发布求助
文献互助 智能选刊 最新文献

Third IEEE International Workshop on Information Assurance (IWIA'05)最新文献

筛选
英文 中文
A methodology for designing countermeasures against current and future code injection attacks 设计对抗当前和未来代码注入攻击的对策的方法
Third IEEE International Workshop on Information Assurance (IWIA'05) Pub Date : 2005-03-23 DOI: 10.1109/IWIA.2005.2
Yves Younan, W. Joosen, F. Piessens
{"title":"A methodology for designing countermeasures against current and future code injection attacks","authors":"Yves Younan, W. Joosen, F. Piessens","doi":"10.1109/IWIA.2005.2","DOIUrl":"https://doi.org/10.1109/IWIA.2005.2","url":null,"abstract":"This paper proposes a methodology to develop countermeasures against code injection attacks, and validates the methodology by working out a specific countermeasure. This methodology is based on modeling the execution environment of a program. Such a model is then used to build countermeasures. The paper justifies the need for a more structured approach to protect programs against code injection attacks: we examine advanced techniques for injecting code into C and C++ programs and we discuss state-of-the-art (often ad hoc) approaches that typically protect singular memory locations. We validate our methodology by building countermeasures that prevent attacks by protecting a broad variety of memory locations that may be used by attackers to perform code injections. The paper evaluates our approach and discusses ongoing and future work.","PeriodicalId":247477,"journal":{"name":"Third IEEE International Workshop on Information Assurance (IWIA'05)","volume":"7 4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123613380","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
Meta IDS environments: an event message anomaly detection approach 元IDS环境:一种事件消息异常检测方法
Third IEEE International Workshop on Information Assurance (IWIA'05) Pub Date : 2005-03-23 DOI: 10.1109/IWIA.2005.13
J. Tölle, M. Jahnke, Michael Bussmann, Sven Henkel
{"title":"Meta IDS environments: an event message anomaly detection approach","authors":"J. Tölle, M. Jahnke, Michael Bussmann, Sven Henkel","doi":"10.1109/IWIA.2005.13","DOIUrl":"https://doi.org/10.1109/IWIA.2005.13","url":null,"abstract":"This paper presents an anomaly detection approach for application in Meta IDS environments, where locally generated event messages from several domains are centrally processed. The basic approach has been successfully used for detection of abnormal traffic structures in computer networks. It creates directed graphs from address specifications contained within event messages and generates clusterings of the graphs. Large differences between subsequent clusterings indicate anomalies. This anomaly detection approach is part of an intrusion warning system (IWS) for dynamic coalition environments. It is designed to indicate suspicious actions and tendencies and to provide decision support on how to react on anomalies. Real-world data, mixed with data from a simulated Internet worm, is used to analyze the system. The results prove the applicability of our approach.","PeriodicalId":247477,"journal":{"name":"Third IEEE International Workshop on Information Assurance (IWIA'05)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114622263","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Stellar: a fusion system for scenario construction and security risk assessment 恒星:场景构建与安全风险评估的融合系统
Third IEEE International Workshop on Information Assurance (IWIA'05) Pub Date : 2005-03-23 DOI: 10.1109/IWIA.2005.16
Stephen W. Boyer, Oliver Dain, R. Cunningham
{"title":"Stellar: a fusion system for scenario construction and security risk assessment","authors":"Stephen W. Boyer, Oliver Dain, R. Cunningham","doi":"10.1109/IWIA.2005.16","DOIUrl":"https://doi.org/10.1109/IWIA.2005.16","url":null,"abstract":"Stellar is a real-time system which aggregates and correlates alerts from heterogeneous network defense systems, building scenarios and estimating the security risk of the entire scenario. Prior work considered Stellar scenario formation; in this paper we explore the advantages provided by using scenario context to assess the risk of actions occurring on a network. We describe the design and an evaluation of Stellar and its Security Assessment Declarative Language (SADL), a fast, stateful, simple-to-use language for assessing the priority of scenarios, on a high traffic network under constant attack. The evaluation of the Stellar system deployed on a large, operational enterprise network demonstrated its ability to scale to high alert volumes while accurately forming and prioritizing scenarios. Stellar not only produced high priority scenarios matching all incidents reported by human analysts, but also discovered additional scenarios of concern that had initially gone unnoticed. Furthermore, by following the simple formalism embedded in example SADL rules, system administrators quickly develop a correct understanding of the network they are protecting.","PeriodicalId":247477,"journal":{"name":"Third IEEE International Workshop on Information Assurance (IWIA'05)","volume":"660 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129431332","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
An alert fusion framework for situation awareness of coordinated multistage attacks 协同多阶段攻击态势感知的预警融合框架
Third IEEE International Workshop on Information Assurance (IWIA'05) Pub Date : 2005-03-23 DOI: 10.1109/IWIA.2005.3
S. Mathew, Chintan Shah, S. Upadhyaya
