发布求助
文献互助 智能选刊 最新文献

Proceedings of the 8th International Conference on Security of Information and Networks最新文献

筛选
英文 中文
Ontology-based big data approach to automated penetration testing of large-scale heterogeneous systems 基于本体的大规模异构系统自动化渗透测试方法
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2799995
T. Stepanova, A. Pechenkin, D. Lavrova
{"title":"Ontology-based big data approach to automated penetration testing of large-scale heterogeneous systems","authors":"T. Stepanova, A. Pechenkin, D. Lavrova","doi":"10.1145/2799979.2799995","DOIUrl":"https://doi.org/10.1145/2799979.2799995","url":null,"abstract":"Global corporations and government organizations are nowadays represented in cyberspace in the form of numerous large-scale heterogeneous information systems, which implement corresponding business, technological and other types of processes. This extends the set of security analysis tasks, stated for these infrastructures, and tangles already existing tasks. This paper addresses the challenge of increasing penetration testing automation level through the adoption of semi-automatic knowledge extraction from the huge amounts of heterogeneous regularly updated data. The proposed solution is based on the novel penetration testing ontology, which gives a holistic view on the results of security analysis. Designed ontology is evaluated within the penetration testing framework prototype and binds together the conceptual (process) abstraction level, addressed by security experts, and technical abstraction level, employed in modern security analysis tools and methods.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"139 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124391270","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
Developing a system for text-messages protection 开发短信保护系统
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2800041
Mikhaylov Dmitry, Starikovskiy Andrey, Lebedev Grigoriy, R. Dmitry, E. Alexey, Uleykin Eugeniy, Boruchinkin Alexander, Tolstaya Anastasia
{"title":"Developing a system for text-messages protection","authors":"Mikhaylov Dmitry, Starikovskiy Andrey, Lebedev Grigoriy, R. Dmitry, E. Alexey, Uleykin Eugeniy, Boruchinkin Alexander, Tolstaya Anastasia","doi":"10.1145/2799979.2800041","DOIUrl":"https://doi.org/10.1145/2799979.2800041","url":null,"abstract":"This article addresses the issue of SMS-messages protection from unauthorized access and malicious software. The intruder model's structure and main security threats are presented. The authors tell about the requirements for protective systems of this kind, examine the main threats to the security of information and describe the system development tools such as protecting messages using the RSA algorithm, using ELGamal algorithm and using an algorithm based on elliptic curves. The performance results and effectiveness of the proposed ideas are provided. The implementation can be performed directly on mobile subscribers in the form of a software product, or as additional functional software of a virtual operator.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125517465","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Building data in motion DLP system from scratch using opensource software and confirming its effectiveness within "capture the flag" competitions 使用开源软件从零开始构建动态数据DLP系统,并在“夺旗”比赛中确认其有效性
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2800044
A. Garkusha
{"title":"Building data in motion DLP system from scratch using opensource software and confirming its effectiveness within \"capture the flag\" competitions","authors":"A. Garkusha","doi":"10.1145/2799979.2800044","DOIUrl":"https://doi.org/10.1145/2799979.2800044","url":null,"abstract":"In this paper, I describe data in motion DLP system built using free and opensource software components. The developed project effectiveness was checked within classic format \"Capture The Flag\" competitions.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"38 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125819019","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Hartley's test ranked opcodes for Android malware analysis Hartley的测试对Android恶意软件分析的操作码进行了排序
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2801037
Meenu Mary John, P. Vinod, K. Dhanya
{"title":"Hartley's test ranked opcodes for Android malware analysis","authors":"Meenu Mary John, P. Vinod, K. Dhanya","doi":"10.1145/2799979.2801037","DOIUrl":"https://doi.org/10.1145/2799979.2801037","url":null,"abstract":"The popularity and openness of Android platform encourage malware authors to penetrate various market places with malicious applications. As a result, malware detection has become a critical topic in security. Currently signature-based system is able to detect malware only if it is properly documented. This reveals the need to find new malware detection techniques. In our framework, a statistical technique for Android malware detection using opcodes extracted from various applications is proposed. This technique is evaluated against malware apk samples from contagio dataset and benign apk samples from various markets. The prominent features that result in reduced misclassification rates are determined using Hartley's test.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131559605","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
