发布求助
文献互助 智能选刊 最新文献

Proceedings of the 8th International Conference on Security of Information and Networks最新文献

筛选
英文 中文
A honeypot-driven cyber incident monitor: lessons learned and steps ahead 蜜罐驱动的网络事件监视器:经验教训和前进的步伐
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2799999
Emmanouil Vasilomanolakis, Shankar Karuppayah, Panayotis Kikiras, M. Mühlhäuser
{"title":"A honeypot-driven cyber incident monitor: lessons learned and steps ahead","authors":"Emmanouil Vasilomanolakis, Shankar Karuppayah, Panayotis Kikiras, M. Mühlhäuser","doi":"10.1145/2799979.2799999","DOIUrl":"https://doi.org/10.1145/2799979.2799999","url":null,"abstract":"In recent years, the amount and the sophistication of cyber attacks has increased significantly. This creates a plethora of challenges from a security perspective. First, for the efficient monitoring of a network, the generated alerts need to be presented and summarized in a meaningful manner. Second, additional analytics are required to identify sophisticated and correlated attacks. In particular, the detection of correlated attacks requires collaboration between different monitoring points. Cyber incident monitors are platforms utilized for supporting the tasks of network administrators and provide an initial step towards coping with the aforementioned challenges. In this paper, we present our cyber incident monitor TraCINg. TraCINg obtains alert data from honeypot sensors distributed across all over the world. The main contribution of this paper is a thoughtful discussion of the lessons learned, both from a design rational perspective as well as from the analysis of data gathered during a five month deployment period. Furthermore, we show that even with a relatively small number of deployed sensors, it is possible to detect correlated attacks that target multiple sensors.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129627568","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
Secure voice communication system with hardware encryption of data on hands-free headset 安全的语音通信系统与硬件加密的数据在免提耳机
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2800030
A. Boruchinkin
{"title":"Secure voice communication system with hardware encryption of data on hands-free headset","authors":"A. Boruchinkin","doi":"10.1145/2799979.2800030","DOIUrl":"https://doi.org/10.1145/2799979.2800030","url":null,"abstract":"This paper deals with the prototype for secure voice communication with hardware encryption of data. The main elements are hands-free headset, on which microcontroller with in-flow symmetrical algorithm of block encryption is supported as well as switching server, mobile application and encrypting center.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125997418","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Developing a penetration test methodology in ensuring router security and testing it in a virtual laboratory 开发一种确保路由器安全的渗透测试方法,并在虚拟实验室进行测试
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2799989
E. Küçüksille, Mehmet Ali Yalçinkaya, Samet Ganal
{"title":"Developing a penetration test methodology in ensuring router security and testing it in a virtual laboratory","authors":"E. Küçüksille, Mehmet Ali Yalçinkaya, Samet Ganal","doi":"10.1145/2799979.2799989","DOIUrl":"https://doi.org/10.1145/2799979.2799989","url":null,"abstract":"In today's world of informatics, penetration tests becoming one of the most important factors in ensuring corporate information security. Penetration test methodologies provided to this day for ensuring information security have mostly concentrated on network components such as servers and firewalls. The fact that there has not been sufficient focus on router security in the penetration tests that have been conducted leads to major problems in ensuring corporate information security. This study presents a router penetration test methodology consisting of three steps to ensure full range router security. The effectiveness of the methodology presented was analyzed in a virtual penetration test laboratory, for which the design is provided in this study. Following the test trials, it was observed that the presented test methodology enables the common security vulnerabilities occurring on routers to be controlled in order.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122237392","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
A graph-based data mining approach to preventing financial fraud: a case study 防止财务欺诈的基于图的数据挖掘方法:案例研究
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2800002
M. Knyazeva, Alexander Tselykh, A. Tselykh, E. Popkova
