发布求助
文献互助 智能选刊 最新文献

Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop最新文献

筛选
英文 中文
Incorporating vendor-based training into security courses 将基于供应商的培训纳入安全课程
Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop Pub Date : 2005-06-15 DOI: 10.1109/IAW.2005.1495949
H. Armstrong, I. Murray
{"title":"Incorporating vendor-based training into security courses","authors":"H. Armstrong, I. Murray","doi":"10.1109/IAW.2005.1495949","DOIUrl":"https://doi.org/10.1109/IAW.2005.1495949","url":null,"abstract":"This paper discusses the call for more relevant knowledge and skills by industry and details of the incorporation of the Cisco Fundamentals of Network Security (FNS) into undergraduate degree programs at Curtin University.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121857874","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Multispectral fingerprint biometrics 多光谱指纹生物识别
Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop Pub Date : 2005-06-15 DOI: 10.1109/IAW.2005.1495928
R. K. Rowe, K. A. Nixon, S. P. Corcoran
{"title":"Multispectral fingerprint biometrics","authors":"R. K. Rowe, K. A. Nixon, S. P. Corcoran","doi":"10.1109/IAW.2005.1495928","DOIUrl":"https://doi.org/10.1109/IAW.2005.1495928","url":null,"abstract":"A novel fingerprint sensor is described that combines a multispectral imager (MSI) with a conventional optical fingerprint sensor. The goal of this combination is a fingerprint sensor with improved usability and security relative to standard technology. The conventional sensor that was used in this research is a commercially available system based on total internal reflectance (TIR). It was modified to accommodate an MSI sensor in such a way that both MSI and TIR images are able to be collected when a user places his/her finger on the sensor platen. The MSI data were preprocessed to enhance fingerprint features. Both the preprocessed MSI images and the TIR images were then passed to a commercial fingerprint software package for minutiae detection and matching. A multiperson study was conducted to test the relative performance characteristics of the two types of finger data under typical office conditions. Results demonstrated that the TIR sensor performance was degraded by a large number of poor quality fingerprint images, likely due to a large percentage of samples taken on people with notably dry skin. The corresponding MSI data showed no such degradation and produced significantly better results. A selective combination of both modalities is shown to offer the potential of further performance improvements.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128200661","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 54
Molehunt: near-line semantic activity tracing Molehunt:近行语义活动跟踪
Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop Pub Date : 2005-06-15 DOI: 10.1109/IAW.2005.1495981
S. Wolthusen
{"title":"Molehunt: near-line semantic activity tracing","authors":"S. Wolthusen","doi":"10.1109/IAW.2005.1495981","DOIUrl":"https://doi.org/10.1109/IAW.2005.1495981","url":null,"abstract":"This paper discusses threats posed by low granularity in access to confidential (classified) data typically found at lower protection levels, namely direct access beyond need to know and the correlation of materials yielding more sensitive aggregate data by both insider threats and malware, an area of particular concern for intelligence analysis. It is argued that while active security controls at both the procedural and technical level are currently not pragmatically feasible, near-line semantic monitoring particularly at the file system but also at the network level can provide capabilities to detect anomalous and also directed malicious activity. A mechanism for implementing the tracing and monitoring mechanism on an COTS operating system is described.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126839786","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Net force maneuver - a JTF-GNO construct 净兵力机动,JTF-GNO结构
Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop Pub Date : 2005-06-15 DOI: 10.1109/IAW.2005.1495982
C. Hunt, J. R. Bowes, D. Gardner
{"title":"Net force maneuver - a JTF-GNO construct","authors":"C. Hunt, J. R. Bowes, D. Gardner","doi":"10.1109/IAW.2005.1495982","DOIUrl":"https://doi.org/10.1109/IAW.2005.1495982","url":null,"abstract":"It would seem that few would willingly choose a battle of attrition, but it is a reasonable characterization of our defensive computer network strategy today, with one major caveat. When it comes to our sensitive but unclassified military computer networks, with the exception of an occasional arrest, our adversaries are able to inflict a substantial amount of harassment and a measurable amount of damage at practically no cost to themselves. It's probably only a slight exaggeration to say we are fighting an attrition battle where we are the only ones being attrited. This paper examines ways to leverage our ability to control the battlespace (our networks) to protect our critical information while engaging the enemy on the battleground of our choosing.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129008191","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Security risk metrics: fusing enterprise objectives and vulnerabilities 安全风险度量:融合企业目标和漏洞
Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop Pub Date : 2005-06-15 DOI: 10.1109/IAW.2005.1495978
K. Clark, J. Dawkins, John Hale
{"title":"Security risk metrics: fusing enterprise objectives and vulnerabilities","authors":"K. Clark, J. Dawkins, John Hale","doi":"10.1109/IAW.2005.1495978","DOIUrl":"https://doi.org/10.1109/IAW.2005.1495978","url":null,"abstract":"Automated scanners are unable to generate the information required to properly assess a network's risk. Although scanners may identify high risk exposures, they fail to determine how those exposures affect an organization's objectives. Such an assessment requires an auditor to identify the objectives and their relationship to network hosts. Mission trees allow security auditors to map relationships between an organization's objectives and its assets. Synthesizing this data with a vulnerability scanner lends itself to creating meaningful enterprise security metrics.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130294024","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 15
Theoretical basis for intrusion detection 入侵检测的理论基础
Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop Pub Date : 2005-06-15 DOI: 10.1109/IAW.2005.1495951
Zhuowei Li, A. Das, Jianying Zhou
{"title":"Theoretical basis for intrusion detection","authors":"Zhuowei Li, A. Das, Jianying Zhou","doi":"10.1109/IAW.2005.1495951","DOIUrl":"https://doi.org/10.1109/IAW.2005.1495951","url":null,"abstract":"Intrusion detection has become an indispensable defense line in the information security infrastructure. However, every intrusion detection approach has been limited by their problems: signature-based intrusion detection can identify the known intrusions but cannot detect the novel intrusions, anomaly-based intrusion detection has the potential to detect all intrusions but has the limitation of a higher false alarm rate. For this reason, most existing intrusion detection techniques have not met the requirements for practical deployment. In this paper, the authors proposed a theoretical basis for intrusion detection to argue about their principles and to analyze the existing problems for intrusion detection in a quantified manner. The root causes of these problems are identified as model inaccuracy and model incompleteness as well as the distinguishability lack in the features utilized. In addition, it is also found that static analysis (Wagner, et al., 2001), with a properly selected feature vector, is a promising intrusion detection technique in principle because it can avoid the quality issue of its behavior models.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125248649","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 64
A policy based architecture for NSA RAdAC model NSA RAdAC模型的基于策略的体系结构
Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop Pub Date : 2005-06-15 DOI: 10.1109/IAW.2005.1495966
Rahim Choudhary
{"title":"A policy based architecture for NSA RAdAC model","authors":"Rahim Choudhary","doi":"10.1109/IAW.2005.1495966","DOIUrl":"https://doi.org/10.1109/IAW.2005.1495966","url":null,"abstract":"NSA RAdAC Model is analyzed for policy based implementation. An architecture is derived from this analysis, and its components are described.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126868143","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 21
Real-time identification of anomalous packet payloads for network intrusion detection 实时识别网络入侵检测中的异常数据包载荷
Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop Pub Date : 2005-06-15 DOI: 10.1109/IAW.2005.1495995
N. Nwanze, D. Summerville, V. Skormin