{"title":"An alert fusion framework for situation awareness of coordinated multistage attacks","authors":"S. Mathew, Chintan Shah, S. Upadhyaya","doi":"10.1109/IWIA.2005.3","DOIUrl":"https://doi.org/10.1109/IWIA.2005.3","url":null,"abstract":"Recent incidents in the cyber world strongly suggest that coordinated multistage cyber attacks are quite feasible and that effective countermeasures need to be developed. Attack detection by correlation and fusion of intrusion alerts has been an active area of current research. However, most of these research efforts focus on ex post facto analysis of alert data to uncover related attacks. In this paper, we present an approach for dynamically calculating 'scenario credibilities' based on the state of a live intrusion alert stream. We also develop a framework for attack scenario representation that facilitates real-time fusion of intrusion alerts and calculation of the scenario credibility values. Our approach provides a usable mechanism for detecting, predicting and reasoning about multistage goal-oriented attacks in real time. The details of the fusion framework and a description of multistage attack detection using this framework are presented in this paper.","PeriodicalId":247477,"journal":{"name":"Third IEEE International Workshop on Information Assurance (IWIA'05)","volume":"37 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126985937","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 34
Enforcing messaging security policies 执行消息传递安全策略
Third IEEE International Workshop on Information Assurance (IWIA'05) Pub Date : 2005-03-23 DOI: 10.1109/IWIA.2005.7
Jaromir Likavec, S. Wolthusen
{"title":"Enforcing messaging security policies","authors":"Jaromir Likavec, S. Wolthusen","doi":"10.1109/IWIA.2005.7","DOIUrl":"https://doi.org/10.1109/IWIA.2005.7","url":null,"abstract":"A system for enforcing messaging security policies for both store and forward and streaming messaging protocols on COTS operating system platforms is described. Messaging protocols are subjected to interception, transformation, and filtering based on dynamically configurable security policies. Transformations include the automatic policy-based application of cryptographic confidentiality, integrity, and authenticity mechanisms and filtering primarily based on Bayesian analysis. The system provides a low cost, fine granularity compartmentalization mechanism for secure environments as well as for sensitive but unclassified environments using COTS operating systems and application programs without affecting user or application behavior in which the mediation of access to key material and messaging provides protection against malware and insider attacks.","PeriodicalId":247477,"journal":{"name":"Third IEEE International Workshop on Information Assurance (IWIA'05)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124958737","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Attack-potential-based survivability modeling for high-consequence systems 高结果系统的基于攻击潜力的生存能力建模
Third IEEE International Workshop on Information Assurance (IWIA'05) Pub Date : 2005-03-23 DOI: 10.1109/IWIA.2005.4
John McDermott
{"title":"Attack-potential-based survivability modeling for high-consequence systems","authors":"John McDermott","doi":"10.1109/IWIA.2005.4","DOIUrl":"https://doi.org/10.1109/IWIA.2005.4","url":null,"abstract":"Previous quantitative models of security or survivability have been defined on a range of probable intruder behavior. This measures survivability as a statistic such as mean time to breach. This kind of purely stochastic quantification is not suitable for high-consequence systems. For high-consequence systems the quantified survivability should be based on the most competent intruders the system is likely to face. We show how to accomplish this with a contingency analysis based on variations in intruder attack-potential. The quantitative results are then organized and presented according to intruder attack potential. Examples of the technique are presented using stochastic process algebra. An interesting result for diverse replication is included in the examples.","PeriodicalId":247477,"journal":{"name":"Third IEEE International Workshop on Information Assurance (IWIA'05)","volume":"52 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115824315","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 38
A general cooperative intrusion detection architecture for MANETs 一种面向manet的通用协同入侵检测体系结构
Third IEEE International Workshop on Information Assurance (IWIA'05) Pub Date : 2005-03-23 DOI: 10.1109/IWIA.2005.1
D. Sterne, P. Balasubramanyam, D. Carman, B. Wilson, R. Talpade, C. Ko, R. Balupari, Chin-Yang Tseng, T. Bowen, K. Levitt, J. Rowe
{"title":"A general cooperative intrusion detection architecture for MANETs","authors":"D. Sterne, P. Balasubramanyam, D. Carman, B. Wilson, R. Talpade, C. Ko, R. Balupari, Chin-Yang Tseng, T. Bowen, K. Levitt, J. Rowe","doi":"10.1109/IWIA.2005.1","DOIUrl":"https://doi.org/10.1109/IWIA.2005.1","url":null,"abstract":"Intrusion detection in MANETs is challenging because these networks change their topologies dynamically; lack concentration points where aggregated traffic can be analyzed; utilize infrastructure protocols that are susceptible to manipulation; and rely on noisy, intermittent wireless communications. We present a cooperative, distributed intrusion detection architecture that addresses these challenges while facilitating accurate detection of MANET-specific and conventional attacks. The architecture is organized as a dynamic hierarchy in which detection data is acquired at the leaves and is incrementally aggregated, reduced, and analyzed as it flows upward toward the root. Security management directives flow downward from nodes at the top. To maintain communications efficiency, the hierarchy is automatically reconfigured as needed using clustering techniques in which clusterheads are selected based on topology and other criteria. The utility of the architecture is illustrated via multiple attack scenarios.","PeriodicalId":247477,"journal":{"name":"Third IEEE International Workshop on Information Assurance (IWIA'05)","volume":"36 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125082905","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 200
