发布求助
文献互助 智能选刊 最新文献

Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.最新文献

筛选
英文 中文
A game theoretic approach to modeling intrusion detection in mobile ad hoc networks 移动自组织网络中入侵检测建模的博弈论方法
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437828
A. Patcha, J.-M. Park
{"title":"A game theoretic approach to modeling intrusion detection in mobile ad hoc networks","authors":"A. Patcha, J.-M. Park","doi":"10.1109/IAW.2004.1437828","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437828","url":null,"abstract":"Nodes in a mobile ad hoc network need to come up with counter measures against malicious activity. This is more true for the ad hoc environment where there is a total lack of centralized or third party authentication and security architectures. This paper presents a game-theoretic method to analyze intrusion detection in mobile ad hoc networks. We use game theory to model the interactions between the nodes of an ad hoc network. We view the interaction between an attacker and an individual node as a two player noncooperative game, and construct models for such a game.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126140547","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 102
The Manuka project 麦卢卡项目
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437833
B. Endicott-Popovsky, D. Dittrich, A. Phillips, D. Frincke, J. Chavez, W. J. Gibbons, D. Nguyen, C. Seifert, A. Shephard, C. Abate, S. Loveland
{"title":"The Manuka project","authors":"B. Endicott-Popovsky, D. Dittrich, A. Phillips, D. Frincke, J. Chavez, W. J. Gibbons, D. Nguyen, C. Seifert, A. Shephard, C. Abate, S. Loveland","doi":"10.1109/IAW.2004.1437833","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437833","url":null,"abstract":"During 2003-2004, the University of Washington (UW) and Seattle University (SU) collaborated to build a system for cataloging compromised system images under the auspices of the Pacific Northwest Honeynet (PNW-honeynet) which is a Honeynet Project Research Alliance member group. The idea grew from the Honeynet Project's 'Forensic Challenge', a project designed to raise awareness, teach and inform those tasked with responding to threats of malicious network intrusion. Since teaching from evidence of actual incidents is far more powerful than the traditional approach of using contrived workbook exercises, the Manuka project called for the creation of a database that would store compromised system images for use in incident response and computer forensic courses. This is a case study of that development process, identifying the unique challenges overcome in completing Manuka by June, 2004. As an open source product that will be made available to the research and teaching community, it is hoped that through this paper interest will be stimulated to provide these researchers further ideas for use and enhancement.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"09 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115021576","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Anomaly intrusion detection using one class SVM 一类支持向量机的异常入侵检测
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437839
Yanxin Wang, Johnny Wong, A. Miner
{"title":"Anomaly intrusion detection using one class SVM","authors":"Yanxin Wang, Johnny Wong, A. Miner","doi":"10.1109/IAW.2004.1437839","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437839","url":null,"abstract":"Kernel methods are widely used in statistical learning for many fields, such as protein classification and image processing. We recently extend kernel methods to intrusion detection domain by introducing a new family of kernels suitable for intrusion detection. These kernels, combined with an unsupervised learning method - one-class support vector machine, are used for anomaly detection. Our experiments show that the new anomaly detection methods are able to achieve better accuracy rates than the conventional anomaly detectors.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115255146","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 148
Honeyfiles: deceptive files for intrusion detection Honeyfiles:用于入侵检测的欺骗文件
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437806
Jim Yuill, M. Zappe, D. Denning, F. Feer
{"title":"Honeyfiles: deceptive files for intrusion detection","authors":"Jim Yuill, M. Zappe, D. Denning, F. Feer","doi":"10.1109/IAW.2004.1437806","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437806","url":null,"abstract":"This paper introduces an intrusion-detection device named honeyfiles. Honeyfiles are bait files intended for hackers to access. The files reside on a file server, and the server sends an alarm when a honey file is accessed. For example, a honeyfile named \"passwords.txt\" would be enticing to most hackers. The file server's end-users create honeyfiles, and the end-users receive the honeyfile's alarms. Honeyfiles can increase a network's internal security without adversely affecting normal operations. The honeyfile system was tested by deploying it on a honeynet, where hackers' use of honeyfiles was observed. The use of honeynets to test a computer security device is also discussed. This form of testing is a useful way of finding the faulty and overlooked assumptions made by the device's developers.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"271 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116248789","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 146
Advancing assurance for secure distributed communications 推进安全分布式通信保障
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437832
G. Bella, Stefano Bistarelli
{"title":"Advancing assurance for secure distributed communications","authors":"G. Bella, Stefano Bistarelli","doi":"10.1109/IAW.2004.1437832","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437832","url":null,"abstract":"Securing distributed communications from malicious tampering is of capital importance. There exist a number of techniques addressing this issue but, to the best of our knowledge, an account for what information assurance means in this context is currently unavailable. A notion is advanced in this paper reducing information assurance for secure distributed communications to a threefold requirement for the protocols securing the communications. The protocols ought to be analysed accurately, realistically and formally. General considerations and specific examples are presented to enlighten the intuitive meaning of these terms exhaustively. This contribution aims at drawing attention to an important niche in computer security.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"41 5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128482182","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Misleading attackers with deception 用欺骗误导攻击者
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437794
F. Cohen, D. Koike
{"title":"Misleading attackers with deception","authors":"F. Cohen, D. Koike","doi":"10.1109/IAW.2004.1437794","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437794","url":null,"abstract":"This paper describes experimental results on the efficacy of deception as a defense against network attacks.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"126 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128053309","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
The application of a low pass filter in anomaly network intrusion detection 低通滤波器在异常网络入侵检测中的应用
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437826
Jun Li, C. Manikopoulos
{"title":"The application of a low pass filter in anomaly network intrusion detection","authors":"Jun Li, C. Manikopoulos","doi":"10.1109/IAW.2004.1437826","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437826","url":null,"abstract":"A common method of identifying attacks with anomaly network intrusion detection system (NIDS) is to detect significant deviations in network traffic compared to normal conditions. Such changes may include unexpected high traffic volume, caused by, for example, a denial of service (DoS) attack. However, recent research on traffic engineering has demonstrated that modern data network traffic exhibits high burstiness at a wide range of observation window sizes, i.e., self-similarity (V. Paxon et al., 1995, W.E. Leland et al., 1994), The self-similar traffic may challenge the traditional anomaly NIDS by making it unable to distinguish attacks from traffic bursts. In this paper, we investigate the employment of low pass filters in the anomaly NIDS to smooth the burstiness in network traffic measurements and thus reduce the false alarms. We studied the use of the MWA filter and the Savitzky-Golay filter. By analyzing the resulting network traffic measurements, we found out that the MWA filter significantly changed, while the Savitzky-Golay filter only moderately altered, the statistical properties of the network traffic measurements. To investigate the effectiveness of a low pass filter on anomaly NIDS, we applied the low pass filter to our anomaly NIDS, namely, the MIB anomaly intrusion detection (MAID) system. By employing these filters in MAID, we observed that the Savitzky-Golay filter outperforms the MWA filter. The results of the performance evaluation process also demonstrated that the low pass filter can significantly enhance the detection capacity of MAID, by reducing its false alarm rate.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130759165","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Anomalous packet identification for network intrusion detection 网络入侵检测中的异常报文识别
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437798
D. Summerville, N. Nwanze, V. Skormin
{"title":"Anomalous packet identification for network intrusion detection","authors":"D. Summerville, N. Nwanze, V. Skormin","doi":"10.1109/IAW.2004.1437798","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437798","url":null,"abstract":"A packet-level anomaly detection system for network intrusion detection in high-bandwidth network environments is described. The approach is intended for hardware implementation and could be included in the network interface, switch or firewall. Efficient implementation in software on a network host is also possible. Network traffic is characterized using a novel technique that maps packet-level payloads onto a set of counters using bit-pattern hash functions, which were chosen for their implementation efficiency in both hardware and software. Machine learning is accomplished by mapping unlabelled training data onto a set of two-dimensional grids and forming a set of bitmaps that identify anomalous and normal regions. These bitmaps are used as the classifiers for real-time detection. The proposed method is extremely efficient in both the offline machine learning and real-time detection components and has the potential to provide accurate detection performance due to the ability of the bitmaps to capture nearly arbitrary shaped regions in the feature space. Results of a preliminary study are presented that demonstrate the effectiveness of the technique.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128272367","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Investigation of pushback based detection and prevention of network bandwidth attacks 基于推回的网络带宽攻击检测与预防研究
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437847
Ningning Wu, Jing Zhang
{"title":"Investigation of pushback based detection and prevention of network bandwidth attacks","authors":"Ningning Wu, Jing Zhang","doi":"10.1109/IAW.2004.1437847","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437847","url":null,"abstract":"Pushback approach has been applied for the detection and prevention against DDoS attacks by identifying the destination IP addresses in the dropped packets when congestion happens. The identified destination IP addresses are used to guide the subsequent packet dropping at both local router and upstream routers so that the total bandwidth can be controlled within a desired range. This paper investigates an application of pushback approach for the detection and prevention of more general network bandwidth attacks based on the profiles of destination port distribution instead of destination IP addresses. The new approach can be used to detect and prevent against the attacks like Internet worms. The investigation applies the long trace dataset of NLANR - CESCA-I and an Internet Worm Propagation simulator to simulate the generation of profiles and the detection of the Internet CodeRed worm. The dataset statistics and simulation results demonstrate the effectiveness of the new approach in the detection and prevention of Internet worms.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129675876","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Secure communications in ad hoc networks 自组织网络中的安全通信
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437822
M. Burmester, T. Van Le
{"title":"Secure communications in ad hoc networks","authors":"M. Burmester, T. Van Le","doi":"10.1109/IAW.2004.1437822","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437822","url":null,"abstract":"Ad hoc networks are collections of mobile nodes with links that are made or broken in an arbitrary way. They have no fixed infrastructure and may have constrained resources. The next generation of IT applications is expected to rely heavily on such networks. However, before they can be successfully deployed several major security threats must be addressed. These threats are due mainly to the ad hoc nature of these networks. Consequently it may be much harder (or even impossible) to establish a secure communication channel that can tolerate malicious faults. In this paper we first propose a general model for ad hoc networks based on Bayesian inferences that satisfies the basic mobility requirements of such networks and formally define our requirements for secure communication. We then propose a secure communication protocol that trace malicious faults.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132140211","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信