发布求助
文献互助 智能选刊 最新文献

2006 IEEE Information Assurance Workshop最新文献

筛选
英文 中文
A Control Theoretical Approach for Flow Control to Mitigate Bandwidth Attacks 一种缓解带宽攻击的流量控制理论方法
2006 IEEE Information Assurance Workshop Pub Date : 2006-06-21 DOI: 10.1109/IAW.2006.1652116
Sui Song, C. Manikopoulos
{"title":"A Control Theoretical Approach for Flow Control to Mitigate Bandwidth Attacks","authors":"Sui Song, C. Manikopoulos","doi":"10.1109/IAW.2006.1652116","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652116","url":null,"abstract":"Flooding-based distributed denial-of-service (DoS) attack presents a very serious threat to the stability of the Internet. However, current intrusion detection is unreliable and may have high false-positives. Rate-limiting is a better-suited response than complete filtering. Filtering out all the traffic to the victim would greatly damage misclassified flows, whereas rate-limiting still allows some packets to reach the destination and thus keeps connection alive. Allowing some attack packets through is acceptable, since the attack's overall impact depends on the volume of the attack packets. Moreover, if the flow-rate of low-priority is reduced, the high-priority flow would get more chances to access the server they share, which eventually reduce the congestion and improve the throughput of the high-priority flow. Based on tie concept of flow aggregation management architecture (Sui Song, et al., April 2006), we present a flow-based congestion control (FCC) architecture that consists of a flow-based quality-of-service (FQoS) regulator and PID controller. The whole system adopts a control-theoretic approach to adjust the traffic rate of every link (or server) so as to maintain the traffic rates at their desired level. In order to provide more fine-grained differentiated services (or flows) with different weight and maximally limit malicious services (or flows), we propose multilevel packet classification structure. Moreover, in order maximally to block flooding, the flow-based network intrusion detection (Sui Song, et al., April 2006) is used to classify each flow in the network into different priority classes and give different treatment to the flow-rates belonging to different classes. The architecture is shown to be highly flexible service differentiation and robust against different types of flooding attacks, and traditional network traffic control can be implemented using one common framework. This system has been evaluated by using simulated test-bed data. Results showed the success that the system mitigates bandwidth flooding attacks","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"220 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131611622","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Analysis and Defensive Tools for Social-Engineering Attacks on Computer Systems 计算机系统社会工程攻击的分析与防御工具
2006 IEEE Information Assurance Workshop Pub Date : 2006-06-21 DOI: 10.1109/IAW.2006.1652125
L. Laribee, D.S. Barnes, N. Rowe, C.H. Martell
{"title":"Analysis and Defensive Tools for Social-Engineering Attacks on Computer Systems","authors":"L. Laribee, D.S. Barnes, N. Rowe, C.H. Martell","doi":"10.1109/IAW.2006.1652125","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652125","url":null,"abstract":"The weakest link in an information-security chain is often the user because people can be manipulated. Attacking computer systems with information gained from social interactions is one form of social engineering (K. Mitnick, et al. 2002). It can be much easier to do than targeting the complex technological protections of systems (J. McDermott, Social engineering - the weakest link in information security). In an effort to formalize social engineering for cyberspace, we are building models of trust and attack. Models help in understanding the bewildering number of different tactics that can be employed. Social engineering attacks can be complex with multiple ploys and targets; our models function as subroutines that are called multiple times to accomplish attack goals in a coordinated plan. Models enable us to infer good countermeasures to social engineering","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132383175","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 20
Automatically Building an Information-Security Vulnerability Database 自动建立信息安全漏洞数据库
2006 IEEE Information Assurance Workshop Pub Date : 2006-06-21 DOI: 10.1109/IAW.2006.1652119
A. D. Arnold, B. M. Hyla, N. Rowe
{"title":"Automatically Building an Information-Security Vulnerability Database","authors":"A. D. Arnold, B. M. Hyla, N. Rowe","doi":"10.1109/IAW.2006.1652119","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652119","url":null,"abstract":"Our goal was to collect data from the myriad computer vulnerability notices that exist on the World Wide Web and to mine it for interesting information and patterns. Surprisingly, no single database currently brings together all the various kinds of data from the vulnerability sites. Of particular interest to us was author and discoverer information since this provides valuable information about who is active in information security and occasionally might indicate the authors of exploits; current databases do not connect this to other relevant information. We found that the searchable parameters of the existing vulnerability databases were limited and inconsistent. Consequently, it is very difficult to get complete information about computer vulnerabilities by searching Web sites. Our approach was to bring together this information into a composite database. We did automated data collection from the existing Web vulnerability databases by creating Web bots that traversed Web sites and retrieved selected information from them, then imported the collected Web data into a relational database. A browser provides Web-based access to this database. (J. Steffan, et al., March 2002) and (R. Iyer, et al., Oct. 2003) shows how such information can be used to build models of attacks in the form of graphs, trees, and finite-state machines, and thereby develop methods for system protection","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114286103","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 9
