发布求助
文献互助 智能选刊 最新文献

2015 World Congress on Internet Security (WorldCIS)最新文献

筛选
英文 中文
Attendance system based on the Internet of Things for supporting blended learning 基于物联网的考勤系统,支持混合式学习
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-01 DOI: 10.1109/WorldCIS.2015.7359418
S. Alotaibi
{"title":"Attendance system based on the Internet of Things for supporting blended learning","authors":"S. Alotaibi","doi":"10.1109/WorldCIS.2015.7359418","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359418","url":null,"abstract":"A number of learning systems have been developed in recent years to provide secure attendance systems for blended learning; however, most have not been very successful. Furthermore, alongside increasing the level of awareness of the need to deploy interoperable physical and virtual learning services for each university that supports the idea of blended learning, there exists an immediate need for the establishment of clear standards and guidelines for the successful integration of all physical and virtual attendance systems that relate to blended learning services. The importance and motivation for designing a new attendance system based on the Internet of Things that supports blended learning at Taif University in Saudi Arabia is discussed in this paper with respect to three perspectives: security, which includes identity; the Internet of Things, comprising physical and virtual objects; and blended learning, containing Blackboard system. Not many systems abide guidelines for all of these perspectives; thus, the proposed system aims to change this and provide its users with attendance and the ability to access their physical and virtual learning services in a secure and usable way.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121688162","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
AODV route maintenance using HoneyPots in MANETs 基于蜜罐的多网AODV路由维护
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-01 DOI: 10.1109/WorldCIS.2015.7359424
T. Keerthi, P. Venkataram
{"title":"AODV route maintenance using HoneyPots in MANETs","authors":"T. Keerthi, P. Venkataram","doi":"10.1109/WorldCIS.2015.7359424","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359424","url":null,"abstract":"The absence of centralized network management in MANET places the responsibility of route establishment and route maintenance on the nodes in the network. This is the basis of designing widely used routing protocols (example AODV). However, a node with malicious intentions can launch an attack on the network and disrupt its operations. Hence there is an utmost necessity of a mechanism to identify the attack and protect the system from the attackers. In this paper we present a method on providing security in MANET during route maintenance phase using Attacker Detection System (ADS) with the help of Honeypot (HP) and Attack History Database (AHD). The HP interacts with the attackers in order to know their motives and respond accordingly. The use of AHD helps HP in quick attack/attacker identification and crafting replies to attacker. We have simulated MANET with ADS and implemented it in sizes varying from 20 to 200 nodes in NS2. The results presented in paper conform to our claim on the efficiency of ADS in protecting MANET. Also the edge achieved in handling the attacker with the use of HoneyPots and Attack History Database is seen in results.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123786541","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
A view on ISO/IEC 27001 compliant identity lifecycles for IT service providers IT服务提供商符合ISO/IEC 27001标准的身份生命周期的观点
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-01 DOI: 10.1109/WorldCIS.2015.7359420
S. Kurowski, Richard Litwing, Gero Lückemeyer
{"title":"A view on ISO/IEC 27001 compliant identity lifecycles for IT service providers","authors":"S. Kurowski, Richard Litwing, Gero Lückemeyer","doi":"10.1109/WorldCIS.2015.7359420","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359420","url":null,"abstract":"This work aims at providing guidance on the challenges of complex identity lifecycle management in organizations, especially in customer oriented IT service providers. By providing a view on necessary requirements and potential processes which may contribute to enforcing identity lifecycle management., even in a multi-organization setting, we reduce the complexity of identity lifecycle management. We build upon the identity lifecycle and refine the areas of provisioning, de-provisioning and auditing by using the mechanisms depicted in the ISO/IEC 27002. By including previous less refined contributions on information security management in IT service management along with the current version of the IT Infrastructure Library (ITIL) v3 update 2011, we provide guidance on the required tasks and the contribution of IT service management to identity lifecycle management. Additionally, we find missing aspects which require additional implementation efforts for organizations which have adopted IT service management. These missing mechanisms are mainly identified in the lifecycle phases of usage and de-provisioning of an identity.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121181770","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
