发布求助
文献互助 智能选刊 最新文献

Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.最新文献

筛选
英文 中文
Architecture of the reconnaissance intrusion detection system (RIDS) 侦察入侵检测系统(RIDS)体系结构
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437816
Zheng Zhang, C. Manikopoulos
{"title":"Architecture of the reconnaissance intrusion detection system (RIDS)","authors":"Zheng Zhang, C. Manikopoulos","doi":"10.1109/IAW.2004.1437816","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437816","url":null,"abstract":"This paper describes the architecture and provides early test results of the reconnaissance intrusion detection system (RIDS) prototype. RIDS is a session oriented, statistical tool, that relies on training to mold the parameters of its algorithms, capable of detecting even distributed stealthy reconnaissance attacks. It consists of two main functional modules or stages: the reconnaissance activity profiler (RAP), followed by the reconnaissance alert correlation (RAC), along with a security console. RAP is a session-oriented module capable of detecting stealthy scanning and probing attacks, while RAC is an alert-correlation module that fuses the RAP alerts into attack scenarios and discovers the distributed stealthy attack scenarios, RIDS has been evaluated against two data sets: (a) the DARPA'98 data, and (b) 3 weeks of experimental data generated using the CONEX testbed, running at average Ethernet speeds. RIDS has demonstrably achieved remarkable success; the false positive, false negative and misclassification rates found are low, less than 0.1%, for most reconnaissance attacks; they rise to about 6% for distributed highly stealthy attacks; the latter is a most challenging type of attack, which has been difficult to detect effectively until now. Thus, the RIDS system promises to provide an early warning by detecting the reconnaissance first phase of an impending attack, even if it is very stealthy and distributed.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"90 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116271169","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
A biometric authentication approach for high security ad-hoc networks 一种用于高安全性ad-hoc网络的生物识别认证方法
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437824
Qinghan Xiao
{"title":"A biometric authentication approach for high security ad-hoc networks","authors":"Qinghan Xiao","doi":"10.1109/IAW.2004.1437824","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437824","url":null,"abstract":"With the rapid development of wireless technology, various mobile devices have been developed for military and civilian applications. Defense research and development has shown increasing interest in ad-hoc networks because a military has to be mobile. Peer-to-peer is a good architecture for mobile communication in coalition operations. Since there is no need for a dedicated server, users can dynamically route information through the network to anywhere at any time. However, this architecture brings a new challenge in user authentication, which is normally carried out in an authentication server that is absent in ad-hoc networks. In this paper, a biometric authentication model is presented to enhance information security in ad-hoc networks. Using this model, a peer is authenticated with biometrics when joining an existing group even without the presence of an authentication server.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115879721","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 40
Attack attribution in non-cooperative networks 非合作网络中的攻击归因
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437851
D. Cohen, K. Narayanaswamy
{"title":"Attack attribution in non-cooperative networks","authors":"D. Cohen, K. Narayanaswamy","doi":"10.1109/IAW.2004.1437851","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437851","url":null,"abstract":"This paper reports on preliminary research concepts in attack attribution that have been developed in Cs3's project being conducted for advanced research and development activity (ARDA). The ARDA BAA identified 4 levels of attribution: level 1: attribution to the specific hosts involved in the attack; level 2: attribution to the primary controlling host; level 3: attribution to the actual human actor; level 4: attribution to an organization with the specific intent to attack. Cs3's research specifically focuses on attribution in situations where universal cooperation is not available for the attribution effort. This paper describes research concepts that show promise in resolving the level 1 attribution problem. The name of the project is Systematically Tracking Attackers through Routing Data, Events, and Communication Knowledge (STARDECK).","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"90 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131732517","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Adding the fourth "R" [CERT's model for computer security strategies] 增加第四个“R”[CERT的计算机安全策略模型]
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437854
B. Endicott-Popovsky, D. Frincke
{"title":"Adding the fourth \"R\" [CERT's model for computer security strategies]","authors":"B. Endicott-Popovsky, D. Frincke","doi":"10.1109/IAW.2004.1437854","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437854","url":null,"abstract":"In the emerging discipline of survivability, defined as the \"ability of a system to fulfil its mission, in a timely manner, in the presence of attacks, failures and accidents\", the CERT Coordination Center has implicitly institutionalized the concept of a never-ending, escalating computer security arms race. While previous point solutions - such as PKIs, VPNs and firewalls - focused on blocking attacks, survivability reflects the inevitability of experiencing attacks and the need to recover quickly. CERT's 3 R model - resistance, recognition, and recovery - describes survivability strategies. Increasing intruder accountability by increasing legal consequences will inhibit the escalation of the hacker arms race. This is reflected in CERT's model for computer security strategies by adding a 4th R, redress, to CERT's 3R model.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124322913","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Recursive data mining for masquerade detection and author identification 用于伪装检测和作者识别的递归数据挖掘
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437848
B. Szymanski, Yongqiang Zhang