{"title":"A graph-based data mining approach to preventing financial fraud: a case study","authors":"M. Knyazeva, Alexander Tselykh, A. Tselykh, E. Popkova","doi":"10.1145/2799979.2800002","DOIUrl":"https://doi.org/10.1145/2799979.2800002","url":null,"abstract":"In this paper, we present a graph-based approach to a data mining problem of exploring and revealing domain groups of users prone to committing financial fraud. Data mining in financial applications refers to extracting and organizing knowledge from large amount of legal and financial data according to certain criteria. In order to solve this problem, information about the companies should be well-defined and arranged according to a data mining process model. Here, we introduced a graph-based model to formalize large amounts of data as well as a methodology of graph centers of interest to solve classification and prediction data mining tasks that are vital to handle fraud detection. A graph-based model consists of a set of real objects, such as shareholders, vendors, and directors, with some object attributes and relations between the objects. IBM i2 software is used to visualize data and graph model representation.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127023687","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
An analytical processing approach to supporting cyber security compliance assessment 支持网络安全合规性评估的分析处理方法
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2800007
F. Buccafurri, Lidia Fotia, A. Furfaro, A. Garro, Matteo Giacalone, A. Tundis
{"title":"An analytical processing approach to supporting cyber security compliance assessment","authors":"F. Buccafurri, Lidia Fotia, A. Furfaro, A. Garro, Matteo Giacalone, A. Tundis","doi":"10.1145/2799979.2800007","DOIUrl":"https://doi.org/10.1145/2799979.2800007","url":null,"abstract":"Compliance analysis is an important step for the security management process of systems. It aims at both increasing service quality and reducing service vulnerabilities by exploiting security mechanisms able to improve the fulfillment of requirements whose failure may cause direct and indirect costs, related to the existence of missed normative provisions, risk of loss of certifications, and increased probability and impact of security incidents. Due to the increasing in system complexity there are hundreds of requirements that must be observed simultaneously and satisfied. As a consequence, the need for innovative approaches centered on effective solutions able to support the evaluation and the validation of requirements and constraints over the time is today greater than ever. In this context, the paper proposes a method for supporting the compliance assessment of services, in respect of norms and regulations, exploitable both in design phase or during the operation of existing services supported by (semi-)automatic tools. The effectiveness of the method is then tested through a case study taken from the experience of the Computer Emergency Response Team (CERT) of Poste Italiane, concerning the compliance assessment of an Electronic Payment Service by credit card.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131051002","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Absolute key variation technique of automatic variable key in cryptography 密码学中自动可变密钥的绝对密钥变换技术
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2800021
R. Goswami, Subhasish Banerjee, M. P. Dutta, C. Bhunia
{"title":"Absolute key variation technique of automatic variable key in cryptography","authors":"R. Goswami, Subhasish Banerjee, M. P. Dutta, C. Bhunia","doi":"10.1145/2799979.2800021","DOIUrl":"https://doi.org/10.1145/2799979.2800021","url":null,"abstract":"Rapid development of computer networks laid a trend to share the information worldwide. However, one of the important criterions is to provide the confidentiality to the shared data over the insecure communication channel. Due to the growth of computer technology; assuring the security of such shared information becomes challenging and complicated task among the researchers. In this consequence, the dynamic key approach is most desirable as compared to static key. In this respect, the AVK is one of the best techniques to achieve the perfect security as per the literature. In this paper, we have proposed a dynamic mechanism of AVK to enhance the security by increasing the randomness among the successive keys.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131912349","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
Two formal problems of network security and a theory of boolean-valued flow networks 网络安全的两个形式化问题和布尔值流网络理论
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2800040
E. Shcherba
{"title":"Two formal problems of network security and a theory of boolean-valued flow networks","authors":"E. Shcherba","doi":"10.1145/2799979.2800040","DOIUrl":"https://doi.org/10.1145/2799979.2800040","url":null,"abstract":"There are many problems of network security. Formalization of these problems can be the key to solving some of them. This paper focuses on two specific network security problems. We propose an approach based on Boolean-valued networks to solve these and possibly other network problems. Two models to solve the addressed problems are offered. A definition of a maximum flow in Boolean-valued networks and algorithms to find this flow were proposed. Two examples to demonstrate the described problems, models and algorithms are also presented in the paper.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131761375","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
DDoS/EDoS attack in cloud: affecting everyone out there! 云中的DDoS/EDoS攻击:影响每个人!