SQL-IDS: evaluation of SQLi attack detection and classification based on machine learning techniques SQL-IDS:基于机器学习技术的sql攻击检测和分类评估
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2800011
Naghmeh Moradpoor Sheykhkanloo
{"title":"SQL-IDS: evaluation of SQLi attack detection and classification based on machine learning techniques","authors":"Naghmeh Moradpoor Sheykhkanloo","doi":"10.1145/2799979.2800011","DOIUrl":"https://doi.org/10.1145/2799979.2800011","url":null,"abstract":"Structured Query Language injection (SQLi) attack is a code injection technique where malicious SQL statements are inserted into a given SQL database by simply using a web browser. Injected SQL commands can alter the database and thus compromise the security of a web application. In our previous work, we proposed an effective pattern recognition Neural Network (NN) model for detection and classification of the SQLi attacks. Our proposed model was built from: a Uniform Resource Locator (URL) generator, a URL classifier, and a NN model. The URL generator was implemented in order to generate thousands of malicious and benign URLs. The URL classifier was employed in order to identify each URL, which was generated by the URL generator, as either a benign URL or a malicious URL. The URL classifier also pigeonholed the malicious URLs into seven popular SQLi attack categories. The NN model includes n hidden layers with x input and y output nodes where the benign and malicious URLs were employed for training, validating, and testing phases. Addressing our previous captured results, our proposed pattern recognition NN model for the detection and classification of the SQLi attacks demonstrated a good performance in terms of accuracy, true-positive rate, and false-positive rate. In this paper, we stress test our previous proposal in order to prove the effectiveness of our proposed approach.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115376456","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 19
Approbation of the methodology for web monitoring of terrorism- and extremism-related content 批准对与恐怖主义和极端主义有关的内容进行网络监控的方法
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2800031
E. N. Alexandrovna, Evstifeeva Olga Urievna
{"title":"Approbation of the methodology for web monitoring of terrorism- and extremism-related content","authors":"E. N. Alexandrovna, Evstifeeva Olga Urievna","doi":"10.1145/2799979.2800031","DOIUrl":"https://doi.org/10.1145/2799979.2800031","url":null,"abstract":"This article focuses on the ongoing challenge of countering the use of the Internet by terrorist and extremist organizations. The article considers, in particular, the methodology of the Web content monitoring that aims to address the above issue as well as the first results obtained during its approbation at the Chair of Financial Monitoring of the NRNU MEPHI. The prospects for the utilization of the results are also provided.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"29 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115586799","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Execution of data-dependent programs over encrypted data 在加密数据上执行依赖数据的程序
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2800010
Philipp Burtyka, O. Makarevich
{"title":"Execution of data-dependent programs over encrypted data","authors":"Philipp Burtyka, O. Makarevich","doi":"10.1145/2799979.2800010","DOIUrl":"https://doi.org/10.1145/2799979.2800010","url":null,"abstract":"Fully homomorphic encryption (FHE) is a tool of key importance to organize computations over encrypted data. But its misuse leads to privacy violation in spite of the encryption security. To use FHE correctly in applications one needs to solve a number of rather sophisticated problems. This paper considers delegation of programs evaluation over encrypted data to the untrusted server in the case when algorithms for evaluation are public. The main question in this case is how to organize computations in such a way that their structures don't reveal any information about the encrypted data. This information is called data-dependence. The aim of the study is to construct such protocols for interaction with untrusted server that don't allow it accurately determine the relationship between the amount of computations and the encrypted data. The known solutions to the problem are briefly reviewed, analyzed and their disadvantages are shown. Then we present our three protocols for secure computations. The first protocol solves the problem by hiding the exact number of steps from untrusted server. This is achieved by intentional delay of feedback from the client and without any transformation of the evaluated program. The second protocol simplifies client actions, allowing computation to be fully self-contained. It requires only two communications between the client and server while ensuring the final result achievement and keeping the perfect secrecy. But it significantly increases the amount of computations that server must perform, namely for any input data server carries out the greatest possible number of steps. And third protocol involves the functional encryption. It allows getting final result of computations surely in two interactions between client and server, while not overloading the server too much. Such a protocol is well suited even for computations with worst-case exponential complexity.