilities using taxonomy of vulnerabilities as a guide. However, the guide using taxonomy of vulnerabilities has not shown to mitigate the issues. One possibility is due to the existence of gaps in producing the right and comprehensive taxonomy for software vulnerabilities. We studied various available taxonomies on software vulnerabilities. In this paper we propose and discuss our own criteria for taxonomy of software vulnerabilities with some improvement with particular emphasis on C programming.","PeriodicalId":139268,"journal":{"name":"2011 7th International Conference on Information Assurance and Security (IAS)","volume":"65 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127772611","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
On the capacity of fingerprinting codes against unknown size of colluders 针对未知大小的共谋者的指纹识别能力
2011 7th International Conference on Information Assurance and Security (IAS) Pub Date : 2011-12-01 DOI: 10.1109/ISIAS.2011.6122825
G. Hosoya, H. Yagi, Manabu Kobayashi, S. Hirasawa
{"title":"On the capacity of fingerprinting codes against unknown size of colluders","authors":"G. Hosoya, H. Yagi, Manabu Kobayashi, S. Hirasawa","doi":"10.1109/ISIAS.2011.6122825","DOIUrl":"https://doi.org/10.1109/ISIAS.2011.6122825","url":null,"abstract":"In this paper, a new attack model in which the number of colluders are distributed according to a certain probability distribution is introduced. Two classes of collusion attacks which include well-known collusion attacks in the context of multimedia fingerprinting are provided. For these two attack classes, achievable rates for the unknown size of the actual colluders are derived. Based on the derived achievable rates, achieve rates for some particular attacks are investigated. For the AND attack, the bound derived in this paper coincides with the previous known bound, although the attack model in this paper does not assume that the decoder knows the actual number of colluders. Moreover, for the averaging attack, it is clarified that derived achievable rate is larger than previously known bound with random linear codes.","PeriodicalId":139268,"journal":{"name":"2011 7th International Conference on Information Assurance and Security (IAS)","volume":"238 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132650671","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Reversible watermarking using Residue Number System 利用剩余数系统进行可逆水印
2011 7th International Conference on Information Assurance and Security (IAS) Pub Date : 2011-12-01 DOI: 10.1109/ISIAS.2011.6122813
Atta-ur-Rahman, M. T. Naseem, I. Qureshi, M. Z. Muzaffar
{"title":"Reversible watermarking using Residue Number System","authors":"Atta-ur-Rahman, M. T. Naseem, I. Qureshi, M. Z. Muzaffar","doi":"10.1109/ISIAS.2011.6122813","DOIUrl":"https://doi.org/10.1109/ISIAS.2011.6122813","url":null,"abstract":"Reversible watermarking is a process in which the watermark is embedded in such a way that when the watermarked image passes through the authentication process, the original image is also recovered exactly along with watermark. Restoring the original image is important for the applications such as medical, military and law-enforcement etc. Reversible fragile watermarking scheme is presented by introducing the Residue Number System (RNS). One redundant bit is added as a watermark to some of the pixels and rest is changed into residues. By adding an extra bit, the watermarked pixel becomes nine bits and the residues became nine bits which makes the medical image secure by confusing the attacker that where the watermark is embedded.","PeriodicalId":139268,"journal":{"name":"2011 7th International Conference on Information Assurance and Security (IAS)","volume":"187 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131716249","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Energy efficient delay leap routing in multicast using feed back neural networks 基于反馈神经网络的组播节能延迟跳跃路由
2011 7th International Conference on Information Assurance and Security (IAS) Pub Date : 2011-12-01 DOI: 10.1109/ISIAS.2011.6122828
Mohammad Uruj Jaleel, Mohammad Asghar Jamil, Kashiful Haq
{"title":"Energy efficient delay leap routing in multicast using feed back neural networks","authors":"Mohammad Uruj Jaleel, Mohammad Asghar Jamil, Kashiful Haq","doi":"10.1109/ISIAS.2011.6122828","DOIUrl":"https://doi.org/10.1109/ISIAS.2011.6122828","url":null,"abstract":"The Hopfield Neural Network is a parallel, distributed information processing structure consisting of many processing elements connected via weighted connections. The objective function was then expressed as quadratic energy function and the associated weights between neurons were computed using the gradient descent of energy function. This paper reports a development of a Hopfield type neural network model to solve minimum cost delay leap multicast routing problem. The multicast tree is obtained by recursively obtaining the delay leap optimized path from source to various destinations and combining them by union operator. The union operator ensures that a