{"title":"Real-time identification of anomalous packet payloads for network intrusion detection","authors":"N. Nwanze, D. Summerville, V. Skormin","doi":"10.1109/IAW.2005.1495995","DOIUrl":"https://doi.org/10.1109/IAW.2005.1495995","url":null,"abstract":"A preliminary evaluation of a real-time packet-level anomaly detection approach for network intrusion detection in high-bandwidth network environments is presented. The approach characterizes network traffic using a novel technique that maps packet-level payloads onto a set of counters using bit-pattern hash functions. Machine learning is accomplished by mapping unlabelled training data onto a set of two-dimensional grids and forming a set of bitmaps that identify anomalous and normal regions. These bitmaps are used as the classifiers for real-time detection. Preliminary results using the DARPA intrusion detection evaluation data sets yield a 100% detection of all applicable attacks, with very low false positive rate. Furthermore, the approach is able to detect nearly all of the individual packets that comprised each attack.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"32 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115986910","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
A comparison of system call feature representations for insider threat detection 内部威胁检测系统调用特征表示的比较
Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop Pub Date : 2005-06-15 DOI: 10.1109/IAW.2005.1495972
Alexander Liu, Cheryl E. Martin, Tom Hetherington, Sara Matzner
{"title":"A comparison of system call feature representations for insider threat detection","authors":"Alexander Liu, Cheryl E. Martin, Tom Hetherington, Sara Matzner","doi":"10.1109/IAW.2005.1495972","DOIUrl":"https://doi.org/10.1109/IAW.2005.1495972","url":null,"abstract":"This paper investigates anomaly detection techniques that have been successful for detecting external threats and applies them to the insider threat problem. The \"insider threat\" involves the actions of a trusted and privileged user who is inappropriately accessing or disseminating sensitive information or otherwise compromising information systems. In contrast, the \"external threat\" involves the actions of an outsider attempting to compromise or gain access to the information systems. Although approaches for automatically detecting external threat instances have been quite successful (i.e., intrusion detection systems), there is very little similar work for the insider threat. In the past, anomaly detection systems have proven useful for detecting external threat. Anomaly detection at the system call level offers a high degree of information assurance in terms of tamper-resistance and system activity coverage. Therefore, we investigate three system-call-based feature representations: n-grams of system call names, histograms of system call names, and individual system calls with associated parameters. We find that none of these representations consistently performs as well when dealing with the internal threat as previous results show for external threat detection. However, parameter-based features for certain system calls do show some sensitivity to detecting the insider threat, and we plan to explore and enhance this sensitivity in future work.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"50 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130935017","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 93
Heavy tails and temporal correlations of processing times in network intrusion detection: characterization and consequences 网络入侵检测中处理时间的重尾和时间相关性:表征和后果
Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop Pub Date : 2005-06-15 DOI: 10.1109/IAW.2005.1495941
Joiio B. D. Cabrera, Wenke Lee, ykumar Gasar, R. Mehra
{"title":"Heavy tails and temporal correlations of processing times in network intrusion detection: characterization and consequences","authors":"Joiio B. D. Cabrera, Wenke Lee, ykumar Gasar, R. Mehra","doi":"10.1109/IAW.2005.1495941","DOIUrl":"https://doi.org/10.1109/IAW.2005.1495941","url":null,"abstract":"This paper examines two aspects of network intrusion detection which have critical relevance for the configuration (understood as allocation of memory and CPU) of intrusion detection systems (IDSs) hosts and for their operational performance: the presence of heavy tails in the service times for the preprocessing stage, and the presence of substantial temporal correlations in the service times for the content matching stage. Concerning heavy tails in preprocessing, our study reveals that snort preprocessing times give rise to a cumulative distribution function which is extremely heavy-tailed. Concerning temporal correlations, our analysis reveals that payload processing times evolve in two time scales: a fast time scale and a slow time scale. The fast, packet-to-packet time scale corresponds to 40-100 contiguous packets (a packet group), within which the content matching times are independent. In the slow, packet group-to-packet group time scale the mean values of the successive packet groups are heavily correlated and can be predicted. The consequences of the two phenomena are examined in the paper.","PeriodicalId":252208,"journal":{"name":"Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2005-06-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126111899","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信