SQLi penetration testing of financial Web applications: Investigation of Bangladesh region 金融Web应用程序的SQLi渗透测试:孟加拉国地区调查
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-01 DOI: 10.1109/WorldCIS.2015.7359432
Tanjila Farah, Delwar Alam, M. Kabir, T. Bhuiyan
{"title":"SQLi penetration testing of financial Web applications: Investigation of Bangladesh region","authors":"Tanjila Farah, Delwar Alam, M. Kabir, T. Bhuiyan","doi":"10.1109/WorldCIS.2015.7359432","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359432","url":null,"abstract":"Business critical web applications are the most popular services provided to the client by the financial sector. These applications are bringing handsome revenue for the financial industry every year. These services are also a frequent target of attackers. Poor coding practice leads applications to vulnerability that are exploited by attackers. Information and privileges such as access to databases, admin authorization, and access to data could be retrieved through exploitation. Services provided through web applications make the exploitation easier as these could be accessed from anywhere around the world. Web based financial services are comparatively new concept in Bangladesh. Thus the security aspects of these applications are less explored. This paper represents an analysis of few basic security issues of the financial web applications of Bangladesh. It focuses on structured query language injection (SQLi) vulnerability. It presents a manual black box penetration testing approach to test the financial web applications. Same steps are used for testing all the web applications in the dataset. A vulnerability analysis of the findings collected during the penetration testing is also presented in the paper.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"22 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129719135","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Random walk with jumps: A new query search method based on analysing Gnutella protocol 带跳跃的随机漫步:一种基于Gnutella协议分析的查询搜索新方法
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-01 DOI: 10.1109/WorldCIS.2015.7359427
Kholoud Althobaiti, S. Alotaibi, H. Alqahtani
{"title":"Random walk with jumps: A new query search method based on analysing Gnutella protocol","authors":"Kholoud Althobaiti, S. Alotaibi, H. Alqahtani","doi":"10.1109/WorldCIS.2015.7359427","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359427","url":null,"abstract":"The measurement of a search algorithm for unstructured P2P network centres on the number of nodes not receiving their requested files (number of failures) and the number of hops per query. Most current search algorithms are unable to guarantee the success of the query. This study involves a comparison of the strengths and weaknesses of three algorithms of Gnutella P2P protocol, namely Flood, Random Walk, and Random Walk with Neighbours Table. Based on this comparison, a new query search method-referred to as Random Walk with Jumps-is proposed. The experiment proves that the proposed algorithm can obtain a better result with a small number of failures and a minimum number of hops.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127046235","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
The SNAP principle for mitigating privileged account breaches: How secondary non-admin privileged accounts can reduce breach impact 用于减轻特权帐户泄露的SNAP原则:次要非管理特权帐户如何减少泄露影响
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-01 DOI: 10.1109/WorldCIS.2015.7359408
Samuel Moses, D. Rowe
{"title":"The SNAP principle for mitigating privileged account breaches: How secondary non-admin privileged accounts can reduce breach impact","authors":"Samuel Moses, D. Rowe","doi":"10.1109/WorldCIS.2015.7359408","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359408","url":null,"abstract":"In this paper, we discuss how using Secondary Non-Admin Privileged (SNAP) accounts can mitigate a variety of attacks targeting privileged accounts. We present our methodology for implementing this approach and discuss how this can prevent a variety of attack-types. We note that other studies have shown that over 92 % of critical vulnerabilities require administrative access and present multiple case-studies that demonstrate the effectiveness of this solution. We also propose procedural, technical and educational processes that will increase the effectiveness of this approach.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124258114","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Exploring mental models underlying PIN management strategies 探索PIN管理策略的心理模型
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-01 DOI: 10.1109/WorldCIS.2015.7359406