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2800005
G. Somani, M. Gaur, D. Sanghi
{"title":"DDoS/EDoS attack in cloud: affecting everyone out there!","authors":"G. Somani, M. Gaur, D. Sanghi","doi":"10.1145/2799979.2800005","DOIUrl":"https://doi.org/10.1145/2799979.2800005","url":null,"abstract":"DDoS attacks have become fatal attacks in recent times. There are large number of incidents which have been reported recently and caused heavy downtime and economic losses. Evolution of utility computing models like cloud computing and its adoption across enterprises is visible due to many promising features. Effects of DDoS attacks in cloud are no more similar to what they were in traditional fixed or on premise infrastructure. In addition to effects on the service, economic or sustainability effects are significant in the form of Economic Denial of Sustainability (EDoS) attacks. We argue that in a multi-tenant public cloud, multiple stakeholders are involved other than the victim server. Some of these important stakeholders are co-hosted virtual servers, physical server(s), network and, cloud service providers. We have shown through system analysis, experiments and simulations that these stakeholders are indeed affected though they are not the actual targets. Effects to other stakeholders include performance interference, web service performance, resource race, indirect EDoS, downtime and, business losses. Cloud scale simulations have revealed that overall energy consumption and no. of VM migrations are adversely affected due to DDoS/EDoS attacks. Losses to these stakeholders should be properly accounted and there is a need to devise methods to isolate these components well.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115900336","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 31
Steganographic methods of communications in distributed computing networks 分布式计算网络中通信的隐写方法
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2800024
A. S. Konoplev, A. Busygin
{"title":"Steganographic methods of communications in distributed computing networks","authors":"A. S. Konoplev, A. Busygin","doi":"10.1145/2799979.2800024","DOIUrl":"https://doi.org/10.1145/2799979.2800024","url":null,"abstract":"This paper reviews the problem of a secure data transfer in distributed computing networks. It analysis the most popular covert channels (the steganographic methods of communications) and introduces their classification. The article also presents a class of the most effective steganographic methods, describes its formal model and performs a security analysis based on the proposed model.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125017307","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 2
Profile-based students assignment to core financial intelligence unit departments 基于档案的学生分配到核心金融情报单位部门
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2800018
D. Chukova, A. Pakhomov
{"title":"Profile-based students assignment to core financial intelligence unit departments","authors":"D. Chukova, A. Pakhomov","doi":"10.1145/2799979.2800018","DOIUrl":"https://doi.org/10.1145/2799979.2800018","url":null,"abstract":"Different sectors of the economy have recently witnessed increased focus on innovative technologies in evaluating human capacity of an enterprise. The Principal Component Analysis exemplifies modern knowledge-based techniques used to assess quality of specialist training. The current challenge facing by the higher education institutions of the Russian Federation is preparing qualified and competitive in the global labor market personnel, through multi-disciplinary education. This paper addresses the issue of occupational guidance at the Institute of Financial and Economic Security of the NRNU MEPhI with regard to relevant divisions of the Federal Financial Monitoring Service, by means of mathematical models. The object of the research is the system of specialist training in the area of financial monitoring. The research subject comprises methods, algorithms identifying contribution of educational disciplines to profile-based preparation of students in the sphere of financial monitoring. The goal of this study is to improve the quality of education in the field of financial monitoring by developing methods and algorithms that determine theoretical and practical contribution of subjects to specialist training.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":null,"pages":null},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125542169","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信