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"98 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121464131","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Designing a context-aware cyber physical system for detecting security threats in motor vehicles 设计一个环境感知的网络物理系统,用于检测机动车辆中的安全威胁
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2800029
Andrei V. Petrovski, Prapa Rattadilok, Sergey Petrovski
{"title":"Designing a context-aware cyber physical system for detecting security threats in motor vehicles","authors":"Andrei V. Petrovski, Prapa Rattadilok, Sergey Petrovski","doi":"10.1145/2799979.2800029","DOIUrl":"https://doi.org/10.1145/2799979.2800029","url":null,"abstract":"An adaptive multi-tiered framework, which can be utilised for designing a context-aware cyber physical system is proposed in the paper and is applied within the context of providing data availability by monitoring electromagnetic interference. The adaptability is achieved through the combined use of statistical analysis and computational intelligence techniques. The proposed framework has the generality to be applied across a wide range of problem domains requiring processing, analysis and interpretation of data obtained from heterogeneous resources.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"134 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121122519","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Mathematical modelling of cryptosystems based on Diophantine problem with gamma superposition method 基于丢番图问题的伽玛叠加密码系统数学建模
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2800026
V. Osipyan
{"title":"Mathematical modelling of cryptosystems based on Diophantine problem with gamma superposition method","authors":"V. Osipyan","doi":"10.1145/2799979.2800026","DOIUrl":"https://doi.org/10.1145/2799979.2800026","url":null,"abstract":"The mathematical model of cryptosystem based on the method of gamma superposition, in which the algorithm of the inverse transformation of the closed text is reduced to the impossibility of problem solution is developed. The multiplicative knapsack task is generalized and the problem of working out of alphabetic cryptosystems mathematical models is considered. The mathematical models of such cryptosystems are offered in the article. The investigation is based on the C. Shannon, who considered, that cryptosystems containing Diophantine difficulties, possesses the greatest uncertainty of key selection process. Necessary and suffitient conditions at which generalized multiplicative knapsack is injective on Zp, p . 2, are established. The problem of building the isomorphic additive and multiplicative knapsacks is also considered.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"10 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114900208","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Dynamic response recognition by neural network to detect network host anomaly activity 采用神经网络动态响应识别技术检测网络主机异常活动
Proceedings of the 8th International Conference on Security of Information and Networks Pub Date : 2015-09-08 DOI: 10.1145/2799979.2799991
V. Eliseev, Y. Shabalin
{"title":"Dynamic response recognition by neural network to detect network host anomaly activity","authors":"V. Eliseev, Y. Shabalin","doi":"10.1145/2799979.2799991","DOIUrl":"https://doi.org/10.1145/2799979.2799991","url":null,"abstract":"A problem of anomaly behavior detection for network communicating computer is discussed. A novel approach based on dynamic response of computer is introduced. The computer is suggested as a multiple-input multiple-output (MIMO) plant. To characterize dynamic response of the computer on incoming requests a correlation between input data rate and observed output response (outgoing data rate and performance metrics) is used. To distinguish normal and anomaly behavior of the computer a one-class classifier based on feedforward neural network is constructed. In the paper a method of anomaly detection is described and results of model experiments with Web-server are provided.","PeriodicalId":293190,"journal":{"name":"Proceedings of the 8th International Conference on Security of Information and Networks","volume":"127 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2015-09-08","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124221005","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信