Post-Quantum Diffie-Hellman and Symmetric Key Exchange Protocols 后量子Diffie-Hellman和对称密钥交换协议
2006 IEEE Information Assurance Workshop Pub Date : 2006-06-21 DOI: 10.1109/IAW.2006.1652122
Xiangdong Li, L. Leung, A. Kwan, Xiaowen Zhang, D. Kahanda, M. Anshel
{"title":"Post-Quantum Diffie-Hellman and Symmetric Key Exchange Protocols","authors":"Xiangdong Li, L. Leung, A. Kwan, Xiaowen Zhang, D. Kahanda, M. Anshel","doi":"10.1109/IAW.2006.1652122","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652122","url":null,"abstract":"If an eavesdropper Eve is equipped with quantum computers, she can easily break the public key exchange protocols used today. In this paper we discuss the post-quantum Diffie-Hellman key exchange and private key exchange protocols","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123596912","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Effects of Denial of Sleep Attacks on Wireless Sensor Network MAC Protocols 拒绝睡眠攻击对无线传感器网络MAC协议的影响
2006 IEEE Information Assurance Workshop Pub Date : 2006-06-21 DOI: 10.1109/IAW.2006.1652109
David Raymond, Randy Marchany, M. Brownfield, Scott Midkiff
{"title":"Effects of Denial of Sleep Attacks on Wireless Sensor Network MAC Protocols","authors":"David Raymond, Randy Marchany, M. Brownfield, Scott Midkiff","doi":"10.1109/IAW.2006.1652109","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652109","url":null,"abstract":"As wireless platforms get less expensive and more powerful, the promise of wide-spread use for everything from health monitoring to military sensing continues to increase. Like other networks, sensor networks are vulnerable to malicious attack, however, the hardware simplicity of these devices makes defense mechanisms designed for traditional networks infeasible. This paper explores the denial-of-sleep attack, in which a sensor node's power supply is targeted. Attacks of this type can reduce sensor lifetime from years to days and have a devastating impact on a sensor network. This paper classifies sensor network denial-of-sleep attacks in terms of an attacker's knowledge of the MAC layer protocol and ability to bypass authentication and encryption protocols. Attacks from each classification are then modeled to show the impacts on three sensor network MAC protocols: S-MAC, T-MAC, and G-MAC. A framework for preventing denial-of-sleep attacks in sensor networks is also introduced. With full protocol knowledge and an ability to penetrate link-layer encryption, all wireless sensor network MAC protocols are susceptible to a full domination attack which reduces network lifetime to the minimum possible by maximizing the power consumption of the nodes' radio subsystem. Even without the ability to penetrate encryption, subtle attacks can be launched that reduce network lifetime by orders of magnitude. If sensor networks are to live up to current expectations, they must be robust in the face of network attacks, to include denial-of-sleep","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"72 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"121826295","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 24
Embedding Forensic Capabilities into Networks: Addressing Inefficiencies in Digital Forensics Investigations 将取证能力嵌入网络:解决数字取证调查中的低效率问题
2006 IEEE Information Assurance Workshop Pub Date : 2006-06-21 DOI: 10.1109/IAW.2006.1652087
Barbara E. Endicott-Popovsky, D. Frincke
{"title":"Embedding Forensic Capabilities into Networks: Addressing Inefficiencies in Digital Forensics Investigations","authors":"Barbara E. Endicott-Popovsky, D. Frincke","doi":"10.1109/IAW.2006.1652087","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652087","url":null,"abstract":"When incident responders collect network forensic data, they must often decide between expending resources collecting forensically sound data, and restoring the network as quickly as possible. Organizational network forensic readiness has emerged as a discipline to support these choices, with suggested checklists, procedures and tools. This paper proposes a life cycle methodology for \"operationalizing\" organizational network forensic readiness. The methodology, and the theoretical analysis that led to its development, are offered as a conceptual framework for creating more efficient, proactive approaches to digital forensics on networks","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"82 6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126023279","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 27
Evaluation of Run-Time Detection of Self-Replication in Binary Executable Malware 二进制可执行恶意软件自复制运行时检测的评估
2006 IEEE Information Assurance Workshop Pub Date : 2006-06-21 DOI: 10.1109/IAW.2006.1652094
A. Volynkin, V. Skormin, D. Summerville, J. Moronski
{"title":"Evaluation of Run-Time Detection of Self-Replication in Binary Executable Malware","authors":"A. Volynkin, V. Skormin, D. Summerville, J. Moronski","doi":"10.1109/IAW.2006.1652094","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652094","url":null,"abstract":"This paper presents an overview and evaluation of a novel approach for proactive protection against both known and previously unknown self-replicating malicious software. Instead of deciphering and screening suspect code for signatures of known viruses the approach monitors the runtime behavior of binary compiled executable code by monitoring its system calls. The detection mechanism, which works from the perspective of the operating system, is based on identifying the unique self-replication behavior of executable malware via its system call sequences. Thus, the proposed approach provides a system that can detect self-replication attempts in malware without relying on the availability of a signature in a virus signature database and despite any level of encryption employed. An implementation of the proposed approach for Microsoft Windows operating system is described along with experimental results and a performance analysis","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122694264","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