Evaluation of worm containment algorithms and their effect on legitimate traffic 蠕虫遏制算法的评估及其对合法流量的影响
Third IEEE International Workshop on Information Assurance (IWIA'05) Pub Date : 2005-03-23 DOI: 10.1109/IWIA.2005.8
M. Abdelhafez, G. Riley
{"title":"Evaluation of worm containment algorithms and their effect on legitimate traffic","authors":"M. Abdelhafez, G. Riley","doi":"10.1109/IWIA.2005.8","DOIUrl":"https://doi.org/10.1109/IWIA.2005.8","url":null,"abstract":"Internet worm attacks have become increasingly more frequent and have had a major impact on the economy, making the detection and prevention of these attacks a top security concern. Several counter-measures have been proposed and evaluated in recent literature. However, the effect of these proposed defensive mechanisms on legitimate competing traffic has not been analyzed. Clearly a defensive approach that slows down or stops worm propagation at the expense of completely restricting any legitimate traffic is of little value. Here we perform a comparative analysis of the effectiveness of several of these proposed mechanisms, including a measure of their effect on normal Web browsing activities. In addition, we introduce a new defensive approach that can easily be implemented on existing hosts, and which significantly reduces the rate of spread of worms using TCP connections to perform the infiltration. Our approach has no measurable effect on legitimate traffic.","PeriodicalId":247477,"journal":{"name":"Third IEEE International Workshop on Information Assurance (IWIA'05)","volume":"55 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115924244","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
SAWAN: a survivable architecture for wireless LANs SAWAN:无线局域网的可生存架构
Third IEEE International Workshop on Information Assurance (IWIA'05) Pub Date : 2005-03-23 DOI: 10.1109/IWIA.2005.15
M. Virendra, S. Upadhyaya, Vivek Kumar, V. Anand
{"title":"SAWAN: a survivable architecture for wireless LANs","authors":"M. Virendra, S. Upadhyaya, Vivek Kumar, V. Anand","doi":"10.1109/IWIA.2005.15","DOIUrl":"https://doi.org/10.1109/IWIA.2005.15","url":null,"abstract":"This paper describes survivability schemes against access point (AP) failures in wireless LANs. It particularly aims for resiliency and survivability against multistage attacks where the adversary is successful in compromising the AP, and then targets the survived but more vulnerable network. This is true in real life where the adversary knows that survivability is a design consideration built into the network. It then performs a multistage targeted attack that is aimed at compromising the survived network that may have vulnerabilities. We first present a unique infrastructure for an ad-hoc migration scheme (IAMS) where the nodes under a failed AP form an ad-hoc network and reconnect to the network using available neighboring APs. We then present a scheme for isolating and removing any malicious nodes from the ad-hoc network routes in a transparent manner once the malicious nodes have been identified. This will minimize the chances of further attacks in the survived network, and the removal is done in a distributed fashion without the nodes exchanging any information between them. We report the results of our simulations performed using the network simulation tool GloMoSim.","PeriodicalId":247477,"journal":{"name":"Third IEEE International Workshop on Information Assurance (IWIA'05)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128504611","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
Malware defense using network security authentication 基于网络安全认证的恶意软件防御
Third IEEE International Workshop on Information Assurance (IWIA'05) Pub Date : 2005-03-23 DOI: 10.1109/IWIA.2005.11
Joseph V. Antrosio, E. Fulp
{"title":"Malware defense using network security authentication","authors":"Joseph V. Antrosio, E. Fulp","doi":"10.1109/IWIA.2005.11","DOIUrl":"https://doi.org/10.1109/IWIA.2005.11","url":null,"abstract":"Malware defenses have primarily relied upon intrusion fingerprints to detect suspicious network behavior. While effective for discovering computers that are already compromised, these systems are not designed to stop the spread or damage of malware. Standard gateway firewalls can prevent outside-based attacks; however, they are ineffective in a mobile network where threats originate from inside and administrators have limited control over client machines. This paper introduces a new strategy for malware defense using security authentication which focuses on vulnerabilities rather than exploits. The proposed system uses a remote security scanner to check for vulnerabilities and quarantines machines using logical network segmentation. This maximizes the usefulness of the machine in question while preventing attacks. Furthermore given the unique ability to quarantine machines without any specialized host software, the proposed system can defend against internal malware threats in a mobile network. Positive results have been achieved utilizing a proof-of-concept model and standard networking tools.","PeriodicalId":247477,"journal":{"name":"Third IEEE International Workshop on Information Assurance (IWIA'05)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-03-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129358478","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信