link is appearing only once in the multicast tree. The minimum energy function is obtained with minimization of constrained parameter as per a defined annealing schedule, which increases the probability of visiting lower energy states. Finally, the goal of minimization of objective function (minimum cost delay leap route) is achieved by using mean filed approximation with stochastic annealing process of reducing constrained parameter.","PeriodicalId":139268,"journal":{"name":"2011 7th International Conference on Information Assurance and Security (IAS)","volume":"76 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134488617","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Hybrid of rough set theory and Artificial Immune Recognition System as a solution to decrease false alarm rate in intrusion detection system 将粗糙集理论与人工免疫识别系统相结合,降低入侵检测系统的虚警率
2011 7th International Conference on Information Assurance and Security (IAS) Pub Date : 2011-12-01 DOI: 10.1109/ISIAS.2011.6122808
Fatin Norsyafawati Mohd Sabri, N. Norwawi, K. Seman
{"title":"Hybrid of rough set theory and Artificial Immune Recognition System as a solution to decrease false alarm rate in intrusion detection system","authors":"Fatin Norsyafawati Mohd Sabri, N. Norwawi, K. Seman","doi":"10.1109/ISIAS.2011.6122808","DOIUrl":"https://doi.org/10.1109/ISIAS.2011.6122808","url":null,"abstract":"Denial of Service (DoS) attacks is one of the security threats for computer systems and applications. It usually make use of software bugs to crash or freeze a service or network resource or bandwidth limits by making use of a flood attack to saturate all bandwidth. Predicting a potential DOS attacks would be very helpful for an IT departments or managements to optimize the security of intrusion detection system (IDS). Nowadays, false alarm rates and accuracy become the main subject to be addressed in measuring the effectiveness of IDS. Thus, the purpose of this work is to search the classifier that is capable to reduce the false alarm rates and increase the accuracy of the detection system. This study applied Artificial Immune System (AIS) in IDS. However, this study has been improved by using integration of rough set theory (RST) with Artificial Immune Recognition System 1 (AIRS1) algorithm, (Rough-AIRS1) to categorize the DoS samples. RST is expected to be able to reduce the redundant features from huge amount of data that is capable to increase the performance of the classification. Furthermore, AIS is an incremental learning approach that will minimize duplications of cases in a knowledge based. It will be efficient in terms of memory storage and searching for similarities in Intrusion Detection (IDS) attacks patterns. This study use NSL-KDD 20% train dataset to test the classifiers. Then, the performances are compared with single AIRS1 and J48 algorithm. Results from these experiments show that Rough-AIRS1 has lower number of false alarm rate compared to single AIRS but a little bit higher than J48. However, accuracy for this hybrid technique is slightly lower compared to others.","PeriodicalId":139268,"journal":{"name":"2011 7th International Conference on Information Assurance and Security (IAS)","volume":"97 ","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133749917","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Preventing data leakage in service orchestration 防止业务流程数据泄露
2011 7th International Conference on Information Assurance and Security (IAS) Pub Date : 2011-12-01 DOI: 10.1109/ISIAS.2011.6122806
Thomas Demongeot, Eric Totel, Yves Le Traon
{"title":"Preventing data leakage in service orchestration","authors":"Thomas Demongeot, Eric Totel, Yves Le Traon","doi":"10.1109/ISIAS.2011.6122806","DOIUrl":"https://doi.org/10.1109/ISIAS.2011.6122806","url":null,"abstract":"Web Services are currently the base of a lot a e-commerce applications. Nevertheless, clients often use these services without knowing anything about their internals. Moreover, they have no clue about the use of their personal data inside the global applications. In this paper, we offer the opportunity to the user to specify constraints on the use of its personal data. To ensure the privacy of data at runtime, we define a distributed security policy model. This policy is configured at runtime by the user of the BPEL program. This policy is enforced within a BPEL interpreter, and ensures that no information flow can be produced from the user data to unauthorized services. However, the dynamic aspects of web services lead to situations where the policy prohibits the nominal operation of orchestration (e.g., when using a service that is unknown by the user). To solve this problem, we propose to let user to dynamically permit exceptional unauthorized flows. In order to make decision, the user is provided with all information necessary for decision-making. We also present an implementation inside the Orchestra BPEL interpreter. As far as we know this implementation is the first information flow monitor for web services that is also end-user configurable.","PeriodicalId":139268,"journal":{"name":"2011 7th International Conference on Information Assurance and Security (IAS)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133954821","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