A Dynamically Modified Privilege Control Policy 动态修改的权限控制策略
2006 IEEE Information Assurance Workshop Pub Date : 2006-06-21 DOI: 10.1109/IAW.2006.1652115
S. Qing, Qingni Shen, Qingguang Ji, Yeping He
{"title":"A Dynamically Modified Privilege Control Policy","authors":"S. Qing, Qingni Shen, Qingguang Ji, Yeping He","doi":"10.1109/IAW.2006.1652115","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652115","url":null,"abstract":"Trusted systems typically include trusted processes which possess special privileges. Such privileges can circumvent certain security checks but should be used in a controlled manner. This paper proposes a privilege control policy called DMPC (dynamically modified privilege control). It has two components: a hybrid privilege control model and a new POSIX (portable operating system interface) capability inheritance algorithm. The privilege control model in DMPC is a combination of role based access control (RBAC), domain and type enforcement (DTE) and POSIX capability mechanism while the capability inheritance algorithm serves as an engine to effectively enforce the hybrid privilege control model on a secure operating system. The DMPC's design has given a high priority to supporting least privilege to a finer level of granularity on trusted systems. Additional (sub-) goals for the DMPC policy are: realizing separation of duties among privileged users, achieving separation of trusted functions from untrusted ones and providing a flexible and dynamically mediated capability mechanism. We show that RBAC alone is insufficient to enforce the principle of least privilege in a dynamic context, and that DTE and POSIX capability mechanism can successfully be conjugated with RBAC for this purpose. We also describe an implementation of the DMPC policy on a real system and report on experimental results","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127580767","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
Visual Reverse Turing Tests: A False Sense of Security 视觉逆向图灵测试:一种虚假的安全感
2006 IEEE Information Assurance Workshop Pub Date : 2006-06-21 DOI: 10.1109/IAW.2006.1652110
M. Ponec
{"title":"Visual Reverse Turing Tests: A False Sense of Security","authors":"M. Ponec","doi":"10.1109/IAW.2006.1652110","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652110","url":null,"abstract":"Internet services are increasingly abused by malicious scripts that try to mimic human users. Reverse Turing tests are challenges used to differentiate humans from computers. Visual reverse Turing tests use visual challenges, such as distorted character recognition tasks, that are easily solved by humans, while remaining too hard for automatic scripts. We demonstrate that the computational and development cost of a script breaking through some currently deployed visual reverse Turing tests is low, thus making them ineffective in protecting these services. We present two case studies of successful attacks on character-based tests that are currently used to protect two public Web services. Our attacks utilize image processing techniques and also exploit flaws in the test deployment","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115233040","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Using Active Scanning to Identify Wireless NICs 使用主动扫描识别无线网卡
2006 IEEE Information Assurance Workshop Pub Date : 2006-06-21 DOI: 10.1109/IAW.2006.1652101
C. Corbett, R. Beyah, John A Copeland
{"title":"Using Active Scanning to Identify Wireless NICs","authors":"C. Corbett, R. Beyah, John A Copeland","doi":"10.1109/IAW.2006.1652101","DOIUrl":"https://doi.org/10.1109/IAW.2006.1652101","url":null,"abstract":"Computer networks have become increasingly ubiquitous. However, with the increase in networked applications, there has also been an increase in difficulty to manage and secure these networks. The proliferation of 802.11 wireless networks has heightened this problem by extending networks beyond physical boundaries. We propose the use of spectral analysis to identify the type of wireless network interface card (NIC). This mechanism can be applied to support the detection of unauthorized systems that use NICs which are different from that of a legitimate system. We focus on active scanning, a vaguely specified mechanism required by the 802.11 standard that is implemented in the hardware and software of the wireless NIC. We show that the implementation of this function influences the transmission patterns of a wireless stream that are observable through traffic analysis. Our mechanism for NIC identification uses signal processing to analyze the periodicity embedded in the wireless traffic caused by active scanning. A stable spectral profile is created from the periodic components of the traffic and used for the identity of the wireless NIC. We show that we can distinguish between NICs manufactured by different vendors using the spectral profile","PeriodicalId":326306,"journal":{"name":"2006 IEEE Information Assurance Workshop","volume":"4 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2006-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122210467","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 31
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信