K. Renaud, M. Volkamer
{"title":"Exploring mental models underlying PIN management strategies","authors":"K. Renaud, M. Volkamer","doi":"10.1109/WorldCIS.2015.7359406","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359406","url":null,"abstract":"PINs have been around for half a century and many insecure PIN-related practices are used. We attempted to mitigate by developing two new PIN memorial assistance mechanisms that we tested in an online study. We were not able to show an improvement in memorability, mostly because people did not use the memorial aids. We realised that a greater insight into PIN Management mental models was needed, in order the better to formulate mitigation approaches. We proceeded to study PIN-related mental models, and we present our findings in this paper. The insights we gained convinced us that security researchers should not presume that people want, or need, our advice or help in any security context; they might well prefer to continue with their usual trusted practices. Yet advice should indeed still be offered, for those who do want it, and we make some suggestions about what this advice should look like in the PIN context.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"88 5","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132773081","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Deep learning for credit card data analysis 信用卡数据分析的深度学习
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-01 DOI: 10.1109/WorldCIS.2015.7359417
A. Niimi
{"title":"Deep learning for credit card data analysis","authors":"A. Niimi","doi":"10.1109/WorldCIS.2015.7359417","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359417","url":null,"abstract":"In this paper, two major applications are introduced to develop advanced deep learning methods for credit-card data analysis. The proposed methods are validated using benchmark experiments with other machine learnings. The experiments confirm that deep learning exhibits similar accuracy to the Gaussian kernel SVM.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"157 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115398615","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Taming the Ipv6 address space with hyhoneydv6 使用hyhoneydv6管理Ipv6地址空间
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-01 DOI: 10.1109/WorldCIS.2015.7359425
S. Schindler, Bettina Schnor, T. Scheffler
{"title":"Taming the Ipv6 address space with hyhoneydv6","authors":"S. Schindler, Bettina Schnor, T. Scheffler","doi":"10.1109/WorldCIS.2015.7359425","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359425","url":null,"abstract":"This paper presents a new hybrid honeypot architecture which focuses on the coverage of large IPv6 address spaces. Results from a 15-months darknet experiment verify that attackers and researchers utilise various approaches to scan wide and unforeseeable IPv6 address ranges which cannot be managed with current honeypot solutions. The huge IPv6 address space not only makes it hard for attackers to find target hosts, it also makes it difficult for a honeypot to get found by an attacker. We solve this challenge through the use of dynamically configured high-interaction honeypots that can cover large chunks of the IPv6 address space. A new proxy mechanism is used to transparently handover and forward traffic from low-to high-interaction honeypots on demand to provide the best possible service granularity. Measurements with our prototype implementation show that the proposed approach performs well on off-the-shelf hardware and has low maintenance costs.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115490860","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Anomaly detection method using network pattern analysis of process 异常检测方法采用网络模式分析过程
2015 World Congress on Internet Security (WorldCIS) Pub Date : 2015-10-01 DOI: 10.1109/WorldCIS.2015.7359435
Minho Han, Ikkyun Kim
{"title":"Anomaly detection method using network pattern analysis of process","authors":"Minho Han, Ikkyun Kim","doi":"10.1109/WorldCIS.2015.7359435","DOIUrl":"https://doi.org/10.1109/WorldCIS.2015.7359435","url":null,"abstract":"The only solution against zero day attack is the anomaly based detection independent of specific signatures. The basic mechanism in the anomaly detection approach is establishing a profile to describe the “normal” situation of a network or machine. If this profile was accurate enough, all attacks should be detected because they are “abnormal” to the profile. Until now, there has no effective method to construct such a perfect profile. Also, the biggest problem is the dilemma between detection rate and false positive. Therefore, in this paper, we present a new solution to reduce false positive by network pattern analysis of process.","PeriodicalId":234497,"journal":{"name":"2015 World Congress on Internet Security (WorldCIS)","volume":"56 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117074847","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信