A SLA-based interface for security management in cloud and GRID integrations 用于云和GRID集成中的安全管理的基于sla的接口
2011 7th International Conference on Information Assurance and Security (IAS) Pub Date : 2011-12-01 DOI: 10.1109/ISIAS.2011.6122783
M. Rak, L. Liccardo, Rocco Aversa
{"title":"A SLA-based interface for security management in cloud and GRID integrations","authors":"M. Rak, L. Liccardo, Rocco Aversa","doi":"10.1109/ISIAS.2011.6122783","DOIUrl":"https://doi.org/10.1109/ISIAS.2011.6122783","url":null,"abstract":"Cloud Computing is a new computing paradigm. Among the incredible number of challenges in this field two of them are considered of great relevance: SLA management and Security management. The level of trust in such context is very hard to define and is strictly related to the problem of management of SLA in cloud applications and providers. In this paper we will try to show how it is possible, using a cloud-oriented API derived from the mOSAIC project, to build up an SLA-oriented cloud application which enables the management of security features related to user authentication and authorization to an Infrastructure as a Service (IaaS) Cloud Provider. As Cloud Provider we will adopt the perf-Cloud solution, which uses GRID-based solutions for security management and service delivery. So the proposed solution can be used in order to build up easily a SLA-based interface for any GRID system.","PeriodicalId":139268,"journal":{"name":"2011 7th International Conference on Information Assurance and Security (IAS)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133862789","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
A novel intrusion detection framework for Wireless Sensor Networks 一种新的无线传感器网络入侵检测框架
2011 7th International Conference on Information Assurance and Security (IAS) Pub Date : 2011-12-01 DOI: 10.1109/ISIAS.2011.6122778
M. Rassam, M. A. Maarof, A. Zainal
{"title":"A novel intrusion detection framework for Wireless Sensor Networks","authors":"M. Rassam, M. A. Maarof, A. Zainal","doi":"10.1109/ISIAS.2011.6122778","DOIUrl":"https://doi.org/10.1109/ISIAS.2011.6122778","url":null,"abstract":"Wireless Sensor Networks (WSN) security issues are getting more attention by researchers due to deployment circumstances. They are usually deployed in unattended and harsh environments that make them susceptible for many kinds of attacks. Different security mechanisms have been proposed for WSN. Detection-based mechanisms are considered to be the second defense line against attacks when the traditional prevention based mechanisms failed to detect them. Different intrusion detection schemes have been introduced (e.g. rule based, statistical based…etc). Rule-based intrusion detection schemes are considered to be the fast and simple schemes that are suitable for the demand of WSN. However, these schemes are more specific to some kinds of attacks and cannot be generalized. In addition, these schemes cannot detect the unknown attacks that are not included in their rule base. In this paper, we highlight the limitations of the state-of-the-art rule based intrusion detection schemes and then introduce a novel framework based on rule based scheme that is able to overcome these limitations.","PeriodicalId":139268,"journal":{"name":"2011 7th International Conference on Information Assurance and Security (IAS)","volume":"42 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132871599","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Key based bit level genetic cryptographic technique (KBGCT) 基于密钥的位级遗传密码技术(KBGCT)
2011 7th International Conference on Information Assurance and Security (IAS) Pub Date : 2011-12-01 DOI: 10.1109/ISIAS.2011.6122826
S. Som, Niladri Shekhar Chatergee, J. K. Mandal
{"title":"Key based bit level genetic cryptographic technique (KBGCT)","authors":"S. Som, Niladri Shekhar Chatergee, J. K. Mandal","doi":"10.1109/ISIAS.2011.6122826","DOIUrl":"https://doi.org/10.1109/ISIAS.2011.6122826","url":null,"abstract":"This is an encryption and decryption algorithm with the help of genetic functions cryptography. This new algorithm is developed for encryption and decryption process. This algorithm combines the features of Genetic Algorithm in Cryptography. Here we generate random numbers for “Crossover” and “Mutation”. The encryption and decryption algorithms will be made public. The algorithm contains a key, which is known to only sender and receiver. In this technique the input file is broken down into different blocks of various sizes. The main algorithm works in two stages. Bit Level XOR operation followed by Genetic Crossover and Mutation.","PeriodicalId":139268,"journal":{"name":"2011 7th International Conference on Information Assurance and Security (IAS)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133582072","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信