{"title":"Recursive data mining for masquerade detection and author identification","authors":"B. Szymanski, Yongqiang Zhang","doi":"10.1109/IAW.2004.1437848","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437848","url":null,"abstract":"In this paper, a novel recursive data mining method based on the simple but powerful model of cognition called a conceptor is introduced and applied to computer security. The method recursively mines a string of symbols by finding frequent patterns, encoding them with unique symbols and rewriting the string using this new coding. We apply this technique to two related but important problems in computer security: (i) masquerade detection to prevent a security attack in which an intruder impersonates a legitimate user to gain access to the resources, and (ii) author identification, in which anonymous or disputed computer session needs to be attributed to one of a set of potential authors. Many methods based on automata theory, hidden Markov models, Bayesian models or even matching algorithms from bioinformatics have been proposed to solve the masquerading detection problem but less work has been done on the author identification. We used recursive data mining to characterize the structure and high-level symbols in user signatures and the monitored sessions. We used one-class SVM to measure the similarity of these two characterizations. We applied weighting prediction scheme to author identification. On the SEA dataset that we used in our experiments, the results were very promising.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"106 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124973186","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 82
Measuring IT security - a method based on common criteria's security functional requirements 度量IT安全性——一种基于通用标准的安全功能需求的方法
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 2004-06-10 DOI: 10.1109/IAW.2004.1437821
A. Hunstad, J. Hallberg, R. Andersson
{"title":"Measuring IT security - a method based on common criteria's security functional requirements","authors":"A. Hunstad, J. Hallberg, R. Andersson","doi":"10.1109/IAW.2004.1437821","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437821","url":null,"abstract":"A networked defense, and the networked information society, requires both trustworthy information systems and that users and societies trust these systems. Since the trustworthiness of systems depends on the level of IT security, the ability to assess the IT security ability is vital. Currently, there are no efficient methods for establishing the level of IT security in information systems. The main results described in this paper are: a set of security functions needed in systems, based on the security functional requirements of the Common Criteria (CC, 1999) and a method using the set of security functions to assess the securability of components in distributed information systems. Work in progress focuses on system-wide evaluations.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2004-06-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127879373","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Evolution of Inline Network Encryptors toward the High Assurance Internet Protocol Interoperability Specifications (HAIPIS) 内联网络加密器向高保证互联网协议互操作性规范(HAIPIS)的演进
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 1900-01-01 DOI: 10.1109/IAW.2004.1437813
J.B. Widby, R. Río, D. Fulton, C. Dunn
{"title":"Evolution of Inline Network Encryptors toward the High Assurance Internet Protocol Interoperability Specifications (HAIPIS)","authors":"J.B. Widby, R. Río, D. Fulton, C. Dunn","doi":"10.1109/IAW.2004.1437813","DOIUrl":"https://doi.org/10.1109/IAW.2004.1437813","url":null,"abstract":"The National Security Agency (NSA) has established new High Assurance Internet Protocol Interoperability Specifications (HAIPIS) that requires different vendor's Inline Network Encryption (INE) devices to be interoperable at a higher level of intelligence. The end result will force the standardization of different encryption algorithms produced by different vendors. The US Army Battle Command Battle Laboratory - Gordon (BCBL(G)) has been entrusted with the responsibility of ensuring that new INEs meet HAIPIS as well as function within the Army's doctrinal concepts and deployment strategies. The BCBL(G) is one of the Army's premier facilities for operational assessments and operational experimentation for new INE devices. The BCBL(G) applies a unique blend of engineers, scientists and analysts to demonstrate, validate and verify INE hardware and software functions. The BCBL(G) provides the ability to rapidly evaluate vendor proposed telecommunication technologies that must be immediately leveraged to the Warfighter in order to maintain information security and tactical information superiority. The history of Army INE development is rich with lessons to be learned. The future of Army INE development is full of new challenges. This paper documents some of the lessons learned and outlines new challenges.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133848890","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Honeypot forensics 蜜罐取证
Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004. Pub Date : 1900-01-01 DOI: 10.1109/iaw.2004.1437793
F. Raynal, Y. Berthier, P. Biondi, D. Kaminsky
{"title":"Honeypot forensics","authors":"F. Raynal, Y. Berthier, P. Biondi, D. Kaminsky","doi":"10.1109/iaw.2004.1437793","DOIUrl":"https://doi.org/10.1109/iaw.2004.1437793","url":null,"abstract":"The deployment of low-interaction honeypots used mainly as deception tools has become more and more common these days. Another interesting but more resource and time consuming playground is made available thanks to high interaction honeypots where a blackhat can connect to the system and download, install and execute his own tools in a less constrained environment. Once caught in the honeypot, the blackhat leaves many fingerprints behind: network (information gathering scans, IRC chats, mail, etc) and system activity (what he did on the system, which tools he used, etc). The aim of honeypot forensics is to identify these fingerprints as part of the evidence gathering process. We present a methodology that will help the analyst to achieve this goal. The first step is to analyze the honeypot's ingress and egress network traffic. The second one is to look at the actions performed by the blackhat and the tools he used on the honeypot. The next step is to correlate these data: network and system events are joined to identify common events or patterns, and also to highlight unexplained items and focus on them.","PeriodicalId":141403,"journal":{"name":"Proceedings from the Fifth Annual IEEE SMC Information Assurance Workshop, 2004.","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128564595","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 26
